ComboFix 10-02-10.04 - Nikki Hester 02/10/2010 21:01:03.5.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.267 [GMT -5:00]
Running from: c:\documents and settings\Nikki Hester\Desktop\ComboFix.exe.exe
Command switches used :: c:\documents and settings\Nikki Hester\Desktop\CFScript.txt
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *disabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
((((((((((((((((((((((((( Files Created from 2010-01-11 to 2010-02-11 )))))))))))))))))))))))))))))))
.
2010-02-10 20:20 . 2010-02-10 20:20 -------- d-----w- c:\windows\LastGood
2010-02-06 23:19 . 2010-02-06 23:19 -------- d-----w- c:\program files\ESET
2010-02-06 22:53 . 2010-02-06 22:53 -------- d-----w- c:\program files\CCleaner
2010-02-06 17:28 . 2009-08-21 17:50 15360 ----a-w- c:\windows\system32\drivers\nnrnstdi.sys
2010-02-06 17:28 . 2009-08-21 17:44 9088 ----a-w- c:\windows\system32\drivers\km_filter.sys
2010-02-06 17:27 . 2009-08-21 17:50 24192 ----a-w- c:\windows\system32\drivers\nielprt.sys
2010-02-06 17:27 . 2009-08-21 17:51 9088 ----a-w- c:\windows\system32\drivers\nielgfx.sys
2010-02-06 17:22 . 2010-02-06 17:22 -------- d-----w- c:\program files\NetRatingsNetSight
2010-02-05 03:25 . 2010-02-05 03:25 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Google
2010-02-05 02:59 . 2010-01-07 21:07 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-02-05 02:59 . 2010-01-07 21:07 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-02-05 01:19 . 2010-02-05 01:19 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-02-05 01:17 . 2010-02-05 01:36 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2010-02-05 01:17 . 2010-02-05 01:17 -------- d-----w- c:\program files\NOS
2010-02-04 03:25 . 2010-02-04 03:25 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-02-04 03:20 . 2010-02-04 03:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-02-04 03:19 . 2010-02-04 03:20 -------- d-----w- c:\program files\Google
2010-01-30 21:24 . 2010-01-30 21:25 -------- d-----w- C:\rsit
2010-01-30 17:49 . 2010-02-02 20:38 0 ----a-w- c:\windows\Akomeroqaxacod.bin
2010-01-30 17:49 . 2010-02-02 20:38 120 ----a-w- c:\windows\Amufanunev.dat
2010-01-21 00:40 . 2010-01-21 00:40 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2010-01-21 00:39 . 2010-01-21 00:39 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-01-21 00:39 . 2010-01-21 00:39 -------- d-----w- c:\documents and settings\Nikki Hester\Application Data\SUPERAntiSpyware.com
2010-01-19 03:19 . 2010-01-19 03:19 -------- d-----w- c:\documents and settings\Nikki Hester\Local Settings\Application Data\Mozilla
2010-01-18 16:54 . 2008-04-14 01:11 21504 ----a-w- c:\windows\system32\drivers\hidserv.dll
2010-01-17 20:05 . 2010-01-17 20:05 -------- d-----w- c:\program files\Trend Micro
2010-01-16 06:12 . 2008-04-13 18:57 14336 ------w- c:\windows\system32\drivers\asyncmac.sys
2010-01-15 19:11 . 2010-01-15 19:11 -------- d-----w- c:\documents and settings\Nikki Hester\Application Data\FoxyTunes
2010-01-15 19:11 . 2010-01-15 19:11 -------- d-----w- c:\program files\FoxyTunes
2010-01-15 06:14 . 2010-01-15 06:14 -------- d-----w- c:\documents and settings\Nikki Hester\Local Settings\Application Data\Yahoo
2010-01-15 06:12 . 2010-01-15 06:12 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-01-13 23:06 . 2010-01-13 23:06 -------- d-----w- c:\program files\Common Files\xing shared
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-02-05 03:30 . 2008-10-22 05:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-02-05 01:30 . 2005-10-18 04:39 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-05 01:17 . 2010-02-05 01:17 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2010-02-01 08:50 . 2004-08-04 03:59 96512 ------w- c:\windows\system32\drivers\atapi.sys
2010-01-30 20:00 . 2005-10-18 05:19 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-01-30 19:54 . 2005-10-07 00:09 -------- d-----w- c:\program files\Java
2010-01-30 19:54 . 2005-10-07 00:09 -------- d-----w- c:\program files\Common Files\Java
2010-01-30 19:27 . 2008-04-19 02:04 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2010-01-30 19:27 . 2005-10-18 05:16 -------- d-----w- c:\program files\Lavasoft
2010-01-27 03:00 . 2010-01-27 03:00 348160 ----a-w- c:\documents and settings\Nikki Hester\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1cde8872-n\msvcr71.dll
