Jump to content

Alanmads

Honorary Members
 View Profile  See their activity

  • Posts

    27

  • Joined

  • Last visited

Reputation

0 Neutral
  1. Alanmads
    ComboFix 12-09-30.01 - Tech 30/09/2012 14:52:37.9.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.557 [GMT 1:00] Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Tech\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\chrome c:\chrome\chrome.exe c:\documents and settings\Tech\Local Settings\Application Data\Google c:\documents and settings\Tech\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0\3 c:\documents and settings\Tech\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar Cache\7.4.3203.136\en-GB\translate_element.js.content c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar Cache\7.4.3203.136\en-GB\translate_languages.json.content c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar DNS data\data c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_13262592464.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_14244984297.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_173714309151.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_2089238738.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_212744145827.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_212961510655.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_219954078162.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_2228746261.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_225360555212.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_225600079063.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_22803806269.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_22812589409.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_25374067137.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_25420760136.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_2552944905.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_25626419276.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_25637004932.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_2571584450.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_25750398483.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_25950049365.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_26492624926.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_2663812129.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_27150523803.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_27311415325.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_28659942639.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_28698540604.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_28816114639.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_2897915356.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_29071501545.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_3387784307.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_340193067656.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_340290601446.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_340700922439.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_3558652877.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_3858311617.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_38617217556.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_38678038629.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_3873937136.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_3883815615.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_39230745779.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_39232124292.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_39614302323.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_43945157441.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_44171588568.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_56302235706.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_58175894873.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_64261971934.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_64363115360.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_64384644689.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_64468477472.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_6495883254.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_65120249673.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_65294995086.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_69120095199.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_69853151449.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_70261276195.xml c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_70289440064.xml . . ((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-30 ))))))))))))))))))))))))))))))) . . 2012-09-30 13:46 . 2012-09-30 13:46 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E2C784F-E9D4-4E37-BCA7-7C86FBE66338}\MpKsl37fcdc94.sys 2012-09-30 00:48 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E2C784F-E9D4-4E37-BCA7-7C86FBE66338}\mpengine.dll 2012-09-29 11:04 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-15 09:28 . 2012-09-15 09:28 -------- d-----w- c:\documents and settings\Tech\Application Data\Rovio 2012-09-04 11:14 . 2012-09-04 11:14 -------- d--h--w- c:\windows\PIF 2012-09-01 08:13 . 2012-09-01 08:14 -------- d-----w- c:\program files\CCleaner 2012-09-01 07:15 . 2012-09-01 07:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-19 21:53 . 2012-04-03 20:15 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-09-19 21:53 . 2011-08-08 17:51 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-30 21:48 . 2012-08-30 21:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-08-30 21:48 . 2012-08-30 21:48 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-08-30 21:48 . 2012-06-19 13:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-30 21:48 . 2012-06-19 13:44 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-08-28 15:14 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-08-28 15:14 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-08-28 12:07 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec 2012-07-14 13:38 . 2012-07-10 20:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll 2012-07-08 15:42 . 2012-07-08 15:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-07-08 15:42 . 2012-06-19 13:45 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2012-07-08 15:42 . 2012-06-19 13:45 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys 2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05 . 2010-06-21 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-03 12:46 . 2012-04-22 08:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] "RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Tech^Start Menu^Programs^Startup^TalkTalk Setup CD Reporting Tool.exe] backup=c:\windows\pss\TalkTalk Setup CD Reporting Tool.exeStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3] 2006-07-18 16:15 49152 ----a-w- c:\windows\VMSnap3.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\PerseusLT\\psupdate.exe"= "c:\\Program Files\\PeerBlock\\peerblock.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352] R1 MpKsl37fcdc94;MpKsl37fcdc94;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E2C784F-E9D4-4E37-BCA7-7C86FBE66338}\MpKsl37fcdc94.sys [30/09/2012 14:46 29904] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [12/08/2011 00:38 116608] R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [01/06/2005 14:07 5314] R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21/06/2010 10:31 20968] R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [01/06/2005 14:07 7610] R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [23/07/2012 13:47 32896] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 13:28 160944] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/11/2011 15:06 1691480] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19/06/2012 14:45 12400] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/09/2012 08:15 35144] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 13:00 14336] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/11/2011 10:30 47360] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/11/2010 07:59 606056] S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19/06/2012 14:38 155320] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096] S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [23/12/2011 12:58 475136] S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [23/12/2011 12:58 1474560] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-09-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-TECH0001-Tech.