ComboFix 11-04-27.01 - me 04/27/2011 18:07:54.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2039.1428 [GMT -5:00]
Running from: c:\documents and settings\me\My Documents\Downloads\ComboFix.exe
AV: AntiVir Desktop *Disabled/Outdated* {AD166499-45F9-482A-A743-FDD3350758C7}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-03-27 to 2011-04-27 )))))))))))))))))))))))))))))))
.
.
2011-04-25 23:12 . 2011-04-25 23:12 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-04-25 23:12 . 2011-04-25 23:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-04-22 08:02 . 2011-04-22 08:02 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth
2011-04-20 02:37 . 2011-04-20 02:37 -------- d-----w- C:\14dace630b82647cdd975590b7
2011-04-20 02:37 . 2011-04-26 22:04 -------- d-----w- C:\b3a3b567ab7eba4fd3de8419
2011-04-20 02:03 . 2011-04-26 22:04 -------- d-----w- C:\1fe2c36a7917d339c4576b69877b72fb
2011-04-19 05:20 . 2011-04-26 22:04 -------- d-----w- C:\ffd6dd91b32120b1d87ecfb76acd9933
2011-04-19 05:17 . 2011-04-26 22:04 -------- d-----w- C:\63d8168b5884fe3e82fe3fce
2011-04-19 05:14 . 2011-04-26 22:04 -------- d-----w- C:\6e25c6a2c747beea0c51e3bc694cb7
2011-04-19 05:12 . 2011-04-26 22:04 -------- d-----w- C:\0f89fabcea26b0c6475df1182c00db1c
2011-04-19 05:09 . 2011-04-26 22:04 -------- d-----w- C:\ddaa5eee2c130497389932f48b21
2011-04-19 05:06 . 2011-04-26 22:04 -------- d-----w- C:\e89798c29aad5160f2
2011-04-19 05:03 . 2011-04-26 22:04 -------- d-----w- C:\d42f159f563e67c7ba1a6ce178
2011-04-19 05:01 . 2011-04-26 22:04 -------- d-----w- C:\7f435dc948fb0c8f86735d71f061a715
2011-04-19 04:58 . 2011-04-26 22:04 -------- d-----w- C:\97a7f47e877eed2a622c2f9f841dfb52
2011-04-19 04:55 . 2011-04-26 22:04 -------- d-----w- C:\9dc0ade4841dcbe9f8526a48ee3b
2011-04-19 04:48 . 2011-04-26 22:04 -------- d-----w- C:\095849471043e04d044d
2011-04-18 20:41 . 2011-04-26 22:04 -------- d-----w- C:\03dc01b84f0da87c2cebadf1
2011-04-18 20:29 . 2011-04-26 22:04 -------- d-----w- C:\65598fed9bc96a0b2ddf027c4dd1
2011-04-18 20:19 . 2011-04-26 22:04 -------- d-----w- C:\d6ae3ec4a5323e73d661595cce095c
2011-04-18 20:06 . 2011-04-26 22:04 -------- d-----w- C:\17242b51610169c8868663cbad69166a
2011-04-18 20:03 . 2011-04-26 22:04 -------- d-----w- C:\a0be5dfa1ef95b36f5
2011-04-18 20:00 . 2011-04-26 22:04 -------- d-----w- C:\bfece46c5cbf2a4d0ba7cfc9f420530c
2011-04-18 19:57 . 2011-04-26 22:04 -------- d-----w- C:\59e9f0a5776b277c5eb2
2011-04-18 19:54 . 2011-04-26 22:04 -------- d-----w- C:\368f9b4553d46d9b2acbfd3aaa7a13
2011-04-18 19:51 . 2011-04-26 22:04 -------- d-----w- C:\ae8b8382d302da65fd730bb6800be5
2011-04-18 19:47 . 2011-04-26 22:04 -------- d-----w- C:\d91af62ed3dbc3b24977
2011-04-18 19:44 . 2011-04-26 22:04 -------- d-----w- C:\e24831b7c14367d5af4d82
2011-04-18 19:41 . 2011-04-26 22:04 -------- d-----w- C:\98fcefbcf5610d1b38
2011-04-18 19:38 . 2011-04-26 22:04 -------- d-----w- C:\50d9f2d0769f4b914c
2011-04-18 19:34 . 2011-04-26 22:04 -------- d-----w- C:\b0585aab8f7b088876