2010-01-27 03:00 . 2010-01-27 03:00 503808 ----a-w- c:\documents and settings\Nikki Hester\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1cde8872-n\msvcp71.dll
2010-01-27 03:00 . 2010-01-27 03:00 499712 ----a-w- c:\documents and settings\Nikki Hester\Application Data\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-1cde8872-n\jmc.dll
2010-01-27 03:00 . 2010-01-27 03:00 61440 ----a-w- c:\documents and settings\Nikki Hester\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6a1d2174-n\decora-sse.dll
2010-01-27 03:00 . 2010-01-27 03:00 12800 ----a-w- c:\documents and settings\Nikki Hester\Application Data\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-6a1d2174-n\decora-d3d.dll
2010-01-22 01:42 . 2005-10-24 14:03 48096 ----a-w- c:\documents and settings\Nikki Hester\Application Data\wklnhst.dat
2010-01-21 00:41 . 2010-01-21 00:41 52224 ----a-w- c:\documents and settings\Nikki Hester\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-01-21 00:41 . 2010-01-21 00:41 117760 ----a-w- c:\documents and settings\Nikki Hester\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-01-20 23:54 . 2006-03-31 18:11 -------- d-----w- c:\program files\McAfee
2010-01-18 16:55 . 2010-01-18 16:55 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_NuidFltr_01005.Wdf
2010-01-15 06:15 . 2007-08-04 04:33 -------- d-----w- c:\documents and settings\Nikki Hester\Application Data\Yahoo!
2010-01-15 06:11 . 2005-10-19 00:49 -------- d-----w- c:\program files\Yahoo!
2010-01-15 06:07 . 2007-08-04 04:32 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2010-01-13 23:08 . 2005-10-07 00:26 -------- d-----w- c:\program files\Common Files\Real
2010-01-13 22:55 . 2010-01-13 22:55 402952 ----a-w- c:\documents and settings\Nikki Hester\Application Data\Real\RealPlayer\setup\AU_setup11.exe
2010-01-11 00:42 . 2009-05-17 20:15 -------- d-----w- c:\documents and settings\Nikki Hester\Application Data\ZoomBrowser EX
2010-01-11 00:08 . 2007-07-18 01:48 -------- d-----w- c:\program files\Common Files\Apple
2010-01-10 08:10 . 2009-10-01 03:35 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2010-01-10 06:16 . 2010-01-10 06:11 -------- d-----w- c:\program files\DivX
2010-01-10 06:13 . 2010-01-10 06:11 -------- d-----w- c:\program files\Common Files\DivX Shared
2010-01-10 04:46 . 2010-01-10 04:42 -------- d-----w- c:\program files\QuickTime
2009-12-21 19:14 . 2004-08-11 22:00 916480 ------w- c:\windows\system32\wininet.dll
2009-12-17 22:14 . 2009-02-18 19:00 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-13 02:43 . 2009-12-13 02:43 -------- d-----w- c:\documents and settings\All Users\Application Data\SpinTop Games
2009-12-13 02:42 . 2009-12-13 02:42 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayTime
2009-11-21 15:51 . 2004-08-11 22:00 471552 ----a-w- c:\windows\AppPatch\aclayers.dll
2009-11-20 11:08 . 2010-02-05 01:21 38784 ----a-w- c:\documents and settings\Nikki Hester\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2009-11-14 00:49 . 2010-01-10 06:15 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-11-14 00:49 . 2010-01-10 06:15 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-11-14 00:49 . 2010-01-10 06:15 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-11-14 00:49 . 2010-01-10 06:15 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-14 00:49 . 2010-01-10 06:15 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-14 00:49 . 2010-01-10 06:15 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 00:47 . 2009-11-14 00:47 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47 . 2009-11-14 00:47 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47 . 2009-11-14 00:47 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47 . 2009-11-14 00:47 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47 . 2009-11-14 00:47 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47 . 2009-11-14 00:47 696320 ----a-w- c:\windows\system32\DivX.dll
2008-10-21 03:16 . 2008-10-21 03:16 16624 ----a-w- c:\program files\Common Files\byzuwa.com
2008-10-21 03:16 . 2008-10-21 03:16 15370 ----a-w- c:\program files\Common Files\ymunagu.lib
2005-10-18 05:02 . 2007-02-20 02:42 774144 ----a-w- c:\program files\RngInterstitial.dll
2009-08-21 17:52 . 2010-02-06 17:28 180224 ----a-w- c:\program files\mozilla firefox\components\nsgkff31_meter1.dll
2004-08-04 10:00 . 2006-01-12 19:42 73728 --sha-w- c:\windows\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\wmplayer.exe
.
