Author Topic: Lost access to router (Read 17686 times)

ronymaxwell · « **Reply #30 on:** September 28, 2010, 08:41:26 AM »

From your reply to Rootkit.Agent found in System32 Drivers' on this forum

Please read here for more information about WildTangent. Your choice if you want to remove it or not.

From the link:-

Fourth: There are also claims in the forums and by anti-spyware tool makers that the uninstaller does not remove everything
that was installed by WildTangent and that you still need to run the free remover tools to get everything. Also a classic
spyware tactic.

and...

There is also the increased chance that another piece of malware/spyware could be designed and injected into your machine
that will leverage or redirect the information gathered by their technology for more sinister purposes. Why would a
malicious code writer go to the trouble of writing their own relay software if they know that a large portion of home
systems may already contain the code he needs?

I may be getting paranoid here or have gotten completely the wrong impression from this article, but McAfee supplies a
removal tool which I had to download. This mysterious file or link or whatever it is, coupled with this information,
has me concerned.

SuperDave · « **Reply #31 on:** September 28, 2010, 01:35:03 PM »

Did you run the McAfee Removal tool?

ronymaxwell · « **Reply #32 on:** September 28, 2010, 03:28:01 PM »

Yes.

SuperDave · « **Reply #33 on:** September 28, 2010, 04:55:00 PM »

Let's try another scan.

Download ComboFix by sUBs from one of the below links. Be sure to save it to the Desktop.

link # 1
link #2

Close any open web browsers (Firefox, Internet Explorer, etc) before starting ComboFix.

Temporarily disable your anti-virus, and any anti-spyware real-time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.

Vista users Right-click combofix.exe and select Run as Administrator and follow the prompts. (you will receive a UAC prompt, please allow it)

Double-click combofix.exe and follow the prompts.
When finished, ComboFix will produce a log for you.
Post the ComboFix log and a new HijackThis log in your next reply.

NOTE: Do not mouseclick ComboFix's window while it is running. That may cause it to stall.

Remember to re-enable your anti-virus and anti-spyware protection when ComboFix is complete.

If you have problems with ComboFix usage, see How to use ComboFix

ronymaxwell · « **Reply #34 on:** September 28, 2010, 05:52:53 PM »

ComboFix 10-09-27.05 - Ron 29/09/2010 0:30.4.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1691 [GMT 1:00]
Running from: c:\users\Ron\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-28 )))))))))))))))))))))))))))))))
.

