ComboFix 10-07-26.04 - Michael 07/27/2010 14:37:12.3.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2935.1698 [GMT -5:00]
Running from: c:\documents and settings\Michael\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Michael\Desktop\CFScript.txt
AV: avast! Antivirus *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FILE ::
"c:\documents and settings\Michael\My Documents\Downloads\RummyRoyalSetup(2).exe"
"c:\documents and settings\Michael\My Documents\Downloads\RummyRoyalSetup.exe"
"j:\my stuff\Norton Antivirus 2007 Corporate CRACKED - ALL CURRENT UPDATES 10 Yr License.iso"
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\Michael\My Documents\Downloads\RummyRoyalSetup(2).exe
c:\documents and settings\Michael\My Documents\Downloads\RummyRoyalSetup.exe
j:\my stuff\Norton Antivirus 2007 Corporate CRACKED - ALL CURRENT UPDATES 10 Yr License.iso
.
((((((((((((((((((((((((( Files Created from 2010-06-27 to 2010-07-27 )))))))))))))))))))))))))))))))
.
2010-07-27 03:31 . 2010-07-27 03:31 -------- d-----w- c:\program files\ESET
2010-07-25 04:22 . 2010-07-25 04:22 54016 ----a-w- c:\windows\system32\drivers\flttho.sys
2010-07-25 03:19 . 2010-07-25 03:19 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-07-24 01:22 . 2010-07-24 01:22 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2010-07-20 21:02 . 2010-07-20 21:02 -------- d-----w- c:\program files\AVG
2010-07-20 19:55 . 2007-01-13 14:45 172032 ----a-w- c:\windows\system32\igfxres.dll
2010-07-20 19:50 . 2007-01-13 15:46 204800 ----a-w- c:\windows\system32\igfxCoIn_v4764.dll
2010-07-20 19:50 . 2007-01-13 15:33 2482688 ----a-w- c:\windows\system32\igxpdx32.dll
2010-07-20 19:50 . 2007-01-13 15:33 5672032 ----a-w- c:\windows\system32\drivers\igxpmp32.sys
2010-07-20 19:50 . 2007-01-13 15:33 57344 ----a-w- c:\windows\system32\igxprd32.dll
2010-07-20 19:50 . 2007-01-13 15:32 149504 ----a-w- c:\windows\system32\igxpgd32.dll
2010-07-20 19:50 . 2007-01-13 15:32 1563776 ----a-w- c:\windows\system32\igxpdv32.dll
2010-07-20 19:50 . 2007-01-13 15:09 450560 ----a-w- c:\windows\system32\igldev32.dll
2010-07-20 19:50 . 2007-01-13 15:07 2334720 ----a-w- c:\windows\system32\iglicd32.dll
2010-07-20 19:50 . 2007-01-13 14:46 135168 ----a-w- c:\windows\system32\igfxpers.exe
2010-07-20 19:50 . 2007-01-13 14:46 241664 ----a-w- c:\windows\system32\igfxsrvc.exe
2010-07-20 19:50 . 2007-01-19 15:14 389120 ----a-w- c:\windows\system32\igxpun.exe
2010-07-20 19:50 . 2006-11-10 13:25 319456 ----a-w- c:\windows\system32\difxapi.dll
2010-07-20 19:49 . 2010-07-20 19:49 -------- d-----w- C:\Intel
2010-07-20 19:48 . 2010-07-20 19:48 -------- d-----w- c:\program files\SystemRequirementsLab
2010-07-20 19:48 . 2010-07-20 19:48 84480 ----a-w- c:\documents and settings\Michael\Application Data\SystemRequirementsLab\srlproxy_intel_4.1.66.0A.dll
2010-07-20 19:48 . 2010-07-20 19:48 -------- d-----w- c:\documents and settings\Michael\Application Data\SystemRequirementsLab
2010-07-20 13:42 . 2010-07-20 13:42 -------- d-sh--w- c:\documents and settings\NetworkService\PrivacIE
2010-07-19 19:17 . 2010-07-19 19:17 -------- d-----w- c:\documents and settings\Michael\Application Data\InstallShield
2010-07-19 18:42 . 2010-07-21 00:50 -------- d-----w- c:\program files\Common Files\Akamai
2010-07-13 19:27 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2010-07-09 13:17 . 2010-07-09 13:17 -------- d-----w- c:\program files\Sierra On-Line
2010-07-09 13:17 . 2010-07-09 13:17 -------- d-----w- C:\SIERRA
2010-07-09 13:17 . 2010-07-09 13:17 -------- d-----w- c:\program files\WON