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-29 08:46] . 2012-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57] . 2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00] . 2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00] . 2012-09-30 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03] . 2012-09-30 c:\windows\Tasks\User_Feed_Synchronization-{1D989DC0-EBAA-4B39-896D-221ABA46EDC2}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-30 15:01 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3036) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\IoctlSvc.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe . ************************************************************************** . Completion time: 2012-09-30 15:07:19 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-30 14:07 ComboFix2.txt 2012-09-19 08:13 ComboFix3.txt 2012-09-18 22:16 ComboFix4.txt 2012-09-05 14:28 ComboFix5.txt 2012-09-30 13:50 . Pre-Run: 30,081,077,248 bytes free Post-Run: 30,089,883,648 bytes free . - - End Of File - - DFC9345F927C459A94CAA749EA9B6CFA
  2. Alanmads
    Hi Maniac Are you there?
  3. Alanmads
    SystemLook 30.07.11 by jpshortstuff Log created at 23:12 on 25/09/2012 by Tech Administrator - Elevation successful ========== filefind ========== Searching for "*chrome* " C:\chrome\chrome.exe --a---- 1004 bytes [21:49 19/09/2012] [07:56 20/09/2012] 54389A2C6212E863FCE9CF595FFD078C C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\lib\deploy\jqs\ff\chrome.manifest --a--c- 108 bytes [23:44 01/03/2010] [23:44 01/03/2010] 7B43D30D4AE41144DE0BDF0DEC1CA287 C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\4932L9ET\actionlaunchchrome[1].js --a---- 711 bytes [21:52 19/09/2012] [21:52 19/09/2012] EECE1E5BC0D3224F4418EAA0A77BC840 C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\4932L9ET\chrome-48[1].png --a---- 1834 bytes [08:15 19/09/2012] [08:15 19/09/2012] 3FE84B8B53D7401B32FABD0C70F211BB C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\4932L9ET\chrome-content-sep[1].png --a---- 345 bytes [21:39 19/09/2012] [21:39 19/09/2012] AF01BFFBDD2F882BF534A962DFD5B007 C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\4986L9F3\gc_cds_160x600_A_chrome_en[1].swf --a---- 40512 bytes [22:30 24/09/2012] [22:30 24/09/2012] F312B2E1EAEC71811655FB754BFB025D C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\9D7HRYB2\chrome-48[1].png --a---- 1834 bytes [20:31 24/09/2012] [20:31 24/09/2012] 3FE84B8B53D7401B32FABD0C70F211BB C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\NNYX96UM\gc_cds_160x600_B_nonchrome_en[1].swf --a---- 40398 bytes [22:30 24/09/2012] [22:30 24/09/2012] B042FA9F234A174A60E233DFA866A537 C:\Qoobox\Quarantine\C\chrome\chrome.exe.vir --a---- 1004 bytes [09:06 08/09/2012] [08:00 19/09/2012] 54389A2C6212E863FCE9CF595FFD078C C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_jar.3643236F_FC70_11D3_A536_0090278A1BB8 -ra--c- 29500 bytes [17:28 30/05/2008] [17:28 30/05/2008] E4A1F93E2DCEC1FDFF473D429D20373D C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 -ra--c- 1880 bytes [12:00 29/05/2008] [12:00 29/05/2008] 7ECCABD395D6116AC38152F395D68771 Searching for " " No files found. ========== folderfind ========== Searching for "*chrome* " C:\chrome d--hs-- [21:49 19/09/2012] C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\lib\deploy\jqs\ff\chrome d------ [21:27 29/02/2012] C:\Documents and Settings\Tech\Local Settings\Application Data\Google\Chrome d------ [12:23 02/09/2012] C:\Documents and Settings\Tech\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0 d------ [12:23 02/09/2012] C:\Qoobox\Quarantine\C\chrome d------ [08:09 19/09/2012] Searching for " " No folders found. ========== regfind ========== Searching for "chrome" [HKEY_CURRENT_USER\Software\GNU\ffdshow] "whitelist"="3wPlayer.exe;ACDSee10.exe;ACDSee11.exe;ACDSee5.exe;ACDSee6.exe;ACDSee7.exe;ACDSee8.exe;ACDSee8Pro.exe;ACDSee9.exe;ACDSeePro2.exe;ACDSeePro25.exe;acdseepro3.exe;aegisub.exe;afreecaplayer.exe;afreecastudio.exe;AfterFX.exe;aim6.exe;ALLPlayer.exe;allradio.exe;AlltoaviV4.exe;ALShow.exe;ALSong.exe;AltDVB.exe;amcap.exe;amf_slv.exe;amvtransform.exe;Apollo DivX to DVD Creator.exe;Apollo3GPVideoConverter.exe;Ares.exe;AsfTools.exe;ass_help3r.exe;ASUSDVD.exe;Audition.exe;AutoGK.exe;autorun.exe;avant.exe;AVerTV.exe;Avi2Dvd.exe;avi2mpg.exe;avicodec.exe;avipreview.exe;aviutl.exe;avs2avi.exe;Badak.exe;BearShare.exe;BePipe.exe;bestplayer.exe;bestplayer1.0.exe;bestpl~1.exe;BitComet.exe;BlazeDVD.exe;BoonPlayer.exe;bplay.exe;bsplay.exe;bsplayer.exe;BTVD3DShell.exe;CamRecorder.exe;CamtasiaStudio.exe;carom.exe;CEC_MAIN.exe;christv.exe;chrome.exe;cinemaplayer.exe;CinergyDVR.exe;CodecInstaller.exe;ConvertXtoDvd.exe;coolpro2.exe;CorePlayer.exe;Crystal.exe;crystalfree.exe;CrystalP [HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603] "000"="chrome" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe] "a"="C:\chrome\chrome.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\chrome\chrome.exe"="chrome" [HKEY_CURRENT_USER\Software\Skype\Phone\UI] "InstallInfo"="google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled,skype-widget:notofferedFF;notsupported,skype-widget:offered-installedIE,skype-widget:notofferedGC;notsupported,skype-widget:5.8.8855" [HKEY_CURRENT_USER\Software\Skype\Phone\UI] "ChromeInstallInfo"="google-chrome:notoffered;disabled" [HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome] [HKEY_LOCAL_MACHINE\SOFTWARE\Google\No Chrome Offer Until] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0ECC861D234F1A966594D7B88147F142] "DBDB1253354DF9D5AA55447BD5126492"="C:\Program Files\Adobe\Adobe Help\Themes\DarkChrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ABC1E90208147605CC71ACB6D16FC055] "DBDB1253354DF9D5AA55447BD5126492"="C:\Program Files\Adobe\Adobe Help\Themes\LightChrome\" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Chrome"="C:\chrome\chrome.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj] "path"="C:\Documents and Settings\Tech\Local Settings\Application Data\Giant Savings\Chrome\Giant Savings.crx" [HKEY_USERS\.DEFAULT\Software\KasperskyLab\protected\AVP12\ChromeVkbdExtension] [HKEY_USERS\.DEFAULT\Software\Skype\Toolbars\Chrome] [HKEY_USERS\S-1-5-21-507921405-2000478354-1801674531-1003\Software\GNU\ffdshow] "whitelist"="3wPlayer.exe;ACDSee10.exe;ACDSee11.exe;ACDSee5.exe;ACDSee6.exe;ACDSee7.exe;ACDSee8.exe;ACDSee8Pro.exe;ACDSee9.exe;ACDSeePro2.exe;ACDSeePro25.exe;acdseepro3.exe;aegisub.exe;afreecaplayer.exe;afreecastudio.exe;AfterFX.exe;aim6.exe;ALLPlayer.exe;allradio.exe;AlltoaviV4.exe;ALShow.exe;ALSong.exe;AltDVB.exe;amcap.exe;amf_slv.exe;amvtransform.exe;Apollo DivX to DVD Creator.exe;Apollo3GPVideoConverter.exe;Ares.exe;AsfTools.exe;ass_help3r.exe;ASUSDVD.exe;Audition.exe;AutoGK.exe;autorun.exe;avant.exe;AVerTV.exe;Avi2Dvd.exe;avi2mpg.exe;avicodec.exe;avipreview.exe;aviutl.exe;avs2avi.exe;Badak.exe;BearShare.exe;BePipe.exe;bestplayer.exe;bestplayer1.0.exe;bestpl~1.exe;BitComet.exe;BlazeDVD.exe;BoonPlayer.exe;bplay.exe;bsplay.exe;bsplayer.exe;BTVD3DShell.exe;CamRecorder.exe;CamtasiaStudio.exe;carom.exe;CEC_MAIN.exe;christv.exe;chrome.exe;cinemaplayer.exe;CinergyDVR.exe;CodecInstaller.exe;ConvertXtoDvd.exe;coolpro2.exe;CorePlayer.e [HKEY_USERS\S-1-5-21-507921405-2000478354-1801674531-1003\Software\Microsoft\Search Assistant\ACMru\5603] "000"="chrome" [HKEY_USERS\S-1-5-21-507921405-2000478354-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe] "a"="C:\chrome\chrome.exe" [HKEY_USERS\S-1-5-21-507921405-2000478354-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache] "C:\chrome\chrome.exe"="chrome" [HKEY_USERS\S-1-5-21-507921405-2000478354-1801674531-1003\Software\Skype\Phone\UI] "InstallInfo"="google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled,skype-widget:notofferedFF;notsupported,skype-widget:offered-installedIE,skype-widget:notofferedGC;notsupported,skype-widget:5.8.8855" [HKEY_USERS\S-1-5-21-507921405-2000478354-1801674531-1003\Software\Skype\Phone\UI] "ChromeInstallInfo"="google-chrome:notoffered;disabled" [HKEY_USERS\S-1-5-18\Software\KasperskyLab\protected\AVP12\ChromeVkbdExtension] [HKEY_USERS\S-1-5-18\Software\Skype\Toolbars\Chrome] -= EOF =-