2010-09-28 23:42 . 2010-09-28 23:42   --------   d-----w-   c:\users\Ron\AppData\Local\temp
2010-09-28 23:42 . 2010-09-28 23:42   --------   d-----w-   c:\users\Public\AppData\Local\temp
2010-09-28 23:42 . 2010-09-28 23:42   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-09-28 22:17 . 2010-09-28 22:20   --------   d-----w-   c:\program files\SpywareBlaster
2010-09-28 22:11 . 2010-09-28 22:11   --------   d-----w-   c:\program files\WOT
2010-09-27 13:39 . 2010-09-27 13:39   --------   d-----w-   c:\program files\iPod
2010-09-27 13:39 . 2010-09-27 13:40   --------   d-----w-   c:\program files\iTunes
2010-09-27 13:37 . 2010-09-27 13:37   --------   d-----w-   c:\program files\QuickTime
2010-09-27 13:35 . 2010-09-27 13:35   --------   d-----w-   c:\program files\Apple Software Update
2010-09-27 13:02 . 2010-09-27 13:02   --------   d-----w-   c:\users\Ron\AppData\Local\Secunia PSI
2010-09-27 13:02 . 2010-09-27 13:02   --------   d-----w-   c:\program files\Secunia
2010-09-27 12:34 . 2010-09-28 22:13   --------   d-----w-   c:\users\Ron\AppData\Roaming\OnlineArmor
2010-09-27 12:34 . 2010-09-27 12:53   --------   d-----w-   c:\programdata\OnlineArmor
2010-09-27 12:33 . 2010-07-05 07:44   22600   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2010-09-27 12:33 . 2010-07-05 07:44   29256   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2010-09-27 12:33 . 2010-07-05 07:43   236104   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2010-09-27 12:33 . 2010-09-27 12:33   --------   d-----w-   c:\program files\Emsisoft
2010-09-26 19:23 . 2010-09-26 19:23   --------   d-----w-   c:\programdata\WindowsSearch
2010-09-26 19:08 . 2010-09-27 11:46   --------   d-----w-   c:\programdata\Comodo
2010-09-26 14:59 . 2010-09-26 14:59   --------   d-----w-   c:\programdata\NVIDIA Corporation
2010-09-24 01:51 . 2010-09-24 01:51   73000   ----a-w-   c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-09-22 14:02 . 2010-09-22 14:02   --------   d-----w-   c:\program files\ESET
2010-09-17 22:15 . 2010-09-17 22:15   388096   ----a-r-   c:\users\Ron\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-17 21:53 . 2010-09-17 21:53   --------   d-----w-   c:\users\Ron\AppData\Roaming\Malwarebytes
2010-09-17 21:53 . 2010-04-29 14:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 21:53 . 2010-09-17 21:53   --------   d-----w-   c:\programdata\Malwarebytes
2010-09-17 21:53 . 2010-09-17 21:53   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-09-17 21:53 . 2010-04-29 14:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-09-17 09:43 . 2010-09-17 21:42   63488   ----a-w-   c:\users\Ron\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-17 09:43 . 2010-09-17 09:43   52224   ----a-w-   c:\users\Ron\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-17 09:43 . 2010-09-17 21:42   117760   ----a-w-   c:\users\Ron\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-17 09:43 . 2010-09-17 09:43   --------   d-----w-   c:\users\Ron\AppData\Roaming\SUPERAntiSpyware.com
2010-09-17 09:43 . 2010-09-17 09:43   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-09-17 09:43 . 2010-09-17 21:40   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-09-17 09:30 . 2010-09-27 15:02   --------   d-----w-   c:\programdata\Yahoo! Companion
2010-09-17 09:30 . 2010-09-17 09:30   --------   d-----w-   c:\users\Ron\AppData\Roaming\Yahoo!
2010-09-17 09:30 . 2010-09-17 09:30   --------   d-----w-   c:\program files\Yahoo!
2010-09-17 09:29 . 2010-09-17 09:30   --------   d-----w-   c:\program files\CCleaner
2010-09-17 07:47 . 2010-04-16 16:46   502272   ----a-w-   c:\windows\system32\usp10.dll
2010-09-17 07:47 . 2010-08-17 14:11   128000   ----a-w-   c:\windows\system32\spoolsv.exe
2010-09-17 07:47 . 2010-04-05 17:02   317952   ----a-w-   c:\windows\system32\MP4SDECD.DLL
2010-09-17 07:47 . 2010-05-27 20:08   739328   ----a-w-   c:\windows\system32\inetcomm.dll
2010-09-09 21:00 . 2010-09-09 21:00   --------   d-sh--w-   c:\windows\system32\%APPDATA%
2010-09-06 11:17 . 2010-09-06 11:17   --------   d-----w-   c:\program files\Common Files\Java
2010-09-06 11:14 . 2010-09-06 11:16   10787840   ----a-w-   c:\users\Ron\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AcroProUpd710_all_cum.exe
2010-09-04 09:48 . 2010-09-04 09:49   --------   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-04 09:42 . 2010-09-04 09:42   --------   d-----w-   c:\program files\Bonjour
2010-09-01 08:30 . 2010-09-01 08:30   15544   ----a-w-   c:\windows\system32\drivers\psi_mf.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-28 23:23 . 2009-07-12 09:53   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2010-09-28 23:23 . 2009-07-12 09:53   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2010-09-28 23:00 . 2009-11-06 11:28   1   ----a-w-   c:\users\Ron\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\stamp.sys
2010-09-28 21:53 . 2010-06-24 06:29   36725   ----a-w-   c:\programdata\nvModes.dat
2010-09-28 21:50 . 2009-07-15 13:51   12   ----a-w-   c:\windows\bthservsdp.dat
2010-09-27 13:42 . 2009-11-13 18:53   --------   d-----w-   c:\users\Ron\AppData\Roaming\Apple Computer
2010-09-27 13:39 . 2009-11-13 18:45   --------   d-----w-   c:\program files\Common Files\Apple
2010-09-27 13:15 . 2009-07-06 10:58   --------   d-----w-   c:\program files\Java
2010-09-26 15:24 . 2009-05-31 18:09   --------   d-----w-   c:\programdata\NVIDIA
2010-09-26 15:00 . 2010-06-24 04:42   --------   d-----w-   c:\program files\NVIDIA Corporation
2010-09-22 13:10 . 2009-05-03 04:20   175808   ----a-w-   c:\users\Ron\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-22 13:10 . 2009-05-05 21:40   --------   d-----w-   c:\program files\Common Files\Adobe
2010-09-17 22:32 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-09-13 09:42 . 2009-05-17 18:30   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-08-27 14:15 . 2010-08-27 14:15   --------   d-----w-   c:\program files\Microsoft Security Essentials
2010-08-14 21:06 . 2009-07-19 15:39   300384   ----a-w-   c:\users\Ron\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-08-13 14:06 . 2010-08-13 06:10   --------   d-----w-   c:\program files\Common Files\ParetoLogic
2010-08-13 06:33 . 2010-08-13 06:33   --------   d-----w-   c:\users\Ron\AppData\Roaming\AdobeUM
2010-08-13 06:33 . 2010-08-13 06:33   --------   d-----w-   c:\program files\Common Files\Java(0)
2010-08-13 06:10 . 2010-08-13 06:10   --------   d-----w-   c:\programdata\FileCure
2010-08-08 18:48 . 2010-08-08 18:48   568832   ----a-w-   c:\users\Ron\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\4FE5.tmp_\sun-pdfimport.oxt\msvcp90.dll
2010-08-08 18:48 . 2010-08-08 18:48   686080   ----a-w-   c:\users\Ron\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\4FE5.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2010-08-08 18:48 . 2010-08-08 18:48   655872   ----a-w-   c:\users\Ron\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\4FE5.tmp_\sun-pdfimport.oxt\msvcr90.dll
2010-08-08 18:48 . 2010-08-08 18:48   583168   ----a-w-   c:\users\Ron\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\4FE5.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2010-08-08 18:48 . 2010-08-08 18:48   224768   ----a-w-   c:\users\Ron\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\4FE5.tmp_\sun-pdfimport.oxt\msvcm90.dll
2010-08-08 18:42 . 2009-11-06 11:24   --------   d-----w-   c:\program files\OpenOffice.org 3
2010-07-27 17:44 . 2010-07-27 17:44   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-07-27 17:44 . 2010-07-27 17:44   75040   ----a-w-   c:\windows\system32\jdns_sd.dll
2010-07-27 17:44 . 2010-07-27 17:44   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2010-07-27 17:44 . 2010-07-27 17:44   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-07-17 04:00 . 2010-05-17 12:09   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2010-07-09 15:37 . 2010-07-09 15:37   1469544   ----a-w-   c:\windows\system32\nvsvc.dll
2010-07-09 15:37 . 2010-07-09 15:37   13939816   ----a-w-   c:\windows\system32\nvcpl.dll
2010-07-09 15:37 . 2010-07-09 15:37   129640   ----a-w-   c:\windows\system32\nvvsvc.exe
2010-07-09 15:37 . 2010-07-09 15:37   110696   ----a-w-   c:\windows\system32\nvmctray.dll
.