2010-07-09 04:15 . 2010-07-09 04:15 -------- d-----w- c:\windows\Installing Adobe Acrobat Reader
2010-07-09 04:15 . 2010-07-09 04:15 -------- d-----w- c:\program files\Microsoft Games
2010-06-29 11:33 . 2010-06-28 20:57 38848 ----a-w- c:\windows\avastSS.scr
2010-06-27 20:57 . 2010-05-21 19:14 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-06-27 20:55 . 2010-06-27 20:55 -------- d-----w- c:\program files\Windows Defender
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-27 19:28 . 2010-06-10 07:02 99 ----a-w- c:\documents and settings\Michael\jagex_runescape_preferences2.dat
2010-07-27 19:28 . 2010-06-10 06:54 46 ----a-w- c:\documents and settings\Michael\jagex_runescape_preferences.dat
2010-07-25 15:52 . 2010-06-04 05:01 63488 ----a-w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-07-25 15:51 . 2010-06-04 05:00 117760 ----a-w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-07-25 05:48 . 2010-06-04 05:00 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-07-25 05:35 . 2009-08-05 05:26 1984 ----a-w- c:\windows\system32\d3d9caps.dat
2010-07-20 16:35 . 2010-01-27 05:55 -------- d-----w- c:\program files\mIRC
2010-07-20 12:17 . 2010-03-15 07:51 1535 ----a-w- c:\documents and settings\Michael\Application Data\iolo\restore.bat
2010-07-20 10:54 . 2010-03-15 01:03 -------- d-----w- c:\documents and settings\Michael\Application Data\iolo
2010-07-19 19:57 . 2009-05-15 20:14 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-07-19 18:28 . 2009-05-13 20:51 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-19 17:20 . 2009-07-19 23:32 -------- d-----w- c:\program files\CCleaner
2010-07-14 00:03 . 2009-06-16 17:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-07-08 12:51 . 2010-03-15 01:03 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo
2010-07-06 20:16 . 2010-03-15 04:07 94384 ----a-w- c:\windows\system32\IncContxMenu.dll
2010-07-06 20:16 . 2009-12-11 05:08 2319536 ----a-w- c:\windows\system32\Incinerator.dll
2010-07-03 21:29 . 2010-01-27 05:55 -------- d-----w- c:\documents and settings\Michael\Application Data\mIRC
2010-06-28 20:57 . 2010-06-15 00:46 165032 ----a-w- c:\windows\system32\aswBoot.exe
2010-06-28 20:37 . 2010-06-15 00:46 46672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2010-06-28 20:37 . 2010-06-15 00:46 165456 ----a-w- c:\windows\system32\drivers\aswSP.sys
2010-06-28 20:33 . 2010-06-15 00:46 23376 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2010-06-28 20:32 . 2010-06-15 00:46 100176 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2010-06-28 20:32 . 2010-06-15 00:46 94544 ----a-w- c:\windows\system32\drivers\aswmon.sys
2010-06-28 20:32 . 2010-06-15 00:46 17744 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2010-06-28 20:32 . 2010-06-15 00:46 28880 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2010-06-26 21:51 . 2009-08-01 03:47 -------- d-----w- c:\program files\Windows Live
2010-06-15 00:52 . 2005-01-10 01:26 81720 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-15 00:17 . 2009-05-21 21:31 -------- d-----w- c:\program files\MSBuild
2010-06-15 00:16 . 2010-06-15 00:16 -------- d-----w- c:\program files\Reference Assemblies
2010-06-14 14:31 . 2009-05-14 03:04 744448 ----a-w- c:\windows\pchealth\helpctr\binaries\helpsvc.exe
2010-06-13 04:40 . 2009-05-20 20:53 -------- d-----w- c:\documents and settings\Michael\Application Data\Apple Computer
2010-06-13 04:05 . 2010-06-13 04:03 -------- d-----w- c:\program files\iTunes