2011-04-18 19:05 . 2011-04-26 22:04 -------- d-----w- C:\7346a433fd0c215460b2ac5b
2011-04-18 19:01 . 2011-04-26 22:04 -------- d-----w- C:\2964bb0c7095b83a14fd
2011-04-18 18:55 . 2011-04-26 22:04 -------- d-----w- C:\0562549248cd10bf708778a95f2a
2011-04-18 18:45 . 2011-04-26 22:04 -------- d-----w- C:\6ba10d89dd417363fa71fe25
2011-04-18 18:38 . 2011-04-26 22:04 -------- d-----w- C:\7ff9c6edffa995db27c328e09db050ec
2011-04-18 18:35 . 2011-04-26 22:04 -------- d-----w- C:\1733cd31acfe8792cb7fa7f5ac979442
2011-04-18 18:21 . 2011-04-26 22:04 -------- d-----w- C:\5db385e6b5b76e822d8ea60275ce
2011-04-18 18:15 . 2011-04-26 22:04 -------- d-----w- C:\e381c647c6b892c665423237
2011-04-18 18:12 . 2011-04-26 22:04 -------- d-----w- C:\80a97caefc8cdfc86f
2011-04-18 18:05 . 2011-04-26 22:04 -------- d-----w- C:\93bd5364bfb372115ba54216
2011-04-18 18:02 . 2011-04-26 22:04 -------- d-----w- C:\d9a96b92036d0e253dbb
2011-04-18 17:55 . 2011-04-26 22:04 -------- d-----w- C:\1e071dbe07192d97e004e1a4ae2b8d
2011-04-18 17:49 . 2011-04-26 22:04 -------- d-----w- C:\a5d5ab2d8eb533e06d20d266e24a
2011-04-18 17:39 . 2011-04-26 22:04 -------- d-----w- C:\b5a53de0351716610fe53876db18
2011-04-18 17:36 . 2011-04-26 22:04 -------- d-----w- C:\12f24e1497b7b8a94e96f4
2011-04-18 17:33 . 2011-04-26 22:04 -------- d-----w- C:\81b1cec5a7f874e014a1
2011-04-18 16:59 . 2011-04-26 22:04 -------- d-----w- C:\1ee46aca4c66c322055e68b05cd424
2011-04-18 16:47 . 2011-04-26 22:04 -------- d-----w- C:\fc909a11ff9eeb8bcba34f3d4b
2011-04-18 16:44 . 2011-04-26 22:04 -------- d-----w- C:\86c763c2401c9e3dd43d25f5ef2679
2011-04-18 16:40 . 2011-04-26 22:04 -------- d-----w- C:\d2cb4a4a0bdf722f853be7
2011-04-18 16:37 . 2011-04-26 22:04 -------- d-----w- C:\fb385d5d406b23a195e2070e
2011-04-18 16:34 . 2011-04-26 22:04 -------- d-----w- C:\47bc3eb624cbfac3264462db47dd54b9
2011-04-18 16:31 . 2011-04-26 22:04 -------- d-----w- C:\e56bc008d8957e28ccf50a931947
2011-04-18 16:22 . 2011-04-26 22:04 -------- d-----w- C:\41c896d886be1d753357
2011-04-18 16:10 . 2011-04-26 22:04 -------- d-----w- C:\7d75e6954819751fc3c0400a1cda
2011-04-18 15:54 . 2011-04-26 22:04 -------- d-----w- C:\838c4a531097c39fdbae9691
2011-04-18 15:45 . 2011-04-26 22:04 -------- d-----w- C:\e09b6e57101c8f8e19
2011-04-18 15:42 . 2011-04-26 22:04 -------- d-----w- C:\2ecd9bb833ebc8d18349af0bce436c
2011-04-18 15:39 . 2011-04-26 22:04 -------- d-----w- C:\6fa2e647849af12a22c49df8d40bfa16
2011-04-18 15:36 . 2011-04-26 22:04 -------- d-----w- C:\e37de0715eca09d95e44e571
2011-04-18 15:33 . 2011-04-26 22:04 -------- d-----w- C:\8bf4b5fe824d05e1dc6f7e31
2011-04-18 15:30 . 2011-04-26 22:04 -------- d-----w- C:\55c5a2c0da7b1132c5ff57abfab1
2011-04-18 15:17 . 2011-04-26 22:04 -------- d-----w- C:\022224af1c8fcae92845b2
2011-04-18 15:02 . 2011-04-26 22:04 -------- d-----w- C:\e5087b743141d68719c066b3fee2
2011-04-18 14:50 . 2011-04-26 22:04 -------- d-----w- C:\0789d68d87794f050c982951baad5646
2011-04-18 14:46 . 2011-04-26 22:04 -------- d-----w- C:\0d3243fd6f6ed9ce1ae5fa372876