((((((((((((((((((((((((((((( SnapShot@2010-09-19_20.49.29 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-22 09:00 . 2010-09-22 09:25   65536 c:\windows\tracing\RASPPTP.BIN
+ 2010-09-22 09:00 . 2010-09-22 09:25   65536 c:\windows\tracing\RASL2TP.BIN
+ 2010-09-22 09:00 . 2010-09-22 09:25   65536 c:\windows\tracing\IPSEC.BIN
+ 2009-05-03 14:56 . 2010-09-28 21:54   68536 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-09-28 21:54   60142 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-05-03 14:40 . 2010-09-28 21:54   18796 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3891294070-290603237-754910137-1000_UserData.bin
+ 2010-07-10 04:37 . 2010-07-10 04:37   56936 c:\windows\System32\OpenCL.dll
+ 2010-09-27 12:33 . 2010-07-05 07:44   29256 c:\windows\System32\DriverStore\FileRepository\oanet.inf_536b0972\OAnet.sys
+ 2010-07-10 04:37 . 2010-07-10 04:37   56936 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_a648eb91\OpenCL.dll
+ 2006-11-02 13:02 . 2010-09-28 21:52   32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2010-09-19 20:17   32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-27 13:15 . 2010-09-27 13:15   79488 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\jre1.6.0_20\gtapi.dll
+ 2010-09-28 22:17 . 2010-09-28 21:52   32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2010-09-28 21:52   16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2010-09-19 20:17   16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-09 21:00 . 2010-09-09 21:00   16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2010-09-09 21:00 . 2010-09-27 13:16   16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
+ 2009-05-18 19:46 . 2010-09-28 21:53   16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-18 19:46 . 2010-09-19 20:18   16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-18 19:46 . 2010-09-19 20:18   32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-18 19:46 . 2010-09-28 21:53   32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-18 19:46 . 2010-09-28 21:53   16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-18 19:46 . 2010-09-19 20:18   16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-18 19:40 . 2010-09-19 20:17   16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-18 19:40 . 2010-09-28 21:52   16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-12-14 10:04 . 2010-09-26 14:14   32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
- 2009-12-14 10:04 . 2010-09-17 17:06   32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5\index.dat
+ 2009-12-14 10:04 . 2010-09-26 14:14   16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
- 2009-12-14 10:04 . 2010-09-17 17:06   16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\History\History.IE5\index.dat
+ 2009-12-14 10:04 . 2010-09-26 14:14   16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
- 2009-12-14 10:04 . 2010-09-17 17:06   16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Temp\Cookies\index.dat
+ 2009-05-18 19:40 . 2010-09-28 21:52   32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-18 19:40 . 2010-09-19 20:17   32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-18 19:40 . 2010-09-19 20:17   16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-18 19:40 . 2010-09-28 21:52   16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-27 13:35 . 2010-09-27 13:35   27136 c:\windows\Installer\{C41300B9-185D-475E-BFEC-39EF732F19B1}\AppleSoftwareUpdateIco.exe
+ 2009-12-21 19:09 . 2009-12-21 19:09   16832 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\ViewerPS.dll
+ 2009-12-22 00:57 . 2009-12-22 00:57   35760 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\reader_sl.exe
+ 2009-12-21 19:02 . 2009-12-21 19:02   79280 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\PDFPrevHndlr.dll
+ 2009-12-21 22:21 . 2009-12-21 22:21   99776 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\eula.exe
+ 2009-12-11 14:57 . 2009-12-11 14:57   70584 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobeextractfiles.dll
+ 2009-12-21 22:37 . 2009-12-21 22:37   27048 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrotextextractor.exe
+ 2009-12-21 17:39 . 2009-12-21 17:39   15288 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32Info.exe
+ 2009-12-21 17:27 . 2009-12-21 17:27   75200 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acroiehelpershim.dll
+ 2009-12-21 17:27 . 2009-12-21 17:27   61888 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroIEHelper.dll
- 2006-11-02 10:25 . 2010-09-04 09:44   86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2010-09-27 12:34   86016 c:\windows\inf\infstor.dat
+ 2006-11-02 10:25 . 2010-09-27 12:34   51200 c:\windows\inf\infpub.dat
- 2006-11-02 10:25 . 2010-09-04 09:44   51200 c:\windows\inf\infpub.dat
+ 2010-09-28 21:52 . 2010-09-28 21:52   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-19 20:17 . 2010-09-19 20:17   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-28 21:52 . 2010-09-28 21:52   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-19 20:17 . 2010-09-19 20:17   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-22 09:00 . 2010-09-22 09:25   131072 c:\windows\tracing\RASSSTP.BIN
+ 2006-11-02 10:33 . 2010-09-28 21:58   608760 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-19 20:23   608760 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-19 20:23   108268 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-09-28 21:58   108268 c:\windows\System32\perfc009.dat
+ 2009-05-31 17:14 . 2010-07-10 04:37   604776 c:\windows\System32\nvuninst.exe
+ 2008-09-17 22:55 . 2010-07-10 04:37   604776 c:\windows\System32\nvudisp.exe
+ 2010-07-10 04:37 . 2010-07-10 04:37   236136 c:\windows\System32\nvcod1922.dll
+ 2010-07-10 04:37 . 2010-07-10 04:37   236136 c:\windows\System32\nvcod.dll
+ 2010-09-27 13:12 . 2010-09-27 13:12   232912 c:\windows\System32\Macromed\Flash\FlashUtil10k_Plugin.exe
+ 2010-09-27 13:18 . 2010-09-27 13:18   232912 c:\windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.exe
+ 2010-09-27 13:18 . 2010-09-27 13:18   311760 c:\windows\System32\Macromed\Flash\FlashUtil10k_ActiveX.dll
- 2010-09-06 11:17 . 2010-07-17 04:00   153376 c:\windows\System32\javaws.exe
+ 2010-09-27 13:15 . 2010-07-17 04:00   153376 c:\windows\System32\javaws.exe
- 2010-09-06 11:17 . 2010-07-17 04:00   145184 c:\windows\System32\javaw.exe
+ 2010-09-27 13:15 . 2010-07-17 04:00   145184 c:\windows\System32\javaw.exe
+ 2010-09-27 13:15 . 2010-07-17 04:00   145184 c:\windows\System32\java.exe
- 2010-09-06 11:17 . 2010-07-17 04:00   145184 c:\windows\System32\java.exe
