Latest Logs
ComboFix 10-09-28.03 - Ron 29/09/2010 13:06:37.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1639 [GMT 1:00]
Running from: c:\users\Ron\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.
((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))
.
2010-09-29 12:17 . 2010-09-29 12:17 -------- d-----w- c:\users\Ron\AppData\Local\temp
2010-09-29 12:17 . 2010-09-29 12:17 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-09-29 12:17 . 2010-09-29 12:17 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-09-29 12:02 . 2010-09-29 12:02 -------- d-----w- C:\32788R22FWJFW
2010-09-29 11:57 . 2010-06-22 13:30 2048 ----a-w- c:\windows\system32\tzres.dll
2010-09-28 22:17 . 2010-09-28 22:20 -------- d-----w- c:\program files\SpywareBlaster
2010-09-28 22:11 . 2010-09-28 22:11 -------- d-----w- c:\program files\WOT
2010-09-27 13:39 . 2010-09-27 13:39 -------- d-----w- c:\program files\iPod
2010-09-27 13:39 . 2010-09-27 13:40 -------- d-----w- c:\program files\iTunes
2010-09-27 13:37 . 2010-09-27 13:37 -------- d-----w- c:\program files\QuickTime
2010-09-27 13:35 . 2010-09-27 13:35 -------- d-----w- c:\program files\Apple Software Update
2010-09-27 13:02 . 2010-09-27 13:02 -------- d-----w- c:\users\Ron\AppData\Local\Secunia PSI
2010-09-27 13:02 . 2010-09-27 13:02 -------- d-----w- c:\program files\Secunia
2010-09-27 12:34 . 2010-09-28 22:13 -------- d-----w- c:\users\Ron\AppData\Roaming\OnlineArmor
2010-09-27 12:34 . 2010-09-27 12:53 -------- d-----w- c:\programdata\OnlineArmor
2010-09-27 12:33 . 2010-07-05 07:44 22600 ----a-w- c:\windows\system32\drivers\OAmon.sys
2010-09-27 12:33 . 2010-07-05 07:44 29256 ----a-w- c:\windows\system32\drivers\OAnet.sys
2010-09-27 12:33 . 2010-07-05 07:43 236104 ----a-w- c:\windows\system32\drivers\OADriver.sys
2010-09-27 12:33 . 2010-09-27 12:33 -------- d-----w- c:\program files\Emsisoft
2010-09-26 19:23 . 2010-09-26 19:23 -------- d-----w- c:\programdata\WindowsSearch
2010-09-26 19:08 . 2010-09-27 11:46 -------- d-----w- c:\programdata\Comodo
2010-09-26 14:59 . 2010-09-26 14:59 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-09-22 14:02 . 2010-09-22 14:02 -------- d-----w- c:\program files\ESET
2010-09-17 21:53 . 2010-09-17 21:53 -------- d-----w- c:\users\Ron\AppData\Roaming\Malwarebytes
2010-09-17 21:53 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 21:53 . 2010-09-17 21:53 -------- d-----w- c:\programdata\Malwarebytes
2010-09-17 21:53 . 2010-09-17 21:53 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-17 21:53 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-17 09:43 . 2010-09-17 09:43 -------- d-----w- c:\users\Ron\AppData\Roaming\SUPERAntiSpyware.com
2010-09-17 09:43 . 2010-09-17 09:43 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2010-09-17 09:43 . 2010-09-17 21:40 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-09-17 09:30 . 2010-09-27 15:02 -------- d-----w- c:\programdata\Yahoo! Companion
2010-09-17 09:30 . 2010-09-17 09:30 -------- d-----w- c:\users\Ron\AppData\Roaming\Yahoo!
2010-09-17 09:30 . 2010-09-17 09:30 -------- d-----w- c:\program files\Yahoo!