  4. Alanmads
    Oh yes . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2011-08-26.01) . Microsoft Windows XP Professional Boot Device: \Device\HarddiskVolume1 Install Date: 21/06/2010 10:21:02 System Uptime: 24/09/2012 07:00:46 (5 hours ago) . Motherboard: Intel Corporation | | D945GCCR Processor: Intel® Celeron® D CPU 3.20GHz | LGA 775 | 3192/133mhz . ==== Disk Partitions ========================= . A: is Removable C: is FIXED (NTFS) - 77 GiB total, 31.449 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318} Description: Belkin F6D4050 Enhanced Wireless USB Adapter Device ID: USB\VID_050D&PID_935A\1.0 Manufacturer: Belkin International, Inc. Name: Belkin F6D4050 Enhanced Wireless USB Adapter #3 PNP Device ID: USB\VID_050D&PID_935A\1.0 Service: rt2870 . ==== System Restore Points =================== . RP542: 26/06/2012 13:11:55 - Software Distribution Service 3.0 RP543: 27/06/2012 13:10:46 - Software Distribution Service 3.0 RP544: 28/06/2012 14:01:01 - System Checkpoint RP545: 28/06/2012 20:44:53 - Software Distribution Service 3.0 RP546: 30/06/2012 13:48:06 - Software Distribution Service 3.0 RP547: 01/07/2012 16:36:24 - Software Distribution Service 3.0 RP548: 02/07/2012 18:19:30 - Software Distribution Service 3.0 RP549: 03/07/2012 10:31:11 - Sony PC Companion RP550: 04/07/2012 09:03:22 - Software Distribution Service 3.0 RP551: 05/07/2012 09:48:10 - Software Distribution Service 3.0 RP552: 06/07/2012 10:35:49 - System Checkpoint RP553: 07/07/2012 08:34:16 - Software Distribution Service 3.0 RP554: 08/07/2012 11:01:16 - Software Distribution Service 3.0 RP555: 08/07/2012 11:13:11 - Software Distribution Service 3.0 RP556: 08/07/2012 16:41:49 - Uninstalled Sony Ericsson Drivers RP557: 08/07/2012 16:42:02 - Installed Sony Ericsson Drivers RP558: 08/07/2012 16:45:43 - Installed Windows XP Wdf01009. RP559: 09/07/2012 16:59:42 - System Checkpoint RP560: 10/07/2012 08:39:00 - Software Distribution Service 3.0 RP561: 11/07/2012 08:40:02 - System Checkpoint RP562: 12/07/2012 14:05:43 - Software Distribution Service 3.0 RP563: 12/07/2012 14:45:25 - Software Distribution Service 3.0 RP564: 13/07/2012 14:29:21 - Software Distribution Service 3.0 RP565: 13/07/2012 21:17:10 - Software Distribution Service 3.0 RP566: 14/07/2012 21:19:19 - System Checkpoint RP567: 15/07/2012 01:10:00 - Software Distribution Service 3.0 RP568: 16/07/2012 03:13:51 - System Checkpoint RP569: 16/07/2012 08:46:41 - Software Distribution Service 3.0 RP570: 17/07/2012 08:47:08 - System Checkpoint RP571: 17/07/2012 08:48:20 - Software Distribution Service 3.0 RP572: 18/07/2012 10:45:40 - Software Distribution Service 3.0 RP573: 19/07/2012 03:01:43 - Removed Nero 7 Ultra Edition RP574: 19/07/2012 03:16:09 - Installed Nero 7 Ultra Edition RP575: 19/07/2012 12:31:16 - Software Distribution Service 3.0 RP576: 19/07/2012 12:39:29 - Software Distribution Service 3.0 RP577: 19/07/2012 12:44:40 - Removed Nero 7 Ultra Edition RP578: 19/07/2012 13:40:55 - Installed Nero 7 Ultra Edition RP579: 19/07/2012 13:49:33 - Removed Nero 7 Ultra Edition RP580: 19/07/2012 13:58:08 - Installed Nero 7 Ultra Edition RP581: 20/07/2012 14:01:10 - System Checkpoint RP582: 20/07/2012 20:22:00 - Software Distribution Service 3.0 RP583: 21/07/2012 22:39:51 - System Checkpoint RP584: 22/07/2012 01:39:28 - Software Distribution Service 3.0 RP585: 22/07/2012 16:46:36 - Software Distribution Service 3.0 RP586: 23/07/2012 16:55:57 - System Checkpoint RP587: 23/07/2012 20:15:17 - Software Distribution Service 3.0 RP588: 24/07/2012 22:50:04 - Software Distribution Service 3.0 RP589: 26/07/2012 07:39:27 - Software Distribution Service 3.0 RP590: 04/08/2012 09:25:47 - Software Distribution Service 3.0 RP591: 05/08/2012 12:35:59 - Software Distribution Service 3.0 RP592: 06/08/2012 17:27:05 - Software Distribution Service 3.0 RP593: 07/08/2012 18:14:35 - System Checkpoint RP594: 08/08/2012 09:19:29 - Software Distribution Service 3.0 RP595: 09/08/2012 11:13:41 - System Checkpoint RP596: 10/08/2012 08:36:27 - Software Distribution Service 3.0 RP597: 11/08/2012 11:51:54 - System Checkpoint RP598: 11/08/2012 22:38:30 - Software Distribution Service 3.0 RP599: 13/08/2012 09:01:48 - Software Distribution Service 3.0 RP600: 29/08/2012 09:54:02 - Software Distribution Service 3.0 RP601: 29/08/2012 23:22:19 - Software Distribution Service 3.0 RP602: 30/08/2012 12:46:53 - Software Distribution Service 3.0 RP603: 30/08/2012 22:47:45 - Removed Java 7 Update 5 RP604: 30/08/2012 22:47:59 - Installed Java 7 Update 7 RP605: 31/08/2012 19:02:07 - Software Distribution Service 3.0 RP606: 01/09/2012 19:21:28 - System Checkpoint RP607: 02/09/2012 08:27:26 - Software Distribution Service 3.0 RP608: 03/09/2012 11:49:02 - Software Distribution Service 3.0 RP609: 04/09/2012 16:26:10 - Software Distribution Service 3.0 RP610: 05/09/2012 20:14:33 - Software Distribution Service 3.0 RP611: 06/09/2012 20:42:50 - System Checkpoint RP612: 07/09/2012 12:20:18 - Software Distribution Service 3.0 RP613: 08/09/2012 12:57:25 - System Checkpoint RP614: 08/09/2012 20:15:11 - Software Distribution Service 3.0 RP615: 10/09/2012 06:04:40 - Software Distribution Service 3.0 RP616: 11/09/2012 12:21:31 - Software Distribution Service 3.0 RP617: 12/09/2012 12:53:31 - System Checkpoint RP618: 12/09/2012 21:15:31 - Software Distribution Service 3.0 RP619: 13/09/2012 21:16:26 - Software Distribution Service 3.0 RP620: 13/09/2012 23:29:55 - Software Distribution Service 3.0 RP621: 15/09/2012 10:22:57 - Software Distribution Service 3.0 RP622: 15/09/2012 11:14:19 - Removed Skype Click to Call RP623: 16/09/2012 01:51:13 - Software Distribution Service 3.0 RP624: 17/09/2012 08:51:59 - Software Distribution Service 3.0 RP625: 18/09/2012 10:03:16 - Software Distribution Service 3.0 RP626: 18/09/2012 23:20:21 - Software Distribution Service 3.0 RP627: 20/09/2012 08:55:30 - Software Distribution Service 3.0 RP628: 21/09/2012 12:41:12 - Software Distribution Service 3.0 RP629: 22/09/2012 13:13:26 - System Checkpoint RP630: 23/09/2012 02:31:14 - Software Distribution Service 3.0 RP631: 23/09/2012 11:59:43 - Software Distribution Service 3.0 RP632: 24/09/2012 12:04:51 - System Checkpoint . ==== Installed Programs ====================== . Acrobat.com Adobe AIR Adobe Community Help Adobe Download Assistant Adobe Download Manager Adobe Flash Player 10 Plugin Adobe Flash Player 11 ActiveX Adobe Photoshop CS5.1 Adobe Reader X (10.1.3) Adobe Shockwave Player 11.6 Any Video Converter Ultimate 4.3.9 Any Video Converter Ultimate Crack version 4.3.9 Apple Application Support Apple Software Update Belkin F6D4050 Enhanced Wireless USB Adapter Belkin Wireless USB Adapter Setup Bonjour Camera Support Core Library Camera Window DS Camera Window DVC Camera Window MC Canon Camera Support Core Library Canon Camera WIA Driver Canon Camera Window DS for ZoomBrowser EX Canon Camera Window DVC for ZoomBrowser EX Canon Camera Window for ZoomBrowser EX Canon EOS Kiss_N REBEL_XT 350D WIA Driver Canon Internet Library for ZoomBrowser EX Canon PhotoRecord Canon RAW Image Task for ZoomBrowser EX Canon RemoteCapture Task for ZoomBrowser EX Canon Utilities Digital Photo Professional 1.6.1 Canon Utilities EOS Capture 1.3 Canon Utilities PhotoStitch 3.1 Canon ZoomBrowser EX CCleaner ConvertXtoDVD 4.1.19.365 CPUID CPU-Z 1.54 EOS Capture 1.3 