+ 2006-11-02 12:47 . 2010-09-22 13:08   546176 c:\windows\System32\FNTCACHE.DAT
+ 2010-07-10 04:37 . 2010-07-10 04:37   604776 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_a648eb91\nvudisp.exe
+ 2010-07-10 04:37 . 2010-07-10 04:37   261268 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_a648eb91\nvdrsdb.bin
+ 2010-07-10 04:37 . 2010-07-10 04:37   236136 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_a648eb91\nvcod.dll
+ 2010-07-10 04:37 . 2010-07-10 04:37   795104 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_a648eb91\dpinst.exe
+ 2010-07-10 04:37 . 2010-07-10 04:37   156264 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_a648eb91\dbInstaller.exe
+ 2009-05-17 18:41 . 2010-09-28 14:24   294912 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-05-17 18:41 . 2010-09-17 21:47   294912 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-09-27 13:15 . 2010-09-27 13:15   152576 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\jre1.6.0_20\lzma.dll
+ 2010-09-27 13:15 . 2010-09-27 13:15   581120 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\jre1.6.0_20\jre1.6.0_20.msi
+ 2010-09-27 13:16 . 2010-09-27 13:16   183808 c:\windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\AU\au.msi
+ 2010-09-19 21:26 . 2010-09-19 21:26   802304 c:\windows\Installer\3e650b.msi
+ 2010-09-27 13:15 . 2010-09-27 13:15   577536 c:\windows\Installer\17f3ac.msi
+ 2010-09-28 22:11 . 2010-09-28 22:11   279552 c:\windows\Installer\11c055.msi
+ 2010-09-19 21:26 . 2010-09-19 21:26   295606 c:\windows\Installer\{AC76BA86-7AD7-5464-3428-900000000004}\ARPPRODUCTICON.exe
+ 2010-09-27 13:41 . 2010-09-27 13:41   380928 c:\windows\Installer\{2CE5A2E7-3437-4CE7-BCF4-85ED6EEFF9E4}\iTunesIco.exe
+ 2008-04-10 08:20 . 2008-04-10 08:20   638976 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA746454382090000000040\9.0.0\AdobeLinguistic.dll
+ 2009-12-11 14:57 . 2009-12-11 14:57   326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\readerupdater.exe
+ 2009-12-21 17:35 . 2009-12-21 17:35   378264 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\pdfshell.dll
+ 2009-12-21 17:34 . 2009-12-21 17:34   103864 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\nppdf32.dll
+ 2009-11-09 18:18 . 2009-11-09 18:18   684032 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\JP2KLib.dll
+ 2009-12-21 19:02 . 2009-12-21 19:02   542168 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AdobeCollabSync.exe
+ 2009-12-11 14:57 . 2009-12-11 14:57   948672 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\adobearm.exe
+ 2009-12-21 17:43 . 2009-12-21 17:43   120240 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRdIF.dll
+ 2009-12-22 00:57 . 2009-12-22 00:57   349616 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.exe
+ 2009-12-21 17:15 . 2009-12-21 17:15   660912 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroPDF.dll
+ 2009-12-21 18:32 . 2009-12-21 18:32   280024 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobroker.exe
+ 2009-12-11 14:57 . 2009-12-11 14:57   326056 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\acrobatupdater.exe
+ 2009-12-21 18:15 . 2009-12-21 18:15   251296 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\a3dutility.exe
+ 2006-11-02 10:25 . 2010-09-27 12:34   143360 c:\windows\inf\infstrng.dat
- 2006-11-02 10:25 . 2010-09-04 09:44   143360 c:\windows\inf\infstrng.dat
+ 2008-09-17 22:55 . 2010-07-10 04:37   9818728 c:\windows\System32\nvd3dum.dll
+ 2010-07-10 04:37 . 2010-07-10 04:37   2892904 c:\windows\System32\nvcuvid.dll
+ 2010-07-10 04:37 . 2010-07-10 04:37   2506344 c:\windows\System32\nvcuvenc.dll
+ 2010-07-10 04:37 . 2010-07-10 04:37   4553832 c:\windows\System32\nvcuda.dll
+ 2008-09-17 22:55 . 2010-07-10 04:37   1625192 c:\windows\System32\nvapi.dll
+ 2009-02-03 02:15 . 2010-09-27 13:12   5969360 c:\windows\System32\Macromed\Flash\NPSWF32.dll
+ 2010-07-10 04:37 . 2010-07-10 04:37   9818728 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_a648eb91\nvd3dum.dll
+ 2010-07-10 04:37 . 2010-07-10 04:37   2892904 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_a648eb91\nvcuvid.dll
+ 2010-07-10 04:37 . 2010-07-10 04:37   2506344 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_a648eb91\nvcuvenc.dll
+ 2010-07-10 04:37 . 2010-07-10 04:37   4553832 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_a648eb91\nvcuda.dll
+ 2010-07-10 04:37 . 2010-07-10 04:37   1625192 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_a648eb91\nvapi.dll
+ 2010-09-27 13:41 . 2010-09-27 13:41   6333440 c:\windows\Installer\29a52d.msi
+ 2010-09-27 13:37 . 2010-09-27 13:37   9472000 c:\windows\Installer\299c8c.msi
+ 2010-09-27 13:35 . 2010-09-27 13:35   1554944 c:\windows\Installer\2999d8.msi
+ 2010-06-20 08:01 . 2010-06-20 08:01   8040960 c:\windows\Installer\13fca.msp
+ 2010-09-22 08:34 . 2010-09-22 08:34   3940352 c:\windows\Installer\13ed7.msi
+ 2009-12-21 17:29 . 2009-12-21 17:29   2409880 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\rt3d.dll
+ 2009-10-27 19:34 . 2009-10-27 19:34   5009408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\authplay.dll
+ 2009-12-21 22:31 . 2009-12-21 22:31   5713920 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AGM.dll
+ 2010-07-10 04:37 . 2010-07-10 04:37   14092904 c:\windows\System32\nvoglv32.dll
+ 2010-07-10 04:37 . 2010-07-10 04:37   10267240 c:\windows\System32\nvcompiler.dll
+ 2010-07-10 04:37 . 2010-07-10 04:37   14092904 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_a648eb91\nvoglv32.dll
+ 2010-07-10 04:37 . 2010-07-10 04:37   11008040 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_a648eb91\nvlddmkm.sys
+ 2010-07-10 04:37 . 2010-07-10 04:37   50354424 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_a648eb91\NvCplSetupInt.exe
+ 2010-07-10 04:37 . 2010-07-10 04:37   10267240 c:\windows\System32\DriverStore\FileRepository\nv_disp.inf_a648eb91\nvcompiler.dll
+ 2010-07-10 04:37 . 2010-07-10 04:37   11008040 c:\windows\System32\drivers\nvlddmkm.sys
+ 2010-04-04 06:54 . 2010-04-04 06:54   11850240 c:\windows\Installer\13fcb.msp
+ 2010-08-13 18:09 . 2010-08-13 18:09   12263936 c:\windows\Installer\13fc9.msp
+ 2009-12-21 22:21 . 2009-12-21 22:21   20436408 c:\windows\Installer\$PatchCache$\Managed\68AB67CA7DA73301B7449A0300000010\9.3.0\AcroRd32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-09 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-29 303104]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\oaui.exe" [2010-07-05 6854984]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-05 924488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 apprngr;AppRanger Scan Driver;c:\windows\system32\Drivers\apprngr.sys