2010-09-17 09:29 . 2010-09-17 09:30 -------- d-----w- c:\program files\CCleaner
2010-09-17 07:47 . 2010-04-16 16:46 502272 ----a-w- c:\windows\system32\usp10.dll
2010-09-17 07:47 . 2010-08-17 14:11 128000 ----a-w- c:\windows\system32\spoolsv.exe
2010-09-17 07:47 . 2010-04-05 17:02 317952 ----a-w- c:\windows\system32\MP4SDECD.DLL
2010-09-17 07:47 . 2010-05-27 20:08 739328 ----a-w- c:\windows\system32\inetcomm.dll
2010-09-09 21:00 . 2010-09-09 21:00 -------- d-sh--w- c:\windows\system32\%APPDATA%
2010-09-06 11:17 . 2010-09-06 11:17 -------- d-----w- c:\program files\Common Files\Java
2010-09-04 09:48 . 2010-09-04 09:49 -------- d-----w- c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-04 09:42 . 2010-09-04 09:42 -------- d-----w- c:\program files\Bonjour
2010-09-01 08:30 . 2010-09-01 08:30 15544 ----a-w- c:\windows\system32\drivers\psi_mf.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 11:59 . 2009-05-17 18:30 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-29 11:49 . 2010-06-24 06:29 36725 ----a-w- c:\programdata\nvModes.dat
2010-09-29 11:47 . 2009-07-12 09:53 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-09-29 00:11 . 2009-07-15 13:51 12 ----a-w- c:\windows\bthservsdp.dat
2010-09-28 23:53 . 2010-09-28 23:53 388096 ----a-r- c:\users\Ron\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-28 23:23 . 2009-07-12 09:53 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-09-28 10:30 . 2010-09-28 10:30 2023824 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4E298DB-ECDF-46E5-8671-41B2BE418959}\mpavdlta.vdm
2010-09-28 10:30 . 2010-09-28 10:30 365968 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4E298DB-ECDF-46E5-8671-41B2BE418959}\mpasdlta.vdm
2010-09-27 13:42 . 2009-11-13 18:53 -------- d-----w- c:\users\Ron\AppData\Roaming\Apple Computer
2010-09-27 13:39 . 2009-11-13 18:45 -------- d-----w- c:\program files\Common Files\Apple
2010-09-27 13:15 . 2009-07-06 10:58 -------- d-----w- c:\program files\Java
2010-09-27 12:59 . 2010-08-29 15:49 1987984 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavdlta.vdm
2010-09-27 12:59 . 2010-08-29 15:49 349584 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasdlta.vdm
2010-09-26 15:24 . 2009-05-31 18:09 -------- d-----w- c:\programdata\NVIDIA
2010-09-26 15:00 . 2010-06-24 04:42 -------- d-----w- c:\program files\NVIDIA Corporation
2010-09-24 01:51 . 2010-09-24 01:51 73000 ----a-w- c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-09-22 13:13 . 2010-09-22 13:13 12575488 ----a-w- c:\users\Ron\AppData\Roaming\Adobe\AIR\Updater\Background\1.0\updater
2010-09-22 13:10 . 2009-05-03 04:20 175808 ----a-w- c:\users\Ron\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-22 13:10 . 2009-05-05 21:40 -------- d-----w- c:\program files\Common Files\Adobe
2010-09-17 22:32 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
2010-09-17 21:42 . 2010-09-17 09:43 63488 ----a-w- c:\users\Ron\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-17 21:42 . 2010-09-17 09:43 117760 ----a-w- c:\users\Ron\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-17 09:43 . 2010-09-17 09:43 52224 ----a-w- c:\users\Ron\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-17 07:50 . 2010-09-28 10:30 41722256 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4E298DB-ECDF-46E5-8671-41B2BE418959}\mpavbase.vdm