2010-06-13 04:05 . 2010-06-13 04:03 -------- d-----w- c:\documents and settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-06-13 04:03 . 2010-06-13 04:03 -------- d-----w- c:\program files\iPod
2010-06-13 04:03 . 2009-05-20 20:51 -------- d-----w- c:\program files\Common Files\Apple
2010-06-13 03:48 . 2009-05-20 20:53 -------- d-----w- c:\program files\Bonjour
2010-06-13 03:43 . 2010-06-13 03:43 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe
2010-06-13 03:42 . 2010-06-13 03:41 -------- d-----w- c:\program files\Safari
2010-06-13 03:32 . 2010-06-13 03:32 71992 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\Safari 5.33.16.0\SetupAdmin.exe
2010-06-10 07:02 . 2010-06-10 07:02 0 ----a-w- c:\documents and settings\Michael\jagex__preferences3.dat
2010-06-10 05:35 . 2009-10-06 12:27 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-06 21:31 . 2009-05-27 14:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2010-06-06 15:47 . 2009-05-18 15:07 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-06-06 15:36 . 2009-05-14 03:08 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys
2010-06-04 23:36 . 2010-06-04 23:35 -------- d-----w- c:\program files\Google
2010-06-04 05:00 . 2010-06-04 05:00 52224 ----a-w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-06-04 05:00 . 2010-06-04 05:00 -------- d-----w- c:\documents and settings\Michael\Application Data\SUPERAntiSpyware.com
2010-06-04 05:00 . 2010-06-04 05:00 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-06-03 13:33 . 2010-06-03 05:57 -------- d-----w- c:\program files\Common Files\PC Tools
2010-06-03 12:32 . 2010-06-03 12:32 81920 ----a-w- c:\windows\ALCFDRTM.EXE
2010-06-03 12:28 . 2010-03-29 14:25 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2010-06-03 06:37 . 2010-06-03 06:37 -------- d-----w- c:\program files\Panda Security
2010-05-06 10:41 . 2009-05-14 03:09 916480 ----a-w- c:\windows\system32\wininet.dll
2010-05-02 05:22 . 2009-05-14 03:09 1851264 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 20:39 . 2009-05-27 22:23 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 20:39 . 2009-05-27 03:30 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2004-03-15 22:51 . 2004-03-15 22:51 114688 ----a-w- c:\program files\internet explorer\plugins\LV71ActiveXControl.dll
2006-01-23 15:32 . 2006-01-23 15:32 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2007-02-08 15:48 . 2007-02-08 15:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 23:03 . 2007-07-24 23:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2010-05-22 160328]
"Google Update"="c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2010-01-27 135664]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"niDevMon"="c:\program files\National Instruments\NI-DAQ\HWConfig\nidevmon.exe" [2008-06-18 106576]
"NI Background Service"="c:\program files\National Instruments\Shared\Update Service\BackgroundService.exe" [2008-04-03 77824]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2010-06-28 2837864]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0smrgdf c:\progra~1\iolo\SYSTEM~1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^Michael^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk]
backup=c:\windows\pss\OpenOffice.org 3.1.lnkStartup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-02-27 22:10 35696 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-01-27 05:40 135664 ----atw- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds]
2007-01-13 14:47 163840 ----a-w- c:\windows\system32\hkcmd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