R2 apprngr_svc;AppRanger Service;c:\program files\AppRanger\SWSvc.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 133104]
R2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [2010-07-05 3364680]
R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-02-21 151552]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2008-01-19 4608]
S0 npf;npf Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-07-05 236104]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-07-05 22600]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\OAcat.exe [2010-07-05 1283400]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-09-01 318520]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2010-07-05 29256]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 12:13]

2010-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 12:13]

2010-09-28 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]

2010-08-13 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]

2010-09-28 c:\windows\Tasks\User_Feed_Synchronization-{AAD29C0A-613E-42B8-9812-D1A798192E3F}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.voover.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HostManager - c:\program files\Common Files\AOL\1247602731\ee\AOLSoftware.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-29 00:42
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-29 00:50:17
ComboFix-quarantined-files.txt 2010-09-28 23:50
ComboFix2.txt 2010-09-26 14:35
ComboFix3.txt 2010-09-22 13:52
ComboFix4.txt 2010-09-19 20:56
ComboFix5.txt 2010-09-28 23:26

Pre-Run: 58,355,978,240 bytes free
Post-Run: 58,314,850,304 bytes free

- - End Of File - - 0F8EC5D396A3C767211116E26047E049

HJT log to follow.

ronymaxwell · « **Reply #35 on:** September 28, 2010, 06:00:31 PM »

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:59:45, on 29/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\sttray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.voover.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Emsisoft\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppRanger Service (apprngr_svc) - Unknown owner - C:\Program Files\AppRanger\SWSvc.exe (file missing)
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\OAcat.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\oasrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8610 bytes

ronymaxwell · « **Reply #36 on:** September 29, 2010, 06:34:15 AM »

Latest Logs

ComboFix 10-09-28.03 - Ron 29/09/2010 13:06:37.5.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.3069.1639 [GMT 1:00]
Running from: c:\users\Ron\Desktop\ComboFix.exe
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((( Files Created from 2010-08-28 to 2010-09-29 )))))))))))))))))))))))))))))))
.