2010-09-17 07:50 . 2010-08-29 15:49 41722256 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavbase.vdm
2010-09-17 07:50 . 2010-09-28 10:30 12300688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4E298DB-ECDF-46E5-8671-41B2BE418959}\mpasbase.vdm
2010-09-17 07:50 . 2010-08-29 15:49 12300688 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasbase.vdm
2010-09-10 22:41 . 2010-09-10 22:41 109512 ----a-w- c:\programdata\Comodo\Installer\cmddns.tmp
2010-09-06 11:16 . 2010-09-06 11:14 10787840 ----a-w- c:\users\Ron\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AcroProUpd710_all_cum.exe
2010-08-28 12:39 . 2010-08-28 12:39 63520 ----a-w- c:\programdata\Comodo\Installer\crtman.tmp
2010-08-27 14:15 . 2010-08-27 14:15 -------- d-----w- c:\program files\Microsoft Security Essentials
2010-08-26 18:20 . 2010-08-27 14:11 366992 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B226FB6-3024-4D43-9F12-F9F3CD893053}\mpasdlta.vdm
2010-08-19 09:25 . 2010-08-27 14:11 12120464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B226FB6-3024-4D43-9F12-F9F3CD893053}\mpasbase.vdm
2010-08-14 21:06 . 2009-07-19 15:39 300384 ----a-w- c:\users\Ron\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-08-13 14:06 . 2010-08-13 06:10 -------- d-----w- c:\program files\Common Files\ParetoLogic
2010-08-13 06:33 . 2010-08-13 06:33 -------- d-----w- c:\users\Ron\AppData\Roaming\AdobeUM
2010-08-13 06:33 . 2010-08-13 06:33 -------- d-----w- c:\program files\Common Files\Java(0)
2010-08-13 06:10 . 2010-08-13 06:10 -------- d-----w- c:\programdata\FileCure
2010-08-08 18:48 . 2010-08-08 18:48 568832 ----a-w- c:\users\Ron\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\4FE5.tmp_\sun-pdfimport.oxt\msvcp90.dll
2010-08-08 18:48 . 2010-08-08 18:48 686080 ----a-w- c:\users\Ron\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\4FE5.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2010-08-08 18:48 . 2010-08-08 18:48 655872 ----a-w- c:\users\Ron\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\4FE5.tmp_\sun-pdfimport.oxt\msvcr90.dll
2010-08-08 18:48 . 2010-08-08 18:48 583168 ----a-w- c:\users\Ron\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\4FE5.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2010-08-08 18:48 . 2010-08-08 18:48 224768 ----a-w- c:\users\Ron\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\4FE5.tmp_\sun-pdfimport.oxt\msvcm90.dll
2010-08-08 18:42 . 2009-11-06 11:24 -------- d-----w- c:\program files\OpenOffice.org 3
2010-07-27 17:44 . 2010-07-27 17:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 17:44 . 2010-07-27 17:44 75040 ----a-w- c:\windows\system32\jdns_sd.dll
2010-07-27 17:44 . 2010-07-27 17:44 197920 ----a-w- c:\windows\system32\dnssdX.dll
2010-07-27 17:44 . 2010-07-27 17:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-17 04:00 . 2010-05-17 12:09 423656 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-09 15:37 . 2010-07-09 15:37 1469544 ----a-w- c:\windows\system32\nvsvc.dll
2010-07-09 15:37 . 2010-07-09 15:37 13939816 ----a-w- c:\windows\system32\nvcpl.dll
2010-07-09 15:37 . 2010-07-09 15:37 129640 ----a-w- c:\windows\system32\nvvsvc.exe
2010-07-09 15:37 . 2010-07-09 15:37 110696 ----a-w- c:\windows\system32\nvmctray.dll
.