ffdshow v1.2.4475 [2012-07-12] Google Toolbar for Internet Explorer Google Update Helper Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Hotfix for Windows Media Format 11 SDK (KB929399) Hotfix for Windows Media Player 11 (KB939683) Hotfix for Windows XP (KB2158563) Hotfix for Windows XP (KB2443685) Hotfix for Windows XP (KB2570791) Hotfix for Windows XP (KB2633952) Hotfix for Windows XP (KB915800-v4) Hotfix for Windows XP (KB952287) Hotfix for Windows XP (KB954550-v5) Hotfix for Windows XP (KB954708) Hotfix for Windows XP (KB961118) Hotfix for Windows XP (KB976002-v5) Hotfix for Windows XP (KB981793) Intel® Graphics Media Accelerator Driver Intel® Network Connections 15.1.29.0 Internet Explorer (Enable DEP) Internet Library Java 7 Update 7 Java Auto Updater K-Lite Mega Codec Pack 8.9.5 Malwarebytes Anti-Malware version 1.62.0.1300 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB2656370) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Compression Client Pack 1.0 for Windows XP Microsoft Fix it Center Microsoft IntelliType Pro 8.2 Microsoft Kernel-Mode Driver Framework Feature Pack 1.7 Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office Live Add-in 1.5 Microsoft Office Outlook Connector Microsoft Office Outlook MUI (English) 2007 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Professional Plus 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Word MUI (English) 2007 Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Software Update for Web Folders (English) 12 Microsoft User-Mode Driver Framework Feature Pack 1.0 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFCLOC_x86 MSN MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 7 Ultra Edition neroxml PDF Settings CS5 Perseus 1.7.1 LT Konus PhotoStitch PxMergeModule QuickTime RAW Image Task 2.0 Realtek High Definition Audio Driver Registry Mechanic 9.0.0.114 RemoteCapture Task 1.1 Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111) Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft Windows (KB2564958) Security Update for Windows Internet Explorer 8 (KB2510531) Security Update for Windows Internet Explorer 8 (KB2544521) Security Update for Windows Internet Explorer 8 (KB2618444) Security Update for Windows Internet Explorer 8 (KB2647516) Security Update for Windows Internet Explorer 8 (KB2675157) Security Update for Windows Internet Explorer 8 (KB2699988) Security Update for Windows Internet Explorer 8 (KB2722913) Security Update for Windows Internet Explorer 8 (KB982381) Security Update for Windows Media Player (KB2378111) Security Update for Windows Media Player (KB952069) Security Update for Windows Media Player (KB954155) Security Update for Windows Media Player (KB973540) Security Update for Windows Media Player (KB975558) Security Update for Windows Media Player (KB978695) Security Update for Windows Media Player (KB979402) Security Update for Windows Media Player 11 (KB954154) Security Update for Windows Search 4 - KB963093 Security Update for Windows XP (KB2079403) Security Update for Windows XP (KB2115168) Security Update for Windows XP (KB2121546) Security Update for Windows XP (KB2160329) Security Update for Windows XP (KB2229593) Security Update for Windows XP (KB2259922) Security Update for Windows XP (KB2279986) Security Update for Windows XP (KB2286198) Security Update for Windows XP (KB2296011) Security Update for Windows XP (KB2347290) Security Update for Windows XP (KB2360937) Security Update for Windows XP (KB2387149) Security Update for Windows XP (KB2393802) Security Update for Windows XP (KB2412687) Security Update for Windows XP (KB2419632) Security Update for Windows XP (KB2423089) Security Update for Windows XP (KB2440591) Security Update for Windows XP (KB2443105) Security Update for Windows XP (KB2476490) Security Update for Windows XP (KB2478960) Security Update for Windows XP (KB2478971) Security Update for Windows XP (KB2479943) Security Update for Windows XP (KB2481109) Security Update for Windows XP (KB2483185) Security Update for Windows XP (KB2485663) Security Update for Windows XP (KB2503665) Security Update for Windows XP (KB2506212) Security Update for Windows XP (KB2507618) Security Update for Windows XP (KB2507938) Security Update for Windows XP (KB2508272) Security Update for Windows XP (KB2508429) Security Update for Windows XP (KB2509553) Security Update for Windows XP (KB2524375) Security Update for Windows XP (KB2535512) Security Update for Windows XP (KB2536276-v2) Security Update for Windows XP (KB2536276) Security Update for Windows XP (KB2544893-v2) Security Update for Windows XP (KB2544893) Security Update for Windows XP (KB2555917) Security Update for Windows XP (KB2562937) Security Update for Windows XP (KB2566454) Security Update for Windows XP (KB2567053) Security Update for Windows XP (KB2567680) Security Update for Windows XP (KB2570222) Security Update for Windows XP (KB2570947) Security Update for Windows XP (KB2584146) Security Update for Windows XP (KB2585542) Security Update for Windows XP (KB2592799) Security Update for Windows XP (KB2598479) Security Update for Windows XP (KB2603381) Security Update for Windows XP (KB2618451) Security Update for Windows XP (KB2619339) Security Update for Windows XP (KB2620712) Security Update for Windows XP (KB2621440) Security Update for Windows XP (KB2624667) Security Update for Windows XP (KB2631813) Security Update for Windows XP (KB2633171) Security Update for Windows XP (KB2639417) Security Update for Windows XP (KB2641653) Security Update for Windows XP (KB2646524) Security Update for Windows XP (KB2647518) Security Update for Windows XP (KB2653956) Security Update for Windows XP (KB2655992) Security Update for Windows XP (KB2659262) Security Update for Windows XP (KB2660465) Security Update for Windows XP (KB2661637) Security Update for Windows XP (KB2676562) Security Update for Windows XP (KB2685939) Security Update for Windows XP (KB2686509) Security Update for Windows XP (KB2691442) Security Update for Windows XP (KB2695962) Security Update for Windows XP (KB2698365) Security Update for Windows XP (KB2705219) Security Update for Windows XP (KB2707511) Security Update for Windows XP (KB2709162) Security Update for Windows XP (KB2712808) Security Update for Windows XP (KB2718523) Security Update for Windows XP (KB2719985) Security Update for Windows XP (KB2723135) Security Update for Windows XP (KB2731847) Security Update for Windows XP (KB923561) Security Update for Windows XP (KB923789) Security Update for Windows XP (KB941569) Security Update for Windows XP (KB946648) Security Update for Windows XP (KB950760) Security Update for Windows XP (KB950762) Security Update for Windows XP (KB950974) Security Update for Windows XP (KB951376-v2) Security Update for Windows XP (KB951748) Security Update for Windows XP (KB952004) Security Update for Windows XP (KB952954) Security Update for Windows XP (KB954459) Security Update for Windows XP (KB955069) Security Update for Windows XP (KB956572) Security Update for Windows XP (KB956744) Security Update for Windows XP (KB956802) Security Update for Windows XP (KB956803) Security Update for Windows XP (KB956844) Security Update for Windows XP (KB958644) Security Update for Windows XP (KB958869) Security Update for Windows XP (KB959426) Security Update for Windows XP (KB960225) Security Update for Windows XP (KB960803) Security Update for Windows XP (KB960859) Security Update for Windows XP (KB961501) Security Update for Windows XP (KB969059) Security Update for Windows XP (KB970238) Security Update for Windows XP (KB970430) Security Update for Windows XP (KB971468) Security Update for Windows XP (KB971657) Security Update for Windows XP (KB971961) Security Update for Windows XP (KB972270) Security Update for Windows XP (KB973507) Security Update for Windows XP (KB973869) Security Update for Windows XP (KB973904) Security Update for Windows XP (KB974112) Security Update for Windows XP (KB974318) Security Update for Windows XP (KB974392) Security Update for Windows XP (KB974571) Security Update for Windows XP (KB975025) Security Update for Windows XP (KB975467) Security Update for Windows XP (KB975560) Security Update for Windows XP (KB975561) Security Update for Windows XP (KB975562) Security Update for Windows XP (KB975713) Security Update for Windows XP (KB977816) Security Update for Windows XP (KB977914) Security Update for Windows XP (KB978037) Security Update for Windows XP (KB978338) Security Update for Windows XP (KB978542) Security Update for Windows XP (KB978601) Security Update for Windows XP (KB978706) Security Update for Windows XP (KB979309) Security Update for Windows XP (KB979482) Security Update for Windows XP (KB979559) Security Update for Windows XP (KB979683) Security Update for Windows XP (KB979687) Security Update for Windows XP (KB980195) Security Update for Windows XP (KB980218) Security Update for Windows XP (KB980232) Security Update for Windows XP (KB980436) Security Update for Windows XP (KB981322) Security Update for Windows XP (KB981349) Security Update for Windows XP (KB981852) Security Update for Windows XP (KB981957) Security Update for Windows XP (KB981997) Security Update for Windows XP (KB982132) Security Update for Windows XP (KB982214) Security Update for Windows XP (KB982381) Security Update for Windows XP (KB982665) Skype™ 5.10 Sony Ericsson Update Engine Sony PC Companion 2.10.079 SUPERAntiSpyware swMSM System Requirements Lab for Intel Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Microsoft Windows (KB971513) Update for Windows Internet Explorer 8 (KB2598845) Update for Windows XP (KB2141007) Update for Windows XP (KB2345886) Update for Windows XP (KB2467659) Update for Windows XP (KB2492386) Update for Windows XP (KB2541763) Update for Windows XP (KB2607712) Update for Windows XP (KB2616676-v2) Update for Windows XP (KB2641690) Update for Windows XP (KB2718704) Update for Windows XP (KB2736233) Update for Windows XP (KB898461) Update for Windows XP (KB951978) Update for Windows XP (KB955759) Update for Windows XP (KB961503) Update for Windows XP (KB967715) Update for Windows XP (KB968389) Update for Windows XP (KB971029) Update for Windows XP (KB971737) Update for Windows XP (KB973687) Update for Windows XP (KB973815) VIMICRO USB PC Camera (ZC0301PLH) WebFldrs XP Windows Genuine Advantage Notifications (KB905474) Windows Genuine Advantage Validation Tool (KB892130) Windows Internet Explorer 8 Windows Management Framework Core Windows Media Format 11 runtime Windows Media Player 11 WinRAR archiver ZC0301PLH_Driver_Setup . ==== Event Viewer Messages From Past Week ======== . 20/09/2012 08:44:41, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 9444527C0329 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message). 18/09/2012 23:04:06, error: Service Control Manager [7034] - The DiskManager service terminated unexpectedly. It has done this 1 time(s). . ==== End Of File =========================== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2 Run by Tech at 12:40:02 on 2012-09-24 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.556 [GMT 1:00] . AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ============== Running Processes =============== . C:\WINDOWS\system32\svchost.exe -k DcomLaunch svchost.exe c:\Program Files\Microsoft Security Client\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\SUPERAntiSpyware\SASCORE.EXE C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre7\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\WINDOWS\system32\IoctlSvc.exe C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\VMSnap3.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\RTHDCPL.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\system32\wscntfy.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.co.uk/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [Persistence] c:\windows\system32\igfxpers.exe mRun: [VMSnap3] c:\windows\VMSnap3.exe mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe mRun: [RTHDCPL] RTHDCPL.EXE mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Chrome] c:\chrome\chrome.exe dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277118227109 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: Interfaces\{7E5FACE1-1C1B-49BA-AE2B-EC41084F3E67} : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{B9A4682F-FC9A-44FA-9EC3-4C73BE5B83A0} : DhcpNameServer = 192.168.1.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL Notify: igfxcui - igfxdev.dll Notify: klogon - c:\windows\system32\klogon.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL . ============= SERVICES / DRIVERS =============== . R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208] R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064] R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-3-31 565552] R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664] R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-12 116608] R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [2005-6-1 5314] R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-21 20968] R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [2005-6-1 7610] R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2012-7-23 32896] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-29 136176] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-11-22 1691480] S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-6-19 12400] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-29 136176] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-9-1 35144] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336] S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-11-11 19056] S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2012-4-25 637952] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-11-25 606056] S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-6-19 155320] S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096] S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2011-12-23 475136] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [2011-12-23 1474560] . =============== Created Last 30 ================ . 2012-09-23 10:59:45 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1697119-f895-445c-8661-6bfb95a8f771}\mpengine.dll 2012-09-23 01:31:17 6980552 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll 2012-09-19 21:49:14 -------- d-sh--w- C:\chrome 2012-09-19 08:00:35 -------- d-----w- C:\ComboFix 2012-09-15 09:28:33 -------- d-----w- c:\documents and settings\tech\application data\Rovio 2012-09-04 11:14:06 -------- d--h--w- c:\windows\PIF 2012-09-02 12:57:55 -------- d-sha-r- C:\cmdcons 2012-09-02 12:56:00 208896 ----a-w- c:\windows\MBR.exe 2012-09-02 12:55:59 98816 ----a-w- c:\windows\sed.exe 2012-09-02 12:55:59 518144 ----a-w- c:\windows\SWREG.exe 2012-09-02 12:55:59 256000 ----a-w- c:\windows\PEV.exe 2012-09-01 08:13:58 -------- d-----w- c:\program files\CCleaner 2012-09-01 07:15:44 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-08-30 21:48:49 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-08-30 21:48:40 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . ==================== Find3M ==================== . 2012-09-19 21:53:25 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-09-19 21:53:25 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-30 21:48:20 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-30 21:48:20 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-07-14 13:38:14 112640 ----a-w- c:\windows\system32\ff_vfw.dll 2012-07-08 15:42:03 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2012-07-08 15:42:03 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-07-08 15:42:03 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys 2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-03 12:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec . ============= FINISH: 12:40:55.07 ===============
  5. Alanmads
    Hi Can you tell me how to generate a DDS log file please?
  6. Alanmads
    Hi there Just booted my PC up this morning and still the same problem.