2010-09-29 12:17 . 2010-09-29 12:17   --------   d-----w-   c:\users\Ron\AppData\Local\temp
2010-09-29 12:17 . 2010-09-29 12:17   --------   d-----w-   c:\users\Public\AppData\Local\temp
2010-09-29 12:17 . 2010-09-29 12:17   --------   d-----w-   c:\users\Default\AppData\Local\temp
2010-09-29 12:02 . 2010-09-29 12:02   --------   d-----w-   C:\32788R22FWJFW
2010-09-29 11:57 . 2010-06-22 13:30   2048   ----a-w-   c:\windows\system32\tzres.dll
2010-09-28 22:17 . 2010-09-28 22:20   --------   d-----w-   c:\program files\SpywareBlaster
2010-09-28 22:11 . 2010-09-28 22:11   --------   d-----w-   c:\program files\WOT
2010-09-27 13:39 . 2010-09-27 13:39   --------   d-----w-   c:\program files\iPod
2010-09-27 13:39 . 2010-09-27 13:40   --------   d-----w-   c:\program files\iTunes
2010-09-27 13:37 . 2010-09-27 13:37   --------   d-----w-   c:\program files\QuickTime
2010-09-27 13:35 . 2010-09-27 13:35   --------   d-----w-   c:\program files\Apple Software Update
2010-09-27 13:02 . 2010-09-27 13:02   --------   d-----w-   c:\users\Ron\AppData\Local\Secunia PSI
2010-09-27 13:02 . 2010-09-27 13:02   --------   d-----w-   c:\program files\Secunia
2010-09-27 12:34 . 2010-09-28 22:13   --------   d-----w-   c:\users\Ron\AppData\Roaming\OnlineArmor
2010-09-27 12:34 . 2010-09-27 12:53   --------   d-----w-   c:\programdata\OnlineArmor
2010-09-27 12:33 . 2010-07-05 07:44   22600   ----a-w-   c:\windows\system32\drivers\OAmon.sys
2010-09-27 12:33 . 2010-07-05 07:44   29256   ----a-w-   c:\windows\system32\drivers\OAnet.sys
2010-09-27 12:33 . 2010-07-05 07:43   236104   ----a-w-   c:\windows\system32\drivers\OADriver.sys
2010-09-27 12:33 . 2010-09-27 12:33   --------   d-----w-   c:\program files\Emsisoft
2010-09-26 19:23 . 2010-09-26 19:23   --------   d-----w-   c:\programdata\WindowsSearch
2010-09-26 19:08 . 2010-09-27 11:46   --------   d-----w-   c:\programdata\Comodo
2010-09-26 14:59 . 2010-09-26 14:59   --------   d-----w-   c:\programdata\NVIDIA Corporation
2010-09-22 14:02 . 2010-09-22 14:02   --------   d-----w-   c:\program files\ESET
2010-09-17 21:53 . 2010-09-17 21:53   --------   d-----w-   c:\users\Ron\AppData\Roaming\Malwarebytes
2010-09-17 21:53 . 2010-04-29 14:39   38224   ----a-w-   c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-17 21:53 . 2010-09-17 21:53   --------   d-----w-   c:\programdata\Malwarebytes
2010-09-17 21:53 . 2010-09-17 21:53   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
2010-09-17 21:53 . 2010-04-29 14:39   20952   ----a-w-   c:\windows\system32\drivers\mbam.sys
2010-09-17 09:43 . 2010-09-17 09:43   --------   d-----w-   c:\users\Ron\AppData\Roaming\SUPERAntiSpyware.com
2010-09-17 09:43 . 2010-09-17 09:43   --------   d-----w-   c:\programdata\SUPERAntiSpyware.com
2010-09-17 09:43 . 2010-09-17 21:40   --------   d-----w-   c:\program files\SUPERAntiSpyware
2010-09-17 09:30 . 2010-09-27 15:02   --------   d-----w-   c:\programdata\Yahoo! Companion
2010-09-17 09:30 . 2010-09-17 09:30   --------   d-----w-   c:\users\Ron\AppData\Roaming\Yahoo!
2010-09-17 09:30 . 2010-09-17 09:30   --------   d-----w-   c:\program files\Yahoo!
2010-09-17 09:29 . 2010-09-17 09:30   --------   d-----w-   c:\program files\CCleaner
2010-09-17 07:47 . 2010-04-16 16:46   502272   ----a-w-   c:\windows\system32\usp10.dll
2010-09-17 07:47 . 2010-08-17 14:11   128000   ----a-w-   c:\windows\system32\spoolsv.exe
2010-09-17 07:47 . 2010-04-05 17:02   317952   ----a-w-   c:\windows\system32\MP4SDECD.DLL
2010-09-17 07:47 . 2010-05-27 20:08   739328   ----a-w-   c:\windows\system32\inetcomm.dll
2010-09-09 21:00 . 2010-09-09 21:00   --------   d-sh--w-   c:\windows\system32\%APPDATA%
2010-09-06 11:17 . 2010-09-06 11:17   --------   d-----w-   c:\program files\Common Files\Java
2010-09-04 09:48 . 2010-09-04 09:49   --------   d-----w-   c:\programdata\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
2010-09-04 09:42 . 2010-09-04 09:42   --------   d-----w-   c:\program files\Bonjour
2010-09-01 08:30 . 2010-09-01 08:30   15544   ----a-w-   c:\windows\system32\drivers\psi_mf.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-29 11:59 . 2009-05-17 18:30   --------   d-----w-   c:\program files\Microsoft Silverlight
2010-09-29 11:49 . 2010-06-24 06:29   36725   ----a-w-   c:\programdata\nvModes.dat
2010-09-29 11:47 . 2009-07-12 09:53   --------   d-----w-   c:\program files\Spybot - Search & Destroy
2010-09-29 00:11 . 2009-07-15 13:51   12   ----a-w-   c:\windows\bthservsdp.dat
2010-09-28 23:53 . 2010-09-28 23:53   388096   ----a-r-   c:\users\Ron\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-09-28 23:23 . 2009-07-12 09:53   --------   d-----w-   c:\programdata\Spybot - Search & Destroy
2010-09-28 10:30 . 2010-09-28 10:30   2023824   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4E298DB-ECDF-46E5-8671-41B2BE418959}\mpavdlta.vdm
2010-09-28 10:30 . 2010-09-28 10:30   365968   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4E298DB-ECDF-46E5-8671-41B2BE418959}\mpasdlta.vdm
2010-09-27 13:42 . 2009-11-13 18:53   --------   d-----w-   c:\users\Ron\AppData\Roaming\Apple Computer
2010-09-27 13:39 . 2009-11-13 18:45   --------   d-----w-   c:\program files\Common Files\Apple
2010-09-27 13:15 . 2009-07-06 10:58   --------   d-----w-   c:\program files\Java
2010-09-27 12:59 . 2010-08-29 15:49   1987984   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavdlta.vdm
2010-09-27 12:59 . 2010-08-29 15:49   349584   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasdlta.vdm
2010-09-26 15:24 . 2009-05-31 18:09   --------   d-----w-   c:\programdata\NVIDIA
2010-09-26 15:00 . 2010-06-24 04:42   --------   d-----w-   c:\program files\NVIDIA Corporation
2010-09-24 01:51 . 2010-09-24 01:51   73000   ----a-w-   c:\programdata\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-09-22 13:13 . 2010-09-22 13:13   12575488   ----a-w-   c:\users\Ron\AppData\Roaming\Adobe\AIR\Updater\Background\1.0\updater
2010-09-22 13:10 . 2009-05-03 04:20   175808   ----a-w-   c:\users\Ron\AppData\Local\GDIPFONTCACHEV1.DAT
2010-09-22 13:10 . 2009-05-05 21:40   --------   d-----w-   c:\program files\Common Files\Adobe
2010-09-17 22:32 . 2006-11-02 11:18   --------   d-----w-   c:\program files\Windows Mail
2010-09-17 21:42 . 2010-09-17 09:43   63488   ----a-w-   c:\users\Ron\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
2010-09-17 21:42 . 2010-09-17 09:43   117760   ----a-w-   c:\users\Ron\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2010-09-17 09:43 . 2010-09-17 09:43   52224   ----a-w-   c:\users\Ron\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
2010-09-17 07:50 . 2010-09-28 10:30   41722256   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4E298DB-ECDF-46E5-8671-41B2BE418959}\mpavbase.vdm
2010-09-17 07:50 . 2010-08-29 15:49   41722256   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpavbase.vdm
2010-09-17 07:50 . 2010-09-28 10:30   12300688   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C4E298DB-ECDF-46E5-8671-41B2BE418959}\mpasbase.vdm
2010-09-17 07:50 . 2010-08-29 15:49   12300688   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpasbase.vdm
2010-09-10 22:41 . 2010-09-10 22:41   109512   ----a-w-   c:\programdata\Comodo\Installer\cmddns.tmp
2010-09-06 11:16 . 2010-09-06 11:14   10787840   ----a-w-   c:\users\Ron\AppData\Roaming\Adobe\Acrobat\7.0\Updater\AcroProUpd710_all_cum.exe
2010-08-28 12:39 . 2010-08-28 12:39   63520   ----a-w-   c:\programdata\Comodo\Installer\crtman.tmp
2010-08-27 14:15 . 2010-08-27 14:15   --------   d-----w-   c:\program files\Microsoft Security Essentials
2010-08-26 18:20 . 2010-08-27 14:11   366992   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B226FB6-3024-4D43-9F12-F9F3CD893053}\mpasdlta.vdm
2010-08-19 09:25 . 2010-08-27 14:11   12120464   ----a-w-   c:\programdata\Microsoft\Windows Defender\Definition Updates\{8B226FB6-3024-4D43-9F12-F9F3CD893053}\mpasbase.vdm
2010-08-14 21:06 . 2009-07-19 15:39   300384   ----a-w-   c:\users\Ron\AppData\Roaming\McAfee\Supportability\MVTLogs\Results\detect.dll
2010-08-13 14:06 . 2010-08-13 06:10   --------   d-----w-   c:\program files\Common Files\ParetoLogic
2010-08-13 06:33 . 2010-08-13 06:33   --------   d-----w-   c:\users\Ron\AppData\Roaming\AdobeUM
2010-08-13 06:33 . 2010-08-13 06:33   --------   d-----w-   c:\program files\Common Files\Java(0)
2010-08-13 06:10 . 2010-08-13 06:10   --------   d-----w-   c:\programdata\FileCure
2010-08-08 18:48 . 2010-08-08 18:48   568832   ----a-w-   c:\users\Ron\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\4FE5.tmp_\sun-pdfimport.oxt\msvcp90.dll
2010-08-08 18:48 . 2010-08-08 18:48   686080   ----a-w-   c:\users\Ron\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\4FE5.tmp_\sun-pdfimport.oxt\pdfimport.uno.dll
2010-08-08 18:48 . 2010-08-08 18:48   655872   ----a-w-   c:\users\Ron\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\4FE5.tmp_\sun-pdfimport.oxt\msvcr90.dll
2010-08-08 18:48 . 2010-08-08 18:48   583168   ----a-w-   c:\users\Ron\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\4FE5.tmp_\sun-pdfimport.oxt\xpdfimport.exe
2010-08-08 18:48 . 2010-08-08 18:48   224768   ----a-w-   c:\users\Ron\AppData\Roaming\OpenOffice.org\3\user\uno_packages\cache\uno_packages\4FE5.tmp_\sun-pdfimport.oxt\msvcm90.dll
2010-08-08 18:42 . 2009-11-06 11:24   --------   d-----w-   c:\program files\OpenOffice.org 3
2010-07-27 17:44 . 2010-07-27 17:44   91424   ----a-w-   c:\windows\system32\dnssd.dll
2010-07-27 17:44 . 2010-07-27 17:44   75040   ----a-w-   c:\windows\system32\jdns_sd.dll
2010-07-27 17:44 . 2010-07-27 17:44   197920   ----a-w-   c:\windows\system32\dnssdX.dll
2010-07-27 17:44 . 2010-07-27 17:44   107808   ----a-w-   c:\windows\system32\dns-sd.exe
2010-07-17 04:00 . 2010-05-17 12:09   423656   ----a-w-   c:\windows\system32\deployJava1.dll
2010-07-09 15:37 . 2010-07-09 15:37   1469544   ----a-w-   c:\windows\system32\nvsvc.dll
2010-07-09 15:37 . 2010-07-09 15:37   13939816   ----a-w-   c:\windows\system32\nvcpl.dll
2010-07-09 15:37 . 2010-07-09 15:37   129640   ----a-w-   c:\windows\system32\nvvsvc.exe
2010-07-09 15:37 . 2010-07-09 15:37   110696   ----a-w-   c:\windows\system32\nvmctray.dll
.