((((((((((((((((((((((((((((( SnapShot_2010-09-28_23.42.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-29 11:57 . 2010-08-26 05:15 13312 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.23061_none_842241d16004f2b8\iecompat.dll
+ 2010-09-29 11:57 . 2010-08-26 04:23 13312 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18969_none_83a0d11a46dfe78b\iecompat.dll
+ 2010-09-29 11:57 . 2010-06-22 13:26 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22429_none_17aad34f1fde10ac\tzupd.exe
+ 2010-02-24 17:50 . 2010-01-23 09:26 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18276_none_16e8242406ebb36b\tzupd.exe
+ 2010-09-29 11:57 . 2010-06-22 13:04 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22717_none_15cd30bf22b16ce9\tzupd.exe
+ 2010-02-24 17:50 . 2010-01-23 09:44 19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18497_none_14ed10c809d4b259\tzupd.exe
+ 2009-05-03 14:56 . 2010-09-29 11:50 68664 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-09-29 11:50 60312 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-05-03 14:40 . 2010-09-29 11:50 18804 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3891294070-290603237-754910137-1000_UserData.bin
+ 2006-11-02 13:02 . 2010-09-29 11:52 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2010-09-28 21:52 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-28 22:17 . 2010-09-29 11:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-28 22:17 . 2010-09-28 21:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2010-09-29 11:52 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2010-09-28 21:52 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-09 21:00 . 2010-09-29 11:59 16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2010-09-09 21:00 . 2010-09-27 13:16 16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2009-05-18 19:46 . 2010-09-28 21:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-18 19:46 . 2010-09-29 11:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-18 19:46 . 2010-09-28 21:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-18 19:46 . 2010-09-29 11:49 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-18 19:46 . 2010-09-29 11:49 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-18 19:46 . 2010-09-28 21:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-18 19:40 . 2010-09-28 21:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-18 19:40 . 2010-09-29 11:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-18 19:40 . 2010-09-29 11:48 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-18 19:40 . 2010-09-28 21:52 32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-18 19:40 . 2010-09-28 21:52 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-18 19:40 . 2010-09-29 11:48 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-04 19:35 . 2010-09-29 12:00 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-04 19:35 . 2010-09-09 21:01 49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-09-29 11:57 . 2010-06-22 13:26 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22429_none_17aad34f1fde10ac\tzres.dll
+ 2010-09-29 11:57 . 2010-06-22 13:30 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18276_none_16e8242406ebb36b\tzres.dll
+ 2010-09-29 11:57 . 2010-06-22 13:04 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22717_none_15cd30bf22b16ce9\tzres.dll
+ 2010-09-29 11:57 . 2010-06-22 12:57 2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18497_none_14ed10c809d4b259\tzres.dll
+ 2010-09-29 11:48 . 2010-09-29 11:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-28 21:52 . 2010-09-28 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-29 11:48 . 2010-09-29 11:48 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-28 21:52 . 2010-09-28 21:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-09-29 11:54 608760 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-28 21:58 608760 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-28 21:58 108268 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-09-29 11:54 108268 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:22 . 2010-09-29 11:55 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2010-09-18 08:51 6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-09-29 12:03 . 2010-09-29 12:03 6410240 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2010-09-29 11:58 . 2010-09-29 11:58 20303872 c:\windows\Installer\a26be.msp
+ 2009-05-31 17:07 . 2010-09-29 12:00 186205553 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-09 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-29 303104]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\oaui.exe" [2010-07-05 6854984]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-05 924488]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
R1 apprngr;AppRanger Scan Driver;c:\windows\system32\Drivers\apprngr.sys
R2 apprngr_svc;AppRanger Service;c:\program files\AppRanger\SWSvc.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 133104]
R2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [2010-07-05 3364680]
R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-02-21 151552]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2008-01-19 4608]
S0 npf;npf Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-07-05 236104]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-07-05 22600]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\OAcat.exe [2010-07-05 1283400]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-09-01 318520]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2010-07-05 29256]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 12:13]
2010-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 12:13]
2010-09-28 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]
2010-08-13 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]
2010-09-29 c:\windows\Tasks\User_Feed_Synchronization-{AAD29C0A-613E-42B8-9812-D1A798192E3F}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.voover.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.netRootkit scan 2010-09-29 13:17
Windows 6.0.6002 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-29 13:25:53
ComboFix-quarantined-files.txt 2010-09-29 12:25
ComboFix2.txt 2010-09-28 23:50
ComboFix3.txt 2010-09-26 14:35
ComboFix4.txt 2010-09-22 13:52
ComboFix5.txt 2010-09-29 12:02
Pre-Run: 59,893,477,376 bytes free
Post-Run: 59,291,213,824 bytes free
- - End Of File - - E9C012840EC9B2A6897E8CB2BF14911F
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:30:43, on 29/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\sttray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.google.co.uk/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.voover.com/R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =
http://uk.search.yahoo.com/search?fr=mcafee&p=%sR1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Emsisoft\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) -
http://download.eset.com/special/eos/OnlineScanner.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) -
http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppRanger Service (apprngr_svc) - Unknown owner - C:\Program Files\AppRanger\SWSvc.exe (file missing)
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\OAcat.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\oasrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
--
End of file - 8610 bytes