((((((((((((((((((((((((((((( SnapShot@2010-02-04_04.17.12 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-10 06:04 . 2010-02-10 06:04 16384 c:\windows\Temp\Perflib_Perfdata_45c.dat
+ 2010-02-04 04:27 . 2010-02-10 22:20 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2005-10-13 03:13 . 2010-02-10 22:20 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2005-10-13 03:13 . 2010-02-04 00:52 49152 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-02-10 17:17 . 2010-02-10 22:20 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-02-05 01:22 . 2010-02-05 01:22 24576 c:\windows\Installer\9ae8418.msi
+ 2010-02-05 01:20 . 2010-02-05 01:20 27648 c:\windows\Installer\9ae8413.msi
+ 2010-02-06 17:28 . 2009-08-21 17:51 9088 c:\windows\system32\ReinstallBackups\0015\DriverFiles\nielgfx.sys
- 2009-04-28 18:09 . 2008-12-16 17:44 1112288 c:\windows\system32\WdfCoInstaller01007.dll
+ 2009-04-28 18:09 . 2008-12-16 18:44 1112288 c:\windows\system32\WdfCoInstaller01007.dll
+ 2010-02-05 01:32 . 2010-02-05 01:32 3940352 c:\windows\Installer\9ae841d.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-02-04 39408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\Apoint\Apoint.exe" [2004-09-13 155648]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2005-02-15 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2005-02-15 126976]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-10-30 385024]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\point32.exe" [2005-03-23 217088]
"Verizon_McciTrayApp"="c:\program files\Verizon\McciTrayApp.exe" [2007-09-28 936960]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-05-21 206064]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2008-03-11 16384]
"mcagent_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2009-10-29 1218008]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2010-01-13 198160]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"NielsenOnline"="c:\program files\NetRatingsNetSight\NetSight\NielsenOnline.exe" [2009-10-30 47456]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2005-5-11 282624]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
2004-09-07 21:08 110592 ----a-w- c:\program files\Intel\Wireless\Bin\LgNotify.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, zwebauth.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@="Service"
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe"
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" /startup
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" /background
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe"
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe"
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" -atboottime
"HP Software Update"=c:\program files\HP\HP Software Update\HPWuSchd2.exe
"Dell QuickSet"=c:\program files\Dell\QuickSet\quickset.exe
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" -osboot
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_05\bin\jusched.exe"
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\PokerStars.NET\\PokerStarsUpdate.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
R0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys [2/6/2010 12:27 PM 24192]
R1 nnrnstdi;nnrnstdi;c:\windows\system32\drivers\nnrnstdi.sys [2/6/2010 12:28 PM 15360]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [1/5/2010 7:56 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [1/5/2010 7:56 AM 74480]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [9/30/2009 10:18 PM 93320]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/30/2009 5:19 PM 24652]
R3 km_filter;km_filter;c:\windows\system32\drivers\km_filter.sys [2/6/2010 12:28 PM 9088]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2/3/2010 10:20 PM 135664]
S3 0879oo;0879oo;\??\c:\windows\system32\drivers\0879oo.sys --> c:\windows\system32\drivers\0879oo.sys [?]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys [2/6/2010 12:27 PM 9088]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [1/5/2010 7:56 AM 7408]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 09:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
2010-02-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]
2010-02-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 03:20]
2010-02-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-04 03:20]
2010-01-15 c:\windows\Tasks\McDefragTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-01 16:22]
2010-02-01 c:\windows\Tasks\McQcTask.job
- c:\progra~1\mcafee\mqc\QcConsol.exe [2009-10-01 16:22]
.