((((((((((((((((((((((((((((( SnapShot_2010-09-28_23.42.52 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-29 11:57 . 2010-08-26 05:15   13312 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.23061_none_842241d16004f2b8\iecompat.dll
+ 2010-09-29 11:57 . 2010-08-26 04:23   13312 c:\windows\winsxs\x86_microsoft-windows-ie-iecompat_31bf3856ad364e35_8.0.6001.18969_none_83a0d11a46dfe78b\iecompat.dll
+ 2010-09-29 11:57 . 2010-06-22 13:26   19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22429_none_17aad34f1fde10ac\tzupd.exe
+ 2010-02-24 17:50 . 2010-01-23 09:26   19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18276_none_16e8242406ebb36b\tzupd.exe
+ 2010-09-29 11:57 . 2010-06-22 13:04   19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22717_none_15cd30bf22b16ce9\tzupd.exe
+ 2010-02-24 17:50 . 2010-01-23 09:44   19456 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18497_none_14ed10c809d4b259\tzupd.exe
+ 2009-05-03 14:56 . 2010-09-29 11:50   68664 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2006-11-02 13:05 . 2010-09-29 11:50   60312 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2009-05-03 14:40 . 2010-09-29 11:50   18804 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3891294070-290603237-754910137-1000_UserData.bin
+ 2006-11-02 13:02 . 2010-09-29 11:52   32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2006-11-02 13:02 . 2010-09-28 21:52   32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-28 22:17 . 2010-09-29 11:52   32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-28 22:17 . 2010-09-28 21:52   32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2006-11-02 13:02 . 2010-09-29 11:52   16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2006-11-02 13:02 . 2010-09-28 21:52   16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-09 21:00 . 2010-09-29 11:59   16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2010-09-09 21:00 . 2010-09-27 13:16   16384 c:\windows\System32\%APPDATA%\Microsoft\Windows\IETldCache\index.dat
- 2009-05-18 19:46 . 2010-09-28 21:53   16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-18 19:46 . 2010-09-29 11:49   16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-05-18 19:46 . 2010-09-28 21:53   32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-18 19:46 . 2010-09-29 11:49   32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-05-18 19:46 . 2010-09-29 11:49   16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-18 19:46 . 2010-09-28 21:53   16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-05-18 19:40 . 2010-09-28 21:52   16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-18 19:40 . 2010-09-29 11:48   16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-05-18 19:40 . 2010-09-29 11:48   32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-18 19:40 . 2010-09-28 21:52   32768 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-05-18 19:40 . 2010-09-28 21:52   16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-05-18 19:40 . 2010-09-29 11:48   16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-06-04 19:35 . 2010-09-29 12:00   49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
- 2010-06-04 19:35 . 2010-09-09 21:01   49152 c:\windows\Installer\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}\ConfigIcon.dll
+ 2010-09-29 11:57 . 2010-06-22 13:26   2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.22429_none_17aad34f1fde10ac\tzres.dll
+ 2010-09-29 11:57 . 2010-06-22 13:30   2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6002.18276_none_16e8242406ebb36b\tzres.dll
+ 2010-09-29 11:57 . 2010-06-22 13:04   2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.22717_none_15cd30bf22b16ce9\tzres.dll
+ 2010-09-29 11:57 . 2010-06-22 12:57   2048 c:\windows\winsxs\x86_microsoft-windows-i..rnational-timezones_31bf3856ad364e35_6.0.6001.18497_none_14ed10c809d4b259\tzres.dll
+ 2010-09-29 11:48 . 2010-09-29 11:48   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-09-28 21:52 . 2010-09-28 21:52   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2010-09-29 11:48 . 2010-09-29 11:48   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2010-09-28 21:52 . 2010-09-28 21:52   2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2006-11-02 10:33 . 2010-09-29 11:54   608760 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-28 21:58   608760 c:\windows\System32\perfh009.dat
- 2006-11-02 10:33 . 2010-09-28 21:58   108268 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:33 . 2010-09-29 11:54   108268 c:\windows\System32\perfc009.dat
+ 2006-11-02 10:22 . 2010-09-29 11:55   6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2006-11-02 10:22 . 2010-09-18 08:51   6553600 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2010-09-29 12:03 . 2010-09-29 12:03   6410240 c:\windows\ERDNT\Hiv-backup\schema.dat
+ 2010-09-29 11:58 . 2010-09-29 11:58   20303872 c:\windows\Installer\a26be.msp
+ 2009-05-31 17:07 . 2010-09-29 12:00   186205553 c:\windows\winsxs\ManifestCache\6.0.6002.18005_001c11ba_blobs.bin
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-09 39408]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-19 1008184]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SigmatelSysTrayApp"="sttray.exe" [2007-03-29 303104]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2010-06-01 1093208]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"@OnlineArmor GUI"="c:\program files\Emsisoft\Online Armor\oaui.exe" [2010-07-05 6854984]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{4F07DA45-8170-4859-9B5F-037EF2970034}"= "c:\progra~1\Emsisoft\ONLINE~1\oaevent.dll" [2010-07-05 924488]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

