Alanmads
-
Posts
27 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by Alanmads
-
-
Hi Maniac
Are you there?
-
SystemLook 30.07.11 by jpshortstuff
Log created at 23:12 on 25/09/2012 by Tech
Administrator - Elevation successful
========== filefind ==========
Searching for "*chrome* "
C:\chrome\chrome.exe --a---- 1004 bytes [21:49 19/09/2012] [07:56 20/09/2012] 54389A2C6212E863FCE9CF595FFD078C
C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\lib\deploy\jqs\ff\chrome.manifest --a--c- 108 bytes [23:44 01/03/2010] [23:44 01/03/2010] 7B43D30D4AE41144DE0BDF0DEC1CA287
C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\4932L9ET\actionlaunchchrome[1].js --a---- 711 bytes [21:52 19/09/2012] [21:52 19/09/2012] EECE1E5BC0D3224F4418EAA0A77BC840
C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\4932L9ET\chrome-48[1].png --a---- 1834 bytes [08:15 19/09/2012] [08:15 19/09/2012] 3FE84B8B53D7401B32FABD0C70F211BB
C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\4932L9ET\chrome-content-sep[1].png --a---- 345 bytes [21:39 19/09/2012] [21:39 19/09/2012] AF01BFFBDD2F882BF534A962DFD5B007
C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\4986L9F3\gc_cds_160x600_A_chrome_en[1].swf --a---- 40512 bytes [22:30 24/09/2012] [22:30 24/09/2012] F312B2E1EAEC71811655FB754BFB025D
C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\9D7HRYB2\chrome-48[1].png --a---- 1834 bytes [20:31 24/09/2012] [20:31 24/09/2012] 3FE84B8B53D7401B32FABD0C70F211BB
C:\Documents and Settings\Tech\Local Settings\Temporary Internet Files\Content.IE5\NNYX96UM\gc_cds_160x600_B_nonchrome_en[1].swf --a---- 40398 bytes [22:30 24/09/2012] [22:30 24/09/2012] B042FA9F234A174A60E233DFA866A537
C:\Qoobox\Quarantine\C\chrome\chrome.exe.vir --a---- 1004 bytes [09:06 08/09/2012] [08:00 19/09/2012] 54389A2C6212E863FCE9CF595FFD078C
C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_jar.3643236F_FC70_11D3_A536_0090278A1BB8 -ra--c- 29500 bytes [17:28 30/05/2008] [17:28 30/05/2008] E4A1F93E2DCEC1FDFF473D429D20373D
C:\WINDOWS\Installer\$PatchCache$\Managed\26DDC2EC4210AC63483DF9D4FCC5B59D\3.5.30729\Chrome_manifest.3643236F_FC70_11D3_A536_0090278A1BB8 -ra--c- 1880 bytes [12:00 29/05/2008] [12:00 29/05/2008] 7ECCABD395D6116AC38152F395D68771
Searching for " "
No files found.
========== folderfind ==========
Searching for "*chrome* "
C:\chrome d--hs-- [21:49 19/09/2012]
C:\Documents and Settings\All Users\Application Data\Adobe\CS5\jre\lib\deploy\jqs\ff\chrome d------ [21:27 29/02/2012]
C:\Documents and Settings\Tech\Local Settings\Application Data\Google\Chrome d------ [12:23 02/09/2012]
C:\Documents and Settings\Tech\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0 d------ [12:23 02/09/2012]
C:\Qoobox\Quarantine\C\chrome d------ [08:09 19/09/2012]
Searching for " "
No folders found.