2004-05-12 20:18 241664 ----a-w- c:\program files\HP\hpcoretech\hpcmpmgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2003-08-04 22:28 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-04-28 20:06 142120 ----a-w- c:\program files\iTunes\iTunesHelper.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)]
2009-05-27 02:06 4351216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Bonjour Service"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Malwarebytes' Anti-Malware\\mbam.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
R0 nipbcfk;National Instruments Class Upper Filter Driver;c:\windows\system32\drivers\nipbcfk.sys [7/10/2007 8:08 PM 15448]
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [6/3/2010 7:18 AM 28552]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [6/14/2010 7:46 PM 165456]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 1:25 PM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 1:41 PM 67656]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/14/2010 7:46 PM 17744]
R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [3/14/2010 11:07 PM 711352]
R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [3/14/2010 11:07 PM 711352]
R2 nidevldu;NI Device Loader;c:\windows\system32\nipalsm.exe [2/16/2007 11:21 AM 12696]
R2 nipxirmk;nipxirmk;c:\windows\system32\drivers\nipxirmkl.sys [9/18/2007 7:24 AM 11552]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 7:19 PM 13592]
R3 nidimk;nidimk;c:\windows\system32\drivers\nidimkl.sys [6/13/2008 3:51 PM 11360]
R3 nimru2k;nimru2k;c:\windows\system32\drivers\nimru2kl.sys [6/13/2008 3:51 PM 11360]
R3 nimstsk;nimstsk;c:\windows\system32\drivers\nimstskl.sys [12/18/2007 7:14 PM 11360]
S1 SABKUTIL;SABKUTIL;\??\c:\program files\SUPERAntiSpyware\SABKUTIL.sys --> c:\program files\SUPERAntiSpyware\SABKUTIL.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/4/2010 6:35 PM 136176]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [12/18/2009 10:58 AM 11336]
S3 lvalarmk;lvalarmk;c:\windows\system32\drivers\lvalarmk.sys [12/20/2007 9:37 AM 20056]
S3 ni1006k;NI PXI-1006 Chassis Pilot;c:\windows\system32\drivers\ni1006k.sys [10/8/2007 2:10 PM 25888]
S3 ni1045k;NI PXI-1045 Chassis Pilot;c:\windows\system32\drivers\ni1045kl.sys [10/8/2007 2:10 PM 11552]
S3 ni1065k;NI PXIe-1065 Chassis Pilot;c:\windows\system32\drivers\ni1065k.sys [10/8/2007 2:10 PM 22360]
S3 nicdrk;nicdrk;c:\windows\system32\drivers\nicdrkl.sys [12/26/2007 11:53 AM 11352]
S3 nicsrk;nicsrk;c:\windows\system32\drivers\nicsrkl.sys [2/22/2008 11:25 AM 11336]
S3 nidmxfk;nidmxfk;c:\windows\system32\drivers\nidmxfkl.sys [12/18/2007 7:20 PM 11336]
S3 nidsark;nidsark;c:\windows\system32\drivers\nidsarkl.sys [2/29/2008 3:02 PM 11344]
S3 niemrk;niemrk;c:\windows\system32\drivers\niemrkl.sys [2/22/2008 11:25 AM 11336]
S3 niesrk;niesrk;c:\windows\system32\drivers\niesrkl.sys [2/22/2008 11:25 AM 11336]
S3 nifslk;nifslk;c:\windows\system32\drivers\nifslkl.sys [12/26/2007 11:18 AM 11352]
S3 nimsdrk;nimsdrk;c:\windows\system32\drivers\nimsdrkl.sys [1/11/2008 5:08 PM 11392]
S3 nimslk;nimslk;c:\windows\system32\drivers\nimslk.dll [6/25/2007 12:08 AM 14464]
S3 nimsrlk;nimsrlk;c:\windows\system32\drivers\nimsrlk.dll [6/25/2007 12:08 AM 151683]
S3 nimxpk;nimxpk;c:\windows\system32\drivers\nimxpkl.sys [12/18/2007 6:14 PM 11368]
S3 ninshsdk;ninshsdk;c:\windows\system32\drivers\ninshsdkl.sys [12/27/2007 9:45 AM 11360]
S3 nipalfwedl;nipalfwedl;c:\windows\system32\drivers\nipalfwedl.sys [6/13/2008 9:27 AM 11904]
S3 nipalusbedl;nipalusbedl;c:\windows\system32\drivers\nipalusbedl.sys [6/13/2008 9:27 AM 11896]
