ComboFix 09-10-20.03 - user 10/21/2009 18:09.8.1 - NTFSx86
Running from: c:\documents and settings\user\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\user\Desktop\CFScript..txt
.
((((((((((((((((((((((((( Files Created from 2009-09-21 to 2009-10-21 )))))))))))))))))))))))))))))))
.
2009-10-18 07:25 . 2009-10-18 07:25 -------- d-----w- C:\0838201a89dcf32945
2009-10-18 07:24 . 2009-10-18 07:47 -------- d-----w- C:\07f8d7f905cfd708ef591972759c48cd
2009-10-18 07:21 . 2009-10-18 07:21 -------- d-sh--w- c:\documents and settings\user\IECompatCache
2009-10-18 07:21 . 2009-10-18 07:21 -------- d-sh--w- c:\documents and settings\user\PrivacIE
2009-10-18 07:18 . 2009-10-18 07:18 -------- d-sh--w- c:\documents and settings\user\IETldCache
2009-10-18 07:10 . 2009-08-29 08:08 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-10-18 07:10 . 2009-08-29 08:08 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-10-18 07:10 . 2009-10-19 05:00 -------- d-----w- c:\windows\ie8updates
2009-10-18 07:10 . 2009-08-07 08:48 100352 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-10-18 07:02 . 2009-10-18 07:09 -------- dc-h--w- c:\windows\ie8
2009-10-18 06:30 . 2009-06-21 21:44 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-10-18 06:24 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-10-18 03:40 . 2009-10-17 23:46 102664 ----a-w- c:\windows\system32\drivers\tmcomm.sys
2009-10-17 23:46 . 2009-10-19 04:41 -------- d-----w- c:\documents and settings\user\.housecall6.6
2009-10-15 02:07 . 2009-10-15 02:07 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2009-10-15 02:05 . 2009-10-15 02:05 -------- d-----w- c:\windows\ERUNT
2009-10-15 02:01 . 2009-10-15 02:17 -------- d-----w- C:\SDFix
2009-10-14 22:50 . 2009-10-14 22:50 -------- d-----w- c:\documents and settings\user\Application Data\Malwarebytes
2009-10-14 22:50 . 2009-09-10 19:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-14 22:50 . 2009-10-14 22:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-14 22:50 . 2009-09-10 19:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-14 22:50 . 2009-10-14 22:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-14 07:25 . 2009-10-14 07:25 -------- d-----w- c:\windows\srchasst
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-18 02:16 . 2009-02-16 15:01 -------- d-----w- c:\program files\Java
2009-10-14 20:29 . 2009-08-25 18:03 -------- d-----w- c:\program files\McAfee
2009-10-14 08:54 . 2009-08-24 06:25 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-10-14 08:21 . 2008-10-01 20:21 -------- d-----w- c:\program files\dl_Cats
2009-10-11 06:05 . 2009-08-24 18:55 664 ----a-w- c:\documents and settings\user\Local Settings\Application Data\d3d9caps.dat
2009-09-11 14:18 . 2004-08-04 10:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-05 04:24 . 2009-09-05 04:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PopCap
2009-09-04 21:03 . 2004-08-04 10:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 07:47 . 2009-09-03 07:47 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-29 08:08 . 2006-03-04 03:33 916480 ------w- c:\windows\system32\wininet.dll
2009-08-27 01:48 . 2009-08-27 01:48 68256 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-26 21:46 . 2009-08-27 03:34 3185678 ----a-w- C:\ComboFix.exe
2009-08-26 08:00 . 2004-08-04 10:00 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 20:38 . 2009-08-25 17:32 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2009-08-25 18:07 . 2009-08-25 18:04 -------- d-----w- c:\program files\Common Files\McAfee
2009-08-25 18:05 . 2009-08-25 18:03 -------- d-----w- c:\program files\McAfee.com
2009-08-25 04:55 . 2009-08-25 04:55 -------- d-----w- c:\documents and settings\user\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-08-24 20:59 . 2009-08-24 20:59 -------- d-----w- c:\program files\Trend Micro
2009-08-24 13:38 . 2009-08-24 13:28 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-24 13:24 . 2009-08-24 18:06 812344 ----a-w- C:\HJTInstall.exe
2009-08-24 13:10 . 2009-08-24 13:11 389120 ----a-w- c:\windows\system32\CF17216.exe
2009-08-24 06:25 . 2009-08-24 06:25 -------- d-----w- c:\documents and settings\user\Application Data\SUPERAntiSpyware.com
2009-08-24 05:59 . 2009-08-24 05:59 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-08-23 00:03 . 2008-07-17 16:01 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-05 09:01 . 2004-08-04 10:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-05 01:44 . 2005-03-30 01:23 2189184 ------w- c:\windows\system32\ntoskrnl.exe
2009-08-04 14:20 . 2005-03-30 01:01 2066048 ------w- c:\windows\system32\ntkrnlpa.exe
2009-07-31 20:23 . 2009-02-16 15:01 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-29 04:37 . 2004-08-04 10:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:37 . 2004-08-04 10:00 119808 ----a-w- c:\windows\system32\t2embed.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Google Update"="c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-09 133104]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\11d9db9c-3f06-4cd2-938f-dc7c338b093b.exe" [2009-08-05 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-11-11 344064]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-11-20 77824]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"DLBUCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll" [2007-02-12 73728]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 17:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\dlbucoms.exe"=
R2 0092171255552200mcinstcleanup;McAfee Application Installer Cleanup (0092171255552200);c:\windows\TEMP\009217~1.EXE [x]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-08-05 7408]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2009-08-05 9968]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.sys [2009-08-05 74480]
S3 OZSCR;O2Micro SmartCardBus Smartcard Reader;c:\windows\system32\DRIVERS\ozscr.sys [2008-01-17 92550]
.
Contents of the 'Scheduled Tasks' folder
2009-09-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-688789844-1343024091-1004Core.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-09 20:21]
2009-10-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-688789844-1343024091-1004UA.job
- c:\documents and settings\user\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-09 20:21]
2009-10-18 c:\windows\Tasks\User_Feed_Synchronization-{089CE16D-8AB0-4B2A-A55B-2690FC67855D}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.google.com/uInternet Connection Wizard,ShellNext = iexplore
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\user\Start Menu\Programs\IMVU\Run IMVU.lnk
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2009-10-21 18:16
Windows 5.1.2600 Service Pack 3 NTFS
scanning hȋdden processes ...
scanning hȋdden autostart entries ...
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLBUCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLBUtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????
scanning hȋdden files ...
scan completed successfully
hȋdden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"Installed"="1"
"NoChange"="1"
@=""
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
- - - - - - - > 'explorer.exe'(3140)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.3053_x-ww_b80fa8ca\MSVCR80.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-10-21 18:22
ComboFix-quarantined-files.txt 2009-10-21 23:21
ComboFix2.txt 2009-10-21 17:41
ComboFix3.txt 2009-10-20 18:23
ComboFix4.txt 2009-10-16 02:49
ComboFix5.txt 2009-10-21 23:06
Pre-Run: 9,590,427,648 bytes free
Post-Run: 9,557,635,072 bytes free
- - End Of File - - 9D4DFEA755E0B1369E62BEE540F99B4C