.
------- Supplementary Scan -------
.
uStart Page =
hxxp://www.my.yahoo.com/IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - c:\program files\PokerStars.NET\PokerStarsUpdate.exe
Trusted Zone: //rhap-app-4-0.real.com/
Trusted Zone: //rhapapp.real.com/
Trusted Zone: yahoo.com\my
DPF: {8FA2192F-B95D-40E3-898F-8D7ABB8E00D0} -
hxxp://clubgames.pogo.com/online2/pogop ... uncher.cabDPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} -
hxxp://www.gamehouse.com/realarcade-web ... player.cabDPF: {EF148DBB-5B6D-4130-B2A1-661571E86260} -
hxxp://clubgames.pogo.com/online2/pogop ... uncher.cabFF - ProfilePath - c:\documents and settings\Nikki Hester\Application Data\Mozilla\Firefox\Profiles\nmz0nzaa.default\
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-02-10 21:14
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(788)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\WININET.dll
c:\documents and settings\Nikki Hester\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
c:\documents and settings\Nikki Hester\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
c:\program files\Intel\Wireless\Bin\LgNotify.dll
.
Completion time: 2010-02-10 21:22:51
ComboFix-quarantined-files.txt 2010-02-11 02:22
ComboFix2.txt 2010-02-10 05:43
ComboFix3.txt 2010-02-04 18:36
ComboFix4.txt 2010-02-04 04:26
ComboFix5.txt 2010-02-11 01:58
Pre-Run: 49,739,919,360 bytes free
Post-Run: 49,805,729,792 bytes free
Current=5 Default=5 Failed=4 LastKnownGood=6 Sets=1,3,4,5,6
- - End Of File - - EA4C0B6F0F64DC9FEC5F51D7A96F5C70
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7467cc83ce0f3a4196b99625eb1e6257
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-07 01:03:52
# local_time=2010-02-06 08:03:52 (-0500, Eastern Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 1657540 1657540 0 0
# compatibility_mode=5121 16776869 100 96 5929076 17507784 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=84400
# found=15
# cleaned=0
# scan_time=5573
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.SJ virus 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP18\A0009681.dll a variant of Win32/Losfondup.A trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP20\A0011718.dll a variant of Win32/Losfondup.A trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0003113.dll a variant of Win32/Kryptik.CBR trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0003114.dll a variant of Win32/Kryptik.CBR trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP3\A0003115.dll a variant of Win32/Kryptik.CBR trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0005108.dll a variant of Win32/Kryptik.CBQ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0005111.dll a variant of Win32/Kryptik.CBR trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0005112.dll a variant of Win32/Kryptik.CBQ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0005113.dll a variant of Win32/Kryptik.CBQ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0005114.dll a variant of Win32/Kryptik.CBQ trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0005115.dll a variant of Win32/Kryptik.CBR trojan 00000000000000000000000000000000 I
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP5\A0005116.dll a variant of Win32/Kryptik.CBQ trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\fogigar.dll a variant of Win32/Losfondup.A trojan 00000000000000000000000000000000 I
C:\WINDOWS\system32\spool\prtprocs\w32x86\68.tmp a variant of Win32/Kryptik.BQU trojan 00000000000000000000000000000000 I
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6211
# api_version=3.0.2
# EOSSerial=7467cc83ce0f3a4196b99625eb1e6257
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2010-02-11 04:30:17
# local_time=2010-02-10 11:30:17 (-0500, Eastern Standard Time)
# country="United States"
# lang=9
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 2015701 2015701 0 0
# compatibility_mode=5121 16776869 100 96 6287237 17865945 0 0
# compatibility_mode=8192 67108863 100 0 276051 276051 0 0
# scanned=82185
# found=2
# cleaned=0
# scan_time=5402
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Win32/Olmarik.SJ virus 00000000000000000000000000000000 I
C:\Qoobox\Quarantine\C\WINDOWS\system32\spool\prtprocs\w32x86\68.tmp.vir a variant of Win32/Kryptik.BQU trojan 00000000000000000000000000000000 I