========== regfind ==========
Searching for "chrome"
[HKEY_CURRENT_USER\Software\GNU\ffdshow]
"whitelist"="3wPlayer.exe;ACDSee10.exe;ACDSee11.exe;ACDSee5.exe;ACDSee6.exe;ACDSee7.exe;ACDSee8.exe;ACDSee8Pro.exe;ACDSee9.exe;ACDSeePro2.exe;ACDSeePro25.exe;acdseepro3.exe;aegisub.exe;afreecaplayer.exe;afreecastudio.exe;AfterFX.exe;aim6.exe;ALLPlayer.exe;allradio.exe;AlltoaviV4.exe;ALShow.exe;ALSong.exe;AltDVB.exe;amcap.exe;amf_slv.exe;amvtransform.exe;Apollo DivX to DVD Creator.exe;Apollo3GPVideoConverter.exe;Ares.exe;AsfTools.exe;ass_help3r.exe;ASUSDVD.exe;Audition.exe;AutoGK.exe;autorun.exe;avant.exe;AVerTV.exe;Avi2Dvd.exe;avi2mpg.exe;avicodec.exe;avipreview.exe;aviutl.exe;avs2avi.exe;Badak.exe;BearShare.exe;BePipe.exe;bestplayer.exe;bestplayer1.0.exe;bestpl~1.exe;BitComet.exe;BlazeDVD.exe;BoonPlayer.exe;bplay.exe;bsplay.exe;bsplayer.exe;BTVD3DShell.exe;CamRecorder.exe;CamtasiaStudio.exe;carom.exe;CEC_MAIN.exe;christv.exe;chrome.exe;cinemaplayer.exe;CinergyDVR.exe;CodecInstaller.exe;ConvertXtoDvd.exe;coolpro2.exe;CorePlayer.exe;Crystal.exe;crystalfree.exe;CrystalP
[HKEY_CURRENT_USER\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="chrome"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"a"="C:\chrome\chrome.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\chrome\chrome.exe"="chrome"
[HKEY_CURRENT_USER\Software\Skype\Phone\UI]
"InstallInfo"="google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled,skype-widget:notofferedFF;notsupported,skype-widget:offered-installedIE,skype-widget:notofferedGC;notsupported,skype-widget:5.8.8855"
[HKEY_CURRENT_USER\Software\Skype\Phone\UI]
"ChromeInstallInfo"="google-chrome:notoffered;disabled"
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Google\No Chrome Offer Until]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0ECC861D234F1A966594D7B88147F142]
"DBDB1253354DF9D5AA55447BD5126492"="C:\Program Files\Adobe\Adobe Help\Themes\DarkChrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ABC1E90208147605CC71ACB6D16FC055]
"DBDB1253354DF9D5AA55447BD5126492"="C:\Program Files\Adobe\Adobe Help\Themes\LightChrome\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chrome"="C:\chrome\chrome.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ndkhncnongaclekkbelchmeafffimifj]
"path"="C:\Documents and Settings\Tech\Local Settings\Application Data\Giant Savings\Chrome\Giant Savings.crx"
[HKEY_USERS\.DEFAULT\Software\KasperskyLab\protected\AVP12\ChromeVkbdExtension]
[HKEY_USERS\.DEFAULT\Software\Skype\Toolbars\Chrome]
[HKEY_USERS\S-1-5-21-507921405-2000478354-1801674531-1003\Software\GNU\ffdshow]
"whitelist"="3wPlayer.exe;ACDSee10.exe;ACDSee11.exe;ACDSee5.exe;ACDSee6.exe;ACDSee7.exe;ACDSee8.exe;ACDSee8Pro.exe;ACDSee9.exe;ACDSeePro2.exe;ACDSeePro25.exe;acdseepro3.exe;aegisub.exe;afreecaplayer.exe;afreecastudio.exe;AfterFX.exe;aim6.exe;ALLPlayer.exe;allradio.exe;AlltoaviV4.exe;ALShow.exe;ALSong.exe;AltDVB.exe;amcap.exe;amf_slv.exe;amvtransform.exe;Apollo DivX to DVD Creator.exe;Apollo3GPVideoConverter.exe;Ares.exe;AsfTools.exe;ass_help3r.exe;ASUSDVD.exe;Audition.exe;AutoGK.exe;autorun.exe;avant.exe;AVerTV.exe;Avi2Dvd.exe;avi2mpg.exe;avicodec.exe;avipreview.exe;aviutl.exe;avs2avi.exe;Badak.exe;BearShare.exe;BePipe.exe;bestplayer.exe;bestplayer1.0.exe;bestpl~1.exe;BitComet.exe;BlazeDVD.exe;BoonPlayer.exe;bplay.exe;bsplay.exe;bsplayer.exe;BTVD3DShell.exe;CamRecorder.exe;CamtasiaStudio.exe;carom.exe;CEC_MAIN.exe;christv.exe;chrome.exe;cinemaplayer.exe;CinergyDVR.exe;CodecInstaller.exe;ConvertXtoDvd.exe;coolpro2.exe;CorePlayer.e
[HKEY_USERS\S-1-5-21-507921405-2000478354-1801674531-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"000"="chrome"
[HKEY_USERS\S-1-5-21-507921405-2000478354-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\exe]
"a"="C:\chrome\chrome.exe"
[HKEY_USERS\S-1-5-21-507921405-2000478354-1801674531-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"C:\chrome\chrome.exe"="chrome"
[HKEY_USERS\S-1-5-21-507921405-2000478354-1801674531-1003\Software\Skype\Phone\UI]
"InstallInfo"="google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled,skype-widget:notofferedFF;notsupported,skype-widget:offered-installedIE,skype-widget:notofferedGC;notsupported,skype-widget:5.8.8855"
[HKEY_USERS\S-1-5-21-507921405-2000478354-1801674531-1003\Software\Skype\Phone\UI]
"ChromeInstallInfo"="google-chrome:notoffered;disabled"
[HKEY_USERS\S-1-5-18\Software\KasperskyLab\protected\AVP12\ChromeVkbdExtension]
[HKEY_USERS\S-1-5-18\Software\Skype\Toolbars\Chrome]
-= EOF =-
-
Oh yes
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 21/06/2010 10:21:02
System Uptime: 24/09/2012 07:00:46 (5 hours ago)
.
