ComboFix 09-05-16.05 - Crystal 05/17/2009 12:57.6 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.255.70 [GMT -4:00]
Running from: c:\documents and settings\Crystal\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Crystal\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Viewpoint
c:\program files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0306003B.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus\AOLTheme_InfiniteFlow79.mtx
c:\program files\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus\FLFBootStrap.mtx
.
((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.
2009-05-17 01:35 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-17 01:34 . 2009-05-17 01:59 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-17 01:34 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-17 01:34 . 2009-05-17 01:36 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-17 01:34 . 2008-12-10 16:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-17 01:34 . 2009-05-17 01:34 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-05-17 01:34 . 2009-05-17 01:34 -------- d-----w c:\documents and settings\Crystal\Application Data\PC Tools
2009-05-17 01:34 . 2009-05-17 02:42 -------- d-----w c:\program files\Spyware Doctor
2009-05-17 00:44 . 2009-05-17 00:44 -------- d-----w c:\documents and settings\Crystal\Application Data\Malwarebytes
2009-05-17 00:44 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-17 00:44 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-17 00:44 . 2009-05-17 00:44 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-17 00:44 . 2009-05-17 00:44 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-07 03:46 . 2009-05-07 03:46 -------- d-----w c:\windows\Cache
2009-05-07 03:46 . 2009-05-07 03:53 -------- d-----w c:\program files\Coupons
2009-05-04 16:09 . 2009-05-07 17:40 -------- d-----w C:\ASTROLOG
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 03:25 . 2009-02-20 02:47 -------- d-----w c:\program files\AOL 9.1
2009-04-08 05:14 . 2009-04-08 05:14 -------- d-----w c:\program files\Trend Micro
2009-04-07 17:01 . 2009-02-10 19:03 -------- d-----w c:\program files\KJClipper
2009-04-07 16:59 . 2009-02-20 02:47 -------- d-----w c:\program files\Common Files\aol
2009-03-12 08:04 . 2008-01-24 07:02 8224 ----a-w c:\documents and settings\Crystal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="c:\program files\Microsoft Money\System\reminder.exe" [1998-07-25 36352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 392832]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-09 1809648]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-07-29 131072]
"MCAgentExe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2002-09-07 192512]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\mcupdate.exe" [2002-09-04 151552]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2002-10-04 139264]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 155648]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-06 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-07-29 53248]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"HostManager"="c:\program files\Common Files\AOL\1235098084\ee\AOLSoftware.exe" [2007-05-25 42032]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-02-13 219136]
c:\documents and settings\Crystal\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-02 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-09 08:38 352256 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 7:03 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 7:03 PM 55024]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [1/22/2008 6:33 PM 23296]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 7:51 PM 4096]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/16/2009 9:34 PM 130936]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasAuto
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - sdAuxService
*Deregistered* - sdCoreService
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UMWdf
*Deregistered* - uploadmgr
*Deregistered* - upnphost
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WMDM PMSP Service
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder
2008-09-29 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21201207759.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 04:38]
2009-05-17 c:\windows\Tasks\McAfee.com Update Check (CMYSTIC-Crystal).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2008-01-22 18:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: aol.com\free
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 13:15
Windows 5.1.2600 Service Pack 1 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\System32\ODBC32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'lsass.exe'(752)
c:\windows\System32\dssenh.dll
- - - - - - - > 'explorer.exe'(2316)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\System32\ODBC32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\aol\acs\AOLacsd.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\windows\system32\bgsvcgen.exe
c:\windows\system32\CTsvcCDA.EXE
c:\progra~1\McAfee.com\VSO\mcvsrte.exe
c:\program files\Spyware Doctor\pctsAuxs.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2009-05-17 13:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-17 17:24
ComboFix2.txt 2009-05-17 14:38
Pre-Run: 48,586,317,824 bytes free
Post-Run: 48,881,545,216 bytes free
193
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.255.70 [GMT -4:00]
Running from: c:\documents and settings\Crystal\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Crystal\Desktop\CFScript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\Viewpoint
c:\program files\Viewpoint\Viewpoint Experience Technology\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\ComponentMgr_0306003B.dll
c:\program files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
c:\program files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
c:\program files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
c:\program files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
c:\program files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
c:\program files\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus\AOLTheme_InfiniteFlow79.mtx
c:\program files\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus\FLFBootStrap.mtx
.
((((((((((((((((((((((((( Files Created from 2009-04-17 to 2009-05-17 )))))))))))))))))))))))))))))))
.