R1 apprngr;AppRanger Scan Driver;c:\windows\system32\Drivers\apprngr.sys

R2 apprngr_svc;AppRanger Service;c:\program files\AppRanger\SWSvc.exe

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 133104]
R2 SvcOnlineArmor;Online Armor;c:\program files\Emsisoft\Online Armor\oasrv.exe [2010-07-05 3364680]
R3 bepldr;BCL easyPDF SDK 5 Loader;c:\program files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe [2007-02-21 151552]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 amacpi;Microsoft Away Mode System;c:\windows\system32\DRIVERS\null.sys [2008-01-19 4608]
S0 npf;npf Driver;c:\windows\system32\drivers\npf.sys [2007-11-06 34064]
S1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2010-07-05 236104]
S1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2010-07-05 22600]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [2010-02-17 12872]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2010-05-10 67656]
S2 OAcat;Online Armor Helper Service;c:\program files\Emsisoft\Online Armor\OAcat.exe [2010-07-05 1283400]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2010-09-01 318520]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
S3 OAnet;OnlineArmor Service;c:\windows\system32\DRIVERS\oanet.sys [2010-07-05 29256]
S3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2010-09-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 12:13]

2010-09-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-10-11 12:13]

2010-09-28 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2009-08-04 18:19]

2010-08-13 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2009-08-04 18:19]

2010-09-29 c:\windows\Tasks\User_Feed_Synchronization-{AAD29C0A-613E-42B8-9812-D1A798192E3F}.job
- c:\windows\system32\msfeedssync.exe [2010-08-11 04:24]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
mStart Page = hxxp://www.voover.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://uk.search.yahoo.com/search?fr=mcafee&p=%s
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-29 13:17
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2010-09-29 13:25:53
ComboFix-quarantined-files.txt 2010-09-29 12:25
ComboFix2.txt 2010-09-28 23:50
ComboFix3.txt 2010-09-26 14:35
ComboFix4.txt 2010-09-22 13:52
ComboFix5.txt 2010-09-29 12:02

Pre-Run: 59,893,477,376 bytes free
Post-Run: 59,291,213,824 bytes free

- - End Of File - - E9C012840EC9B2A6897E8CB2BF14911F

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:30:43, on 29/09/2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\sttray.exe
C:\Program Files\Microsoft Security Essentials\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\Explorer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\sniper.exe.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.voover.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://uk.search.yahoo.com/search?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: WOT Helper - {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - C:\Program Files\WOT\WOT.dll
O2 - BHO: MSN Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll
O3 - Toolbar: MSN Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1203.0\msneshellx.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] sttray.exe
O4 - HKLM\..\Run: [MSSE] "C:\Program Files\Microsoft Security Essentials\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [@OnlineArmor GUI] "C:\Program Files\Emsisoft\Online Armor\oaui.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AppRanger Service (apprngr_svc) - Unknown owner - C:\Program Files\AppRanger\SWSvc.exe (file missing)
O23 - Service: BCL easyPDF SDK 5 Loader (bepldr) - Unknown owner - C:\Program Files\Common Files\BCL Technologies\easyPDF 5\bepldr.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\OAcat.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Program Files\SigmaTel\C-Major Audio\WDM\STacSV.exe
O23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - C:\Program Files\Emsisoft\Online Armor\oasrv.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 8610 bytes

ronymaxwell · « **Reply #37 on:** September 29, 2010, 12:06:53 PM »

Just to keep you up to date, SuperDave, I deleted the back up folder that contained the 'RECYCLE' folder I couldn't find. I had to change a number of permissions and ownerships to do so (temporarily switched UAC off). During this process a message came up 'Are you sure you want to delete RECYCLE...
I scanned with Secunia again and obtained 100%.

SuperDave · « **Reply #38 on:** September 29, 2010, 01:17:03 PM »

All the logs look ok. Just run this to get rid of the latest version of ComboFix and to set a new restore date.

* Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.
* Now type Combofix /uninstall in the runbox
* Make sure there's a space between Combofix and /Uninstall
* Then hit Enter

* The above procedure will:
* Delete the following:
* ComboFix and its associated files and folders.
* Reset the clock settings.
* Hide file extensions, if required.
* Hide System/Hidden files, if required.
* Set a new, clean Restore Point.

ronymaxwell · « **Reply #39 on:** September 29, 2010, 03:18:50 PM »

ComboFix uninstalled. Incidentally, I failed to do that before because I misunderstood your instruction. [quote * Click START then RUN - Vista users press the Windows Key and the R keys for the Run box.[/quote]
You might consider changing it to 'Vista users press the Windows Key and the R keys together for the Run box'.

Anyway, thanks SuperDave for your considerable help. I'm impressed with your skill and knowledge. This is an excellent site.

SuperDave · « **Reply #40 on:** September 29, 2010, 07:26:40 PM »

Thanks for the advice. I'll have to update my canned speeches one day when I'm not so busy. Tell your friends about this site.

Computer Hope Forum

News:

Author Topic: Lost access to router (Read 17686 times)

ronymaxwell

Re: Lost access to router

SuperDave

Re: Lost access to router

ronymaxwell

Re: Lost access to router

SuperDave

Re: Lost access to router

ronymaxwell

Re: Lost access to router

ronymaxwell

Re: Lost access to router

ronymaxwell

Re: Lost access to router

ronymaxwell

Re: Lost access to router

SuperDave

Re: Lost access to router

ronymaxwell

Re: Lost access to router

SuperDave

Re: Lost access to router