  7. Alanmads
    ComboFix 12-09-18.07 - Tech 19/09/2012 9:02.8.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.587 [GMT 1:00] Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Tech\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\chrome c:\chrome\chrome.exe . . ((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 ))))))))))))))))))))))))))))))) . . 2012-09-18 22:16 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{759776D8-EAB2-4CE5-B63A-F7694AA46CD7}\mpengine.dll 2012-09-17 07:52 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-15 09:28 . 2012-09-15 09:28 -------- d-----w- c:\documents and settings\Tech\Application Data\Rovio 2012-09-04 11:14 . 2012-09-04 11:14 -------- d--h--w- c:\windows\PIF 2012-09-01 08:13 . 2012-09-01 08:14 -------- d-----w- c:\program files\CCleaner 2012-09-01 07:15 . 2012-09-01 07:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-08-30 21:49 . 2012-08-30 21:49 -------- d-----w- c:\program files\Common Files\Java 2012-08-30 21:48 . 2012-08-30 21:48 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-08-30 21:48 . 2012-08-30 21:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-30 21:48 . 2012-06-19 13:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-30 21:48 . 2012-06-19 13:44 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-05 11:27 . 2012-04-03 20:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-05 11:27 . 2011-08-08 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-14 13:38 . 2012-07-10 20:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll 2012-07-08 15:42 . 2012-07-08 15:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-07-08 15:42 . 2012-06-19 13:45 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2012-07-08 15:42 . 2012-06-19 13:45 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys 2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05 . 2010-06-21 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-03 12:46 . 2012-04-22 08:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] "RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Tech^Start Menu^Programs^Startup^TalkTalk Setup CD Reporting Tool.exe] backup=c:\windows\pss\TalkTalk Setup CD Reporting Tool.exeStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3] 2006-07-18 16:15 49152 ----a-w- c:\windows\VMSnap3.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\PerseusLT\\psupdate.exe"= "c:\\Program Files\\PeerBlock\\peerblock.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [12/08/2011 00:38 116608] R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [01/06/2005 14:07 5314] R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21/06/2010 10:31 20968] R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [01/06/2005 14:07 7610] R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [23/07/2012 13:47 32896] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472] S2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [20/03/2012 08:41 609792] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 13:28 160944] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/11/2011 15:06 1691480] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19/06/2012 14:45 12400] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/09/2012 08:15 35144] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 13:00 14336] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/11/2011 10:30 47360] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/11/2010 07:59 606056] S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19/06/2012 14:38 155320] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096] S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [23/12/2011 12:58 475136] S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [23/12/2011 12:58 1474560] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-09-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-TECH0001-Tech.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-29 08:46] . 2012-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57] . 2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00] . 2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00] . 2012-09-19 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03] . 2012-09-19 c:\windows\Tasks\User_Feed_Synchronization-{1D989DC0-EBAA-4B39-896D-221ABA46EDC2}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-19 09:10 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Completion time: 2012-09-19 09:13:34 ComboFix-quarantined-files.txt 2012-09-19 08:13 ComboFix2.txt 2012-09-18 22:16 ComboFix3.txt 2012-09-05 14:28 ComboFix4.txt 2012-09-05 14:05 ComboFix5.txt 2012-09-19 08:00 . Pre-Run: 32,452,415,488 bytes free Post-Run: 32,461,537,280 bytes free . - - End Of File - - A2AE962D1A9EE55E68186AC76569D008
  8. Alanmads
    ComboFix 12-09-18.06 - Tech 18/09/2012 23:04:27.7.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.556 [GMT 1:00] Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\TEMP . . ((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 ))))))))))))))))))))))))))))))) . . 2012-09-18 22:01 . 2012-09-18 22:01 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B62A7BF1-3E11-4508-8B84-B831C9652568}\MpKslbfdb1d44.sys 2012-09-18 09:03 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B62A7BF1-3E11-4508-8B84-B831C9652568}\mpengine.dll 2012-09-17 07:52 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-15 09:28 . 2012-09-15 09:28 -------- d-----w- c:\documents and settings\Tech\Application Data\Rovio 2012-09-05 14:25 . 2012-09-08 09:06 -------- d-----w- C:\chrome 2012-09-04 11:14 . 2012-09-04 11:14 -------- d--h--w- c:\windows\PIF 2012-09-01 08:13 . 2012-09-01 08:14 -------- d-----w- c:\program files\CCleaner 2012-09-01 07:15 . 2012-09-01 07:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-08-30 21:49 . 2012-08-30 21:49 -------- d-----w- c:\program files\Common Files\Java 2012-08-30 21:48 . 2012-08-30 21:48 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-08-30 21:48 . 2012-08-30 21:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-30 21:48 . 2012-06-19 13:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-30 21:48 . 2012-06-19 13:44 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-05 11:27 . 2012-04-03 20:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-05 11:27 . 2011-08-08 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-14 13:38 . 2012-07-10 20:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll 2012-07-08 15:42 . 2012-07-08 15:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-07-08 15:42 . 2012-06-19 13:45 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2012-07-08 15:42 . 2012-06-19 13:45 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys 2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05 . 2010-06-21 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-03 12:46 . 2012-04-22 08:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] "RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Chrome"="c:\chrome\chrome.exe" [2012-09-18 1004] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Tech^Start Menu^Programs^Startup^TalkTalk Setup CD Reporting Tool.exe] backup=c:\windows\pss\TalkTalk Setup CD Reporting Tool.exeStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3] 2006-07-18 16:15 49152 ----a-w- c:\windows\VMSnap3.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\PerseusLT\\psupdate.exe"= "c:\\Program Files\\PeerBlock\\peerblock.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352] R1 MpKslbfdb1d44;MpKslbfdb1d44;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B62A7BF1-3E11-4508-8B84-B831C9652568}\MpKslbfdb1d44.sys [18/09/2012 23:01 29904] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [12/08/2011 00:38 116608] R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [01/06/2005 14:07 5314] R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21/06/2010 10:31 20968] R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [01/06/2005 14:07 7610] R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [23/07/2012 13:47 32896] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472] S2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [20/03/2012 08:41 609792] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 13:28 160944] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/11/2011 15:06 1691480] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19/06/2012 14:45 12400] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/09/2012 08:15 35144] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 13:00 14336] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/11/2011 10:30 47360] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/11/2010 07:59 606056] S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19/06/2012 14:38 155320] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096] S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [23/12/2011 12:58 475136] S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [23/12/2011 12:58 1474560] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSLBFDB1D44 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-09-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-TECH0001-Tech.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-29 08:46] . 2012-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57] . 2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00] . 2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00] . 2012-09-18 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03] . 2012-09-18 c:\windows\Tasks\User_Feed_Synchronization-{1D989DC0-EBAA-4B39-896D-221ABA46EDC2}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.1.1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-18 23:12 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1400) c:\windows\system32\sxs.dll . - - - - - - - > 'explorer.exe'(3812) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-09-18 23:16:21 ComboFix-quarantined-files.txt 2012-09-18 22:16 ComboFix2.txt 2012-09-05 14:28 ComboFix3.txt 2012-09-05 14:05 ComboFix4.txt 2012-09-04 15:45 ComboFix5.txt 2012-09-18 22:02 . Pre-Run: 32,118,263,808 bytes free Post-Run: 32,521,949,184 bytes free . - - End Of File - - FC0220158E4C38EED22C767C64A54C83
  9. Alanmads
    Hi there Yes im still with you lol Sorry been busy with work but back to normal now for a week or so. I have followed your instructions carefully but when i re-boot my pc immediately beeps and comes up with a DOS window and an error message saying something along the lines of '16 bit dos error' 'illegal instruction from Chrome....' I don't actuially have Chrome installed on my pc and havent had for a long time. Thanks for sticking with me Maniac. Would it be easier just to transfer my files to my partners pc and format mine?