2009-05-17 01:35 . 2008-12-11 12:38 159600 ----a-w c:\windows\system32\drivers\pctgntdi.sys
2009-05-17 01:34 . 2009-05-17 01:59 130936 ----a-w c:\windows\system32\drivers\PCTCore.sys
2009-05-17 01:34 . 2008-12-18 16:16 73840 ----a-w c:\windows\system32\drivers\PCTAppEvent.sys
2009-05-17 01:34 . 2009-05-17 01:36 -------- d-----w c:\program files\Common Files\PC Tools
2009-05-17 01:34 . 2008-12-10 16:36 64392 ----a-w c:\windows\system32\drivers\pctplsg.sys
2009-05-17 01:34 . 2009-05-17 01:34 -------- d-----w c:\documents and settings\All Users\Application Data\PC Tools
2009-05-17 01:34 . 2009-05-17 01:34 -------- d-----w c:\documents and settings\Crystal\Application Data\PC Tools
2009-05-17 01:34 . 2009-05-17 02:42 -------- d-----w c:\program files\Spyware Doctor
2009-05-17 00:44 . 2009-05-17 00:44 -------- d-----w c:\documents and settings\Crystal\Application Data\Malwarebytes
2009-05-17 00:44 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-17 00:44 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-17 00:44 . 2009-05-17 00:44 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-17 00:44 . 2009-05-17 00:44 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-07 03:46 . 2009-05-07 03:46 -------- d-----w c:\windows\Cache
2009-05-07 03:46 . 2009-05-07 03:53 -------- d-----w c:\program files\Coupons
2009-05-04 16:09 . 2009-05-07 17:40 -------- d-----w C:\ASTROLOG
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-09 03:25 . 2009-02-20 02:47 -------- d-----w c:\program files\AOL 9.1
2009-04-08 05:14 . 2009-04-08 05:14 -------- d-----w c:\program files\Trend Micro
2009-04-07 17:01 . 2009-02-10 19:03 -------- d-----w c:\program files\KJClipper
2009-04-07 16:59 . 2009-02-20 02:47 -------- d-----w c:\program files\Common Files\aol
2009-03-12 08:04 . 2008-01-24 07:02 8224 ----a-w c:\documents and settings\Crystal\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Reminder"="c:\program files\Microsoft Money\System\reminder.exe" [1998-07-25 36352]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-06-01 94208]
"EasyLinkAdvisor"="c:\program files\Linksys EasyLink Advisor\LinksysAgent.exe" [2006-10-30 392832]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-09 1809648]
"AOL Fast Start"="c:\program files\AOL 9.1\AOL.EXE" [2008-06-03 50528]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MMTray"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe" [2004-07-29 131072]
"MCAgentExe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2002-09-07 192512]
"MCUpdateExe"="c:\progra~1\McAfee.com\Agent\mcupdate.exe" [2002-09-04 151552]
"VirusScan Online"="c:\progra~1\mcafee.com\vso\mcvsshld.exe" [2002-10-04 139264]
"Microsoft Works Update Detection"="c:\program files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2001-08-17 28738]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-13 155648]
"WorksFUD"="c:\program files\Microsoft Works\wkfud.exe" [2001-10-06 24576]
"Microsoft Works Portfolio"="c:\program files\Microsoft Works\WksSb.exe" [2001-08-23 331830]
"mmtask"="c:\program files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe" [2004-07-29 53248]
"diagent"="c:\program files\Creative\SBLive\Diagnostics\diagent.exe" [2002-04-03 135264]
"AVG7_CC"="c:\progra~1\Grisoft\AVG7\avgcc.exe" [2008-10-17 590848]
"HostManager"="c:\program files\Common Files\AOL\1235098084\ee\AOLSoftware.exe" [2007-05-25 42032]
"ISTray"="c:\program files\Spyware Doctor\pctsTray.exe" [2008-12-08 1173384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="c:\progra~1\Grisoft\AVG7\avgw.exe" [2008-02-13 219136]
c:\documents and settings\Crystal\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-09-02 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-09 08:38 352256 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.DLL
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2/29/2008 7:03 PM 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/29/2008 7:03 PM 55024]
R3 NaiFiltr;NaiFiltr;c:\windows\system32\drivers\NaiFiltr.sys [1/22/2008 6:33 PM 23296]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 7:51 PM 4096]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [5/16/2009 9:34 PM 130936]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - PolicyAgent
*Deregistered* - ProtectedStorage
*Deregistered* - RasAuto
*Deregistered* - RasMan
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - Schedule
*Deregistered* - sdAuxService
*Deregistered* - sdCoreService
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - Spooler
*Deregistered* - srservice
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - TapiSrv
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - UMWdf
*Deregistered* - uploadmgr
*Deregistered* - upnphost
*Deregistered* - W32Time
*Deregistered* - WebClient
*Deregistered* - winmgmt
*Deregistered* - WMDM PMSP Service
*Deregistered* - wuauserv
*Deregistered* - WZCSVC
.
Contents of the 'Scheduled Tasks' folder
2008-09-29 c:\windows\Tasks\FRU Task 2002-12-03 04:38ewlett-Packard2002-12-03 04:38p psc 1200 series84887B468ABA3F57D76752217D5938688025EB21201207759.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2002-12-03 04:38]
2009-05-17 c:\windows\Tasks\McAfee.com Update Check (CMYSTIC-Crystal).job
- c:\progra~1\McAfee.com\Agent\mcupdate.exe [2008-01-22 18:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.myspace.com/
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = 127.0.0.1
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
Trusted Zone: aol.com\free
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath -
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-17 13:15
Windows 5.1.2600 Service Pack 1 NTFS
detected NTDLL code modification:
ZwClose
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(696)
c:\windows\System32\ODBC32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
- - - - - - - > 'lsass.exe'(752)
c:\windows\System32\dssenh.dll
- - - - - - - > 'explorer.exe'(2316)
c:\program files\Spyware Doctor\pctgmhk.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchTrayHook.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO800u.dll
c:\windows\System32\ODBC32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\aol\acs\AOLacsd.exe
c:\progra~1\Grisoft\AVG7\avgamsvr.exe
c:\progra~1\Grisoft\AVG7\avgupsvc.exe
c:\progra~1\Grisoft\AVG7\avgemc.exe
c:\windows\system32\bgsvcgen.exe
c:\windows\system32\CTsvcCDA.EXE
c:\progra~1\McAfee.com\VSO\mcvsrte.exe
c:\program files\Spyware Doctor\pctsAuxs.exe
c:\program files\Spyware Doctor\pctsSvc.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\MsPMSPSv.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\AOL 9.1\waol.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\AOL 9.1\shellmon.exe
.
**************************************************************************
.
Completion time: 2009-05-17 13:24 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-17 17:24
ComboFix2.txt 2009-05-17 14:38
Pre-Run: 48,586,317,824 bytes free
Post-Run: 48,881,545,216 bytes free
193