2011-04-18 14:43 . 2011-04-26 22:04 -------- d-----w- C:\c862a890e5044153f6
2011-04-18 14:40 . 2011-04-26 22:04 -------- d-----w- C:\30802568f8b584c60d
2011-04-18 14:37 . 2011-04-26 22:04 -------- d-----w- C:\df9e3186051a377f36fe6ca1080d959d
2011-04-18 14:34 . 2011-04-26 22:04 -------- d-----w- C:\3470cb355803c0f223a11d5098
2011-04-18 14:28 . 2011-04-26 22:04 -------- d-----w- C:\29d92be353bdea7e791b
2011-04-18 14:25 . 2011-04-26 22:04 -------- d-----w- C:\713dcee7521f475e7ae1
2011-04-18 14:21 . 2011-04-26 22:04 -------- d-----w- C:\50d3c65a409d3335cd
2011-04-18 14:18 . 2011-04-26 22:04 -------- d-----w- C:\8b98dd583ff6be212dd672c0
2011-04-18 14:15 . 2011-04-26 22:04 -------- d-----w- C:\55b18ef1a9f3425328c982a0bbe4
2011-04-18 14:12 . 2011-04-26 22:04 -------- d-----w- C:\9035171b06618ba91a
2011-04-18 14:09 . 2011-04-26 22:04 -------- d-----w- C:\2cd8af681639f1f0255d35c433
2011-04-18 14:06 . 2011-04-26 22:04 -------- d-----w- C:\594010a95f4d3da46de9
2011-04-18 14:03 . 2011-04-26 22:04 -------- d-----w- C:\715381bbf42b9d50e769
2011-04-18 14:00 . 2011-04-26 22:04 -------- d-----w- C:\5c6d40d095e59cb8d81a801818
2011-04-18 13:56 . 2011-04-26 22:04 -------- d-----w- C:\77107750f23a45d63d79eb9a41f8b053
2011-04-18 13:53 . 2011-04-26 22:04 -------- d-----w- C:\8a85338dc5c39346f43051
2011-04-18 13:50 . 2011-04-26 22:04 -------- d-----w- C:\725ab5b42e9ac56a061e20
2011-04-18 13:47 . 2011-04-26 22:04 -------- d-----w- C:\0f73c55b02c100041e5bb7aaf979a950
2011-04-18 13:44 . 2011-04-26 22:04 -------- d-----w- C:\469c52b7431f4f4ad1cc911f1dcf5b
2011-04-18 13:41 . 2011-04-26 22:04 -------- d-----w- C:\9d0d4952c17f70a6c0f3f0d38ef2
2011-04-18 13:38 . 2011-04-26 22:04 -------- d-----w- C:\49b965679f90fd24af1a
2011-04-18 13:34 . 2011-04-26 22:04 -------- d-----w- C:\7633c4f3f46d4533d16fbc83668d3a
2011-04-18 13:31 . 2011-04-26 22:04 -------- d-----w- C:\8c928878eabf91c7ec4f2ba623
2011-04-18 13:28 . 2011-04-26 22:04 -------- d-----w- C:\8d8923ed3f995a760635999edfdd
2011-04-18 13:25 . 2011-04-26 22:04 -------- d-----w- C:\131d6b10ab71247f8e0f6ef0
2011-04-18 13:22 . 2011-04-26 22:04 -------- d-----w- C:\c6a4c7f5e332281a57977f99755dca
2011-04-18 13:19 . 2011-04-26 22:04 -------- d-----w- C:\52f1a9a3b369b86075417b
2011-04-18 13:16 . 2011-04-26 22:04 -------- d-----w- C:\66a1f640c761a8b427b1dbe859cbbe
2011-04-18 13:12 . 2011-04-26 22:04 -------- d-----w- C:\930bff59a911d55295948b2b
2011-04-18 13:09 . 2011-04-26 22:04 -------- d-----w- C:\bdeecb8fa83b2b8c78ff965eb3c9
2011-04-18 13:06 . 2011-04-26 22:04 -------- d-----w- C:\2ce26eb81c9b0f9cb81b3a1810
2011-04-18 13:03 . 2011-04-26 22:04 -------- d-----w- C:\8320a3be6daa1568a5a5ff84
2011-04-18 13:00 . 2011-04-26 22:04 -------- d-----w- C:\78a9da2293734c0b6a
2011-04-18 12:57 . 2011-04-26 22:04 -------- d-----w- C:\9e414c1f109074e0729cd5c6d2ceff
2011-04-18 12:54 . 2011-04-26 22:04 -------- d-----w- C:\7c59b0404585dbdec3da176635
2011-04-18 12:51 . 2011-04-26 22:04 -------- d-----w- C:\a41287c7b160e2046acf036610
2011-04-18 12:47 . 2011-04-26 22:04 -------- d-----w- C:\7b34c94d9cb7a39ad86ac74b