  10. Alanmads
    Hi there Appologies for no reply but i have been away with work for the last week. I have done as Maniac instructed and everything looks good, however, i have rebooted by pc and same thing is coming up. 'Chrome has attempted an illegal instruction etc '
  11. Alanmads
    ComboFix 12-09-05.01 - Tech 05/09/2012 15:14:11.6.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.556 [GMT 1:00] Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Tech\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . C:\chrome c:\chrome\chrome.exe . . ((((((((((((((((((((((((( Files Created from 2012-08-05 to 2012-09-05 ))))))))))))))))))))))))))))))) . . 2012-09-05 14:08 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F59D9F-024F-45AD-956B-504AFB6B0265}\mpengine.dll 2012-09-04 12:56 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-04 11:44 . 2012-09-04 11:44 -------- d-----w- c:\program files\ESET 2012-09-04 11:14 . 2012-09-04 11:14 -------- d--h--w- c:\windows\PIF 2012-09-01 08:13 . 2012-09-01 08:14 -------- d-----w- c:\program files\CCleaner 2012-09-01 07:15 . 2012-09-01 07:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-08-30 21:49 . 2012-08-30 21:49 -------- d-----w- c:\program files\Common Files\Java 2012-08-30 21:48 . 2012-08-30 21:48 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-08-30 21:48 . 2012-08-30 21:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-08-06 17:48 . 2012-08-06 17:54 -------- d-----w- c:\program files\Gabest . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-30 21:48 . 2012-06-19 13:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-30 21:48 . 2012-06-19 13:44 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-05 11:27 . 2012-04-03 20:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-05 11:27 . 2011-08-08 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-14 13:38 . 2012-07-10 20:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll 2012-07-08 15:42 . 2012-07-08 15:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-07-08 15:42 . 2012-06-19 13:45 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2012-07-08 15:42 . 2012-06-19 13:45 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys 2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05 . 2010-06-21 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-03 12:46 . 2012-04-22 08:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec 2012-06-19 13:45 . 2012-06-19 13:45 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-03 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] "RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Chrome"="c:\chrome\chrome.exe" [2012-09-05 1004] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Tech^Start Menu^Programs^Startup^TalkTalk Setup CD Reporting Tool.exe] backup=c:\windows\pss\TalkTalk Setup CD Reporting Tool.exeStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3] 2006-07-18 16:15 49152 ----a-w- c:\windows\VMSnap3.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\PerseusLT\\psupdate.exe"= "c:\\Program Files\\PeerBlock\\peerblock.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= . R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608] R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [01/06/2005 14:07 5314] R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21/06/2010 10:31 20968] R2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [20/03/2012 08:41 609792] R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [01/06/2005 14:07 7610] R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13:33 3064000] R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [23/07/2012 13:47 32896] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 08:50 158856] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/11/2011 15:06 1691480] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19/06/2012 14:45 12400] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/09/2012 08:15 35144] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 13:00 14336] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/11/2011 10:30 47360] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/11/2010 07:59 606056] S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19/06/2012 14:38 155320] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096] S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [23/12/2011 12:58 475136] S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [23/12/2011 12:58 1474560] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-08-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-TECH0001-Tech.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-29 08:46] . 2012-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57] . 2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00] . 2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00] . 2012-09-05 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s TCP: DhcpNameServer = 192.168.1.1 . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-05 15:23 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1404) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(2144) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Java\jre7\bin\jqs.exe c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe c:\windows\system32\IoctlSvc.exe c:\windows\system32\wscntfy.exe c:\windows\RTHDCPL.EXE c:\windows\system32\igfxsrvc.exe . ************************************************************************** . Completion time: 2012-09-05 15:28:36 - machine was rebooted ComboFix-quarantined-files.txt 2012-09-05 14:28 ComboFix2.txt 2012-09-05 14:05 ComboFix3.txt 2012-09-04 15:45 ComboFix4.txt 2012-09-03 12:39 ComboFix5.txt 2012-09-05 14:12 . Pre-Run: 26,613,223,424 bytes free Post-Run: 26,604,564,480 bytes free . - - End Of File - - 72246DE9FF6C2C6F966FE02347A54AD2
  12. Alanmads
    ComboFix 12-09-04.02 - Tech 04/09/2012 16:32:17.4.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.552 [GMT 1:00] Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((( Files Created from 2012-08-04 to 2012-09-04 ))))))))))))))))))))))))))))))) . . 2012-09-04 15:26 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D8103920-E6DC-4CD4-AB79-A82F8A7FFB27}\mpengine.dll 2012-09-04 12:56 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-09-04 11:44 . 2012-09-04 11:44 -------- d-----w- c:\program files\ESET 2012-09-04 11:14 . 2012-09-04 11:14 -------- d--h--w- c:\windows\PIF 2012-09-03 12:35 . 2012-09-03 12:56 -------- d-----w- C:\chrome 2012-09-02 12:23 . 2012-09-02 12:29 -------- d-----w- c:\program files\DownloadManager 2012-09-02 12:23 . 2012-09-02 12:23 -------- d-----w- c:\documents and settings\Tech\Local Settings\Application Data\Giant Savings 2012-09-02 12:22 . 2012-09-04 12:07 -------- d-----w- c:\program files\Giant Savings 2012-09-01 08:13 . 2012-09-01 08:14 -------- d-----w- c:\program files\CCleaner 2012-09-01 07:15 . 2012-09-01 07:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys 2012-08-30 21:49 . 2012-08-30 21:49 -------- d-----w- c:\program files\Common Files\Java 2012-08-30 21:48 . 2012-08-30 21:48 143872 ----a-w- c:\windows\system32\javacpl.cpl 2012-08-30 21:48 . 2012-08-30 21:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2012-08-06 17:48 . 2012-08-06 17:54 -------- d-----w- c:\program files\Gabest . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-08-30 21:48 . 2012-06-19 13:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-08-30 21:48 . 2012-06-19 13:44 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-08-05 11:27 . 2012-04-03 20:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-08-05 11:27 . 2011-08-08 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-07-14 13:38 . 2012-07-10 20:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll 2012-07-08 15:42 . 2012-07-08 15:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll 2012-07-08 15:42 . 2012-06-19 13:45 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys 2012-07-08 15:42 . 2012-06-19 13:45 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys 2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll 2012-07-04 14:05 . 2010-06-21 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys 2012-07-03 12:46 . 2012-04-22 08:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-07-02 17:49 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl 2012-07-02 12:05 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec 2012-06-19 13:45 . 2012-06-19 13:45 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-03 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072] "VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152] "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488] "RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "Chrome"="c:\chrome\chrome.exe" [2012-09-04 1004] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080] . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^Tech^Start Menu^Programs^Startup^TalkTalk Setup CD Reporting Tool.exe] backup=c:\windows\pss\TalkTalk Setup CD Reporting Tool.exeStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3] 2006-07-18 16:15 49152 ----a-w- c:\windows\VMSnap3.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\PerseusLT\\psupdate.exe"= "c:\\Program Files\\PeerBlock\\peerblock.