S3 nipxigpk;NI PXI Generic Chassis Pilot;c:\windows\system32\drivers\nipxigpk.sys [11/26/2007 5:22 PM 20768]
S3 niscdk;niscdk;c:\windows\system32\drivers\niscdkl.sys [1/8/2008 12:38 AM 11376]
S3 nisdigk;nisdigk;c:\windows\system32\drivers\nisdigkl.sys [1/8/2008 12:21 AM 11352]
S3 nisftk;nisftk;c:\windows\system32\drivers\nisftkl.sys [12/20/2007 3:54 PM 11344]
S3 nispdk;nispdk;c:\windows\system32\drivers\nispdkl.sys [1/8/2008 12:38 AM 11376]
S3 nissrk;nissrk;c:\windows\system32\drivers\nissrkl.sys [2/22/2008 11:25 AM 11336]
S3 nistc2k;nistc2k;c:\windows\system32\drivers\nistc2kl.sys [1/8/2008 12:35 AM 11312]
S3 nistcrk;nistcrk;c:\windows\system32\drivers\nistcrkl.sys [2/14/2008 8:58 PM 11360]
S3 niswdk;niswdk;c:\windows\system32\drivers\niswdkl.sys [1/2/2008 1:14 PM 11336]
S3 nitiork;nitiork;c:\windows\system32\drivers\nitiorkl.sys [2/19/2008 11:56 PM 11360]
S3 niufurk;niufurk;c:\windows\system32\drivers\niufurkl.sys [2/22/2008 11:25 AM 11368]
S3 niwfrk;niwfrk;c:\windows\system32\drivers\niwfrkl.sys [2/22/2008 11:25 AM 11336]
S3 nixsrk;nixsrk;c:\windows\system32\drivers\nixsrkl.sys [2/22/2008 11:25 AM 11336]
S3 P1001VID;Creative WebCam (WDM);c:\windows\system32\drivers\P1001Vid.sys [5/27/2009 6:10 PM 395224]
S3 usb6xxxk;usb6xxxk;\??\c:\windows\system32\drivers\usb6xxxkl.sys --> c:\windows\system32\drivers\usb6xxxkl.sys [?]
--- Other Services/Drivers In Memory ---
*NewlyCreated* - NIPALK
.
Contents of the 'Scheduled Tasks' folder
2010-07-24 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-04 23:35]
2010-07-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-04 23:35]
2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1542371463-2904305432-1622746480-1005Core.job
- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-27 05:40]
2010-07-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1542371463-2904305432-1622746480-1005UA.job
- c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-01-27 05:40]
2010-07-27 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 00:20]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.dogpile.com/uInternet Settings,ProxyOverride = <local>
FF - ProfilePath - c:\documents and settings\Michael\Application Data\Mozilla\Firefox\Profiles\3pmxtf4b.default\
FF - prefs.js: browser.startup.homepage -
www.dogpile.comFF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\documents and settings\Michael\Application Data\Move Networks\plugins\npqmp071500000347.dll
FF - plugin: c:\documents and settings\Michael\Application Data\Move Networks\plugins\npqmp071701000002.dll
FF - plugin: c:\documents and settings\Michael\Local Settings\Application Data\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Common Files\ParallelGraphics\Cortona\npCortona.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npcosmop211.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npganymedenet.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV80Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv85win32.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\MpcStar\Codecs\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\QuickTime\Plugins\npqtplugin8.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-07-27 14:43
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(644)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\igfxdev.dll
.
Completion time: 2010-07-27 14:47:29
ComboFix-quarantined-files.txt 2010-07-27 19:47
ComboFix2.txt 2010-07-26 21:16
ComboFix3.txt 2010-07-26 00:02
Pre-Run: 105,864,228,864 bytes free
Post-Run: 105,419,579,392 bytes free
- - End Of File - - E4245855F4710C8BAC1431925B296EB2