2011-04-18 12:44 . 2011-04-26 22:04 -------- d-----w- C:\224c82bf1d679298d4b9cd
2011-04-18 12:41 . 2011-04-26 22:04 -------- d-----w- C:\460bc1fefc2617284667a9730b3aba
2011-04-18 12:38 . 2011-04-26 22:04 -------- d-----w- C:\0b62180aa6e5a6a29e512c1a
2011-04-18 12:35 . 2011-04-26 22:04 -------- d-----w- C:\712adf29ec26c7368eab
2011-04-18 12:32 . 2011-04-26 22:04 -------- d-----w- C:\3f373d32a31cfa5c24adc8f3c665ab10
2011-04-18 12:29 . 2011-04-26 22:04 -------- d-----w- C:\7fa73785b2d6313d146ac269d9345dec
2011-04-18 12:26 . 2011-04-26 22:04 -------- d-----w- C:\a3141e23997b21d80be956d6
2011-04-18 12:23 . 2011-04-26 22:04 -------- d-----w- C:\30641b1766855c7260
2011-04-18 12:20 . 2011-04-26 22:04 -------- d-----w- C:\0fa59aac50019c4810ba92e31205817a
2011-04-18 12:17 . 2011-04-26 22:04 -------- d-----w- C:\cbba544ead356f7659810499
2011-04-18 12:14 . 2011-04-26 22:04 -------- d-----w- C:\00117fcbe3da26fc52
2011-04-18 12:10 . 2011-04-26 22:04 -------- d-----w- C:\e04dfcea04a98f93dd
2011-04-18 12:07 . 2011-04-26 22:04 -------- d-----w- C:\3fa648281cce173e2d79f443ebb26e54
2011-04-18 12:04 . 2011-04-26 22:04 -------- d-----w- C:\cfb2343ca0bd3a9ba394138d9017f66e
2011-04-18 12:01 . 2011-04-26 22:04 -------- d-----w- C:\3250ab79c5d42a60782f07
2011-04-18 11:58 . 2011-04-26 22:04 -------- d-----w- C:\803ea344d745a778c8
2011-04-18 11:55 . 2011-04-26 22:04 -------- d-----w- C:\9641e327b166c950d59e766b0ebcff
2011-04-18 11:52 . 2011-04-26 22:04 -------- d-----w- C:\893491119fdbe8b0adce
2011-04-18 11:49 . 2011-04-26 22:04 -------- d-----w- C:\7c9b0f3b432f7af05ec76a6092
2011-04-18 11:46 . 2011-04-26 22:04 -------- d-----w- C:\1544fe72b18cb49a009bdc4ca865
2011-04-18 11:43 . 2011-04-26 22:04 -------- d-----w- C:\96b69d3cd2de0ff22b4ae9bc9af9c5
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-18 21:36 . 2010-12-14 06:04 41984 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2011-02-18 21:36 . 2010-12-14 06:04 4184352 ----a-w- c:\windows\system32\usbaaplrc.dll
2011-01-31 14:44 . 2003-03-19 05:14 499712 ----a-w- c:\windows\system32\msvcp71.dll
2011-03-18 17:53 . 2011-04-13 17:03 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\spoolsv.exe
[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\system32\spoolsv.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-04-20 2423752]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-07-21 98304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-07-21 86016]
"Persistence"="c:\windows\system32\igfxpers.exe" [2006-07-21 81920]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2005-01-08 61952]
"RTHDCPL"="RTHDCPL.EXE" [2006-07-04 16250880]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2007-04-13 331552]
"SetRefresh"="c:\program files\Compaq\SetRefresh\SetRefresh.exe" [2003-11-20 525824]
"Recguard"="c:\windows\Sminst\Recguard.exe" [2006-05-12 1138688]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2006-03-31 761856]