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= "c:\\WINDOWS\\system32\\dpvsetup.exe"= "c:\\WINDOWS\\system32\\dxdiag.exe"= "c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"= "c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"= . R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352] R1 MpKsledc064fb;MpKsledc064fb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92A3F554-1D98-41AA-AB95-6F6D317D56FA}\MpKsledc064fb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92A3F554-1D98-41AA-AB95-6F6D317D56FA}\MpKsledc064fb.sys [?] R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608] R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [01/06/2005 14:07 5314] R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21/06/2010 10:31 20968] R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [01/06/2005 14:07 7610] R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [23/07/2012 13:47 32896] R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608] R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472] S2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [20/03/2012 08:41 609792] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176] S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13:33 3064000] S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 08:50 158856] S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/11/2011 15:06 1691480] S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336] S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19/06/2012 14:45 12400] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176] S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568] S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/09/2012 08:15 35144] S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 13:00 14336] S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [11/11/2011 10:21 19056] S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/11/2011 10:30 47360] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/11/2010 07:59 606056] S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19/06/2012 14:38 155320] S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096] S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [23/12/2011 12:58 475136] S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [23/12/2011 12:58 1474560] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper . Contents of the 'Scheduled Tasks' folder . 2012-08-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-TECH0001-Tech.job - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-29 08:46] . 2012-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57] . 2012-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00] . 2012-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00] . 2012-09-04 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job - c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uInternet Settings,ProxyServer = isa_websense:8080 uInternet Settings,ProxyOverride = *.local uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-09-04 16:41 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1400) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(3048) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2012-09-04 16:45:09 ComboFix-quarantined-files.txt 2012-09-04 15:45 ComboFix2.txt 2012-09-03 12:39 ComboFix3.txt 2012-09-02 13:51 ComboFix4.txt 2012-09-02 13:12 . Pre-Run: 26,632,241,152 bytes free Post-Run: 26,762,166,272 bytes free . - - End Of File - - 9F1E087B5E215D7E5658C90E34E8C6DE
  13. Alanmads
    ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=49501e7ced10e34a9fc97eec1744b549 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-09-04 12:41:58 # local_time=2012-09-04 01:41:58 (+0000, GMT Daylight Time) # country="United Kingdom" # lang=1033 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1280 16777215 100 0 0 0 0 0 # compatibility_mode=2560 16777215 100 0 0 0 0 0 # compatibility_mode=5891 16776533 42 92 537 14490210 0 0 # compatibility_mode=8192 67108863 100 0 196 196 0 0 # scanned=71074 # found=6 # cleaned=6 # scan_time=3258 C:\Program Files\Giant Savings\Giant Savings.dll Win32/Toolbar.CrossRider application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\chrome\chrome\%DRIVE~1\chrome\prtest.exe.vir a variant of Win32/Adware.SafeSurf.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\Qoobox\Quarantine\C\chrome\chrome\%DRIVE~1\chrome\SURFGU~1.EXE.vir a variant of Win32/Adware.SafeSurf.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{B2A1FAE3-805C-4CCE-9542-318AC7067479}\RP607\A0092080.exe a variant of Win32/Adware.SafeSurf.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{B2A1FAE3-805C-4CCE-9542-318AC7067479}\RP607\A0092082.exe a variant of Win32/Adware.SafeSurf.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C C:\System Volume Information\_restore{B2A1FAE3-805C-4CCE-9542-318AC7067479}\RP608\A0092490.dll Win32/Toolbar.CrossRider application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  14. Alanmads
    scan has no report to save as no threats were found. What shall i do next Maniac? Regards Alanmads
  15. Alanmads
    Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.09.03.05 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Tech :: TECH0001 [administrator] 03/09/2012 13:48:21 mbam-log-2012-09-03 (13-48-21).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 208310 Time elapsed: 4 minute(s), 39 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 6 HKCR\CrossriderApp0004479.BHO (PUP.CrossFire.Gen) -> Quarantined and deleted successfully. HKCR\CrossriderApp0004479.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully. HKCR\CrossriderApp0004479.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully. HKCR\CrossriderApp0004479.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully. HKCR\CrossriderApp0004479.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully. HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully. Registry Values Detected: 2 HKCU\Software\InstalledBrowserExtensions\215 Apps|4479 (PUP.CrossFire.SA) -> Data: Giant Savings -> Quarantined and deleted successfully. HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Chrome (Trojan.Agent) -> Data: C:\chrome\chrome.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\chrome\chrome.exe (Trojan.Agent) -> Quarantined and deleted successfully. (end) aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-03 13:57:38 ----------------------------- 13:57:38.687 OS Version: Windows 5.1.2600 Service Pack 3 13:57:38.687 Number of processors: 1 586 0x605 13:57:38.687 ComputerName: TECH0001 UserName: Tech 13:57:39.859 Initialize success 13:59:47.312 AVAST engine defs: 12090300 14:00:16.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 14:00:16.640 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OAB3A Size: 78533MB BusType: 3 14:00:16.656 Disk 0 MBR read successfully 14:00:16.656 Disk 0 MBR scan 14:00:16.718 Disk 0 Windows XP default MBR code 14:00:16.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78528 MB offset 63 14:00:16.734 Disk 0 scanning sectors +160826715 14:00:16.796 Disk 0 scanning C:\WINDOWS\system32\drivers 14:00:27.140 Service scanning 14:00:52.593 Modules scanning 14:01:00.671 Disk 0 trace - called modules: 14:01:00.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 14:01:00.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f1bab8] 14:01:01.187 3 CLASSPNP.SYS[f76befd7] -> nt!IofCallDriver -> \Device\0000006f[0x86f53a00] 14:01:01.187 5 ACPI.sys[f7545620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x86fabb00] 14:01:02.046 AVAST engine scan C:\WINDOWS 14:01:11.750 AVAST engine scan C:\WINDOWS\system32 14:03:48.812 AVAST engine scan C:\WINDOWS\system32\drivers 14:04:02.156 AVAST engine scan C:\Documents and Settings\Tech 14:07:31.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tech\Desktop\MBR.dat" 14:07:31.968 The log file has been saved successfully to "C:\Documents and Settings\Tech\Desktop\aswMBR.txt" aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-03 13:57:38 ----------------------------- 13:57:38.687 OS Version: Windows 5.1.2600 Service Pack 3 13:57:38.687 Number of processors: 1 586 0x605 13:57:38.687 ComputerName: TECH0001 UserName: Tech 13:57:39.859 Initialize success 13:59:47.312 AVAST engine defs: 12090300 14:00:16.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5 14:00:16.640 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OAB3A Size: 78533MB BusType: 3 14:00:16.656 Disk 0 MBR read successfully 14:00:16.656 Disk 0 MBR scan 14:00:16.718 Disk 0 Windows XP default MBR code 14:00:16.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78528 MB offset 63 14:00:16.734 Disk 0 scanning sectors +160826715 14:00:16.796 Disk 0 scanning C:\WINDOWS\system32\drivers 14:00:27.140 Service scanning 14:00:52.593 Modules scanning 14:01:00.671 Disk 0 trace - called modules: 14:01:00.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS 14:01:00.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f1bab8] 14:01:01.187 3 CLASSPNP.SYS[f76befd7] -> nt!IofCallDriver -> \Device\0000006f[0x86f53a00] 14:01:01.187 5 ACPI.sys[f7545620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x86fabb00] 14:01:02.046 AVAST engine scan C:\WINDOWS 14:01:11.750 AVAST engine scan C:\WINDOWS\system32 14:03:48.812 AVAST engine scan C:\WINDOWS\system32\drivers 14:04:02.156 AVAST engine scan C:\Documents and Settings\Tech 14:07:31.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tech\Desktop\MBR.dat" 14:07:31.968 The log file has been saved successfully to "C:\Documents and Settings\Tech\Desktop\aswMBR.txt" 14:08:09.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tech\Desktop\MBR.dat" 14:08:09.218 The log file has been saved successfully to "C:\Documents and Settings\Tech\Desktop\aswMBR.txt"
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.