"Scheduler"="c:\windows\SMINST\Scheduler.exe" [2006-04-24 888832]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2011-01-31 273544]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-04 281768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SMINST\\Scheduler.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Warcraft III\\Frozen Throne.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"6112:TCP"= 6112:TCP:Warcraft III - The Frozen Throne
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [4/12/2011 4:57 PM 135336]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [6/20/2007 12:37 AM 540448]
S3 EraserUtilDrv11010;EraserUtilDrv11010;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11010.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - KLMD25
*NewlyCreated* - NORMANDY
*Deregistered* - klmd25
*Deregistered* - Normandy
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50]
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-319670913-3225394549-775371207-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 21:25]
.
2011-04-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-319670913-3225394549-775371207-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-16 21:25]
.
2011-04-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-319670913-3225394549-775371207-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 20:25]
.
2011-04-27 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-319670913-3225394549-775371207-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 20:25]
.
2011-04-27 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-319670913-3225394549-775371207-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 20:25]
.
2011-04-19 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-319670913-3225394549-775371207-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2011-01-24 20:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.hp.com
uInternet Connection Wizard,ShellNext = hxxp://www.hp.com/
IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html
IE: &Translate English Word - c:\program files\Google\GoogleToolbar1.dll/cmwordtrans.html
IE: Backward Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html
IE: Cached Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Similar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html
IE: Translate Page into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html
FF - ProfilePath - c:\documents and settings\me\Application Data\Mozilla\Firefox\Profiles\pvzyfs5o.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://u.northwestern.edu/
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2011-04-27 18:11
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet003\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(764)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'explorer.exe'(2440)
c:\windows\system32\msi.dll
.
Completion time: 2011-04-27 18:12:43
ComboFix-quarantined-files.txt 2011-04-27 23:12
.
Pre-Run: 7,355,076,608 bytes free
Post-Run: 7,361,236,992 bytes free
.
- - End Of File - - 48380A3B1D592DE30DB7555CC817508B