Motherboard: Intel Corporation | | D945GCCR
Processor: Intel® Celeron® D CPU 3.20GHz | LGA 775 | 3192/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 77 GiB total, 31.449 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Belkin F6D4050 Enhanced Wireless USB Adapter
Device ID: USB\VID_050D&PID_935A\1.0
Manufacturer: Belkin International, Inc.
Name: Belkin F6D4050 Enhanced Wireless USB Adapter #3
PNP Device ID: USB\VID_050D&PID_935A\1.0
Service: rt2870
.
==== System Restore Points ===================
.
RP542: 26/06/2012 13:11:55 - Software Distribution Service 3.0
RP543: 27/06/2012 13:10:46 - Software Distribution Service 3.0
RP544: 28/06/2012 14:01:01 - System Checkpoint
RP545: 28/06/2012 20:44:53 - Software Distribution Service 3.0
RP546: 30/06/2012 13:48:06 - Software Distribution Service 3.0
RP547: 01/07/2012 16:36:24 - Software Distribution Service 3.0
RP548: 02/07/2012 18:19:30 - Software Distribution Service 3.0
RP549: 03/07/2012 10:31:11 - Sony PC Companion
RP550: 04/07/2012 09:03:22 - Software Distribution Service 3.0
RP551: 05/07/2012 09:48:10 - Software Distribution Service 3.0
RP552: 06/07/2012 10:35:49 - System Checkpoint
RP553: 07/07/2012 08:34:16 - Software Distribution Service 3.0
RP554: 08/07/2012 11:01:16 - Software Distribution Service 3.0
RP555: 08/07/2012 11:13:11 - Software Distribution Service 3.0
RP556: 08/07/2012 16:41:49 - Uninstalled Sony Ericsson Drivers
RP557: 08/07/2012 16:42:02 - Installed Sony Ericsson Drivers
RP558: 08/07/2012 16:45:43 - Installed Windows XP Wdf01009.
RP559: 09/07/2012 16:59:42 - System Checkpoint
RP560: 10/07/2012 08:39:00 - Software Distribution Service 3.0
RP561: 11/07/2012 08:40:02 - System Checkpoint
RP562: 12/07/2012 14:05:43 - Software Distribution Service 3.0
RP563: 12/07/2012 14:45:25 - Software Distribution Service 3.0
RP564: 13/07/2012 14:29:21 - Software Distribution Service 3.0
RP565: 13/07/2012 21:17:10 - Software Distribution Service 3.0
RP566: 14/07/2012 21:19:19 - System Checkpoint
RP567: 15/07/2012 01:10:00 - Software Distribution Service 3.0
RP568: 16/07/2012 03:13:51 - System Checkpoint
RP569: 16/07/2012 08:46:41 - Software Distribution Service 3.0
RP570: 17/07/2012 08:47:08 - System Checkpoint
RP571: 17/07/2012 08:48:20 - Software Distribution Service 3.0
RP572: 18/07/2012 10:45:40 - Software Distribution Service 3.0
RP573: 19/07/2012 03:01:43 - Removed Nero 7 Ultra Edition
RP574: 19/07/2012 03:16:09 - Installed Nero 7 Ultra Edition
RP575: 19/07/2012 12:31:16 - Software Distribution Service 3.0
RP576: 19/07/2012 12:39:29 - Software Distribution Service 3.0
RP577: 19/07/2012 12:44:40 - Removed Nero 7 Ultra Edition
RP578: 19/07/2012 13:40:55 - Installed Nero 7 Ultra Edition
RP579: 19/07/2012 13:49:33 - Removed Nero 7 Ultra Edition
RP580: 19/07/2012 13:58:08 - Installed Nero 7 Ultra Edition
RP581: 20/07/2012 14:01:10 - System Checkpoint
RP582: 20/07/2012 20:22:00 - Software Distribution Service 3.0
RP583: 21/07/2012 22:39:51 - System Checkpoint
RP584: 22/07/2012 01:39:28 - Software Distribution Service 3.0
RP585: 22/07/2012 16:46:36 - Software Distribution Service 3.0
RP586: 23/07/2012 16:55:57 - System Checkpoint
RP587: 23/07/2012 20:15:17 - Software Distribution Service 3.0
RP588: 24/07/2012 22:50:04 - Software Distribution Service 3.0
RP589: 26/07/2012 07:39:27 - Software Distribution Service 3.0
RP590: 04/08/2012 09:25:47 - Software Distribution Service 3.0
RP591: 05/08/2012 12:35:59 - Software Distribution Service 3.0
RP592: 06/08/2012 17:27:05 - Software Distribution Service 3.0
RP593: 07/08/2012 18:14:35 - System Checkpoint
RP594: 08/08/2012 09:19:29 - Software Distribution Service 3.0
RP595: 09/08/2012 11:13:41 - System Checkpoint
RP596: 10/08/2012 08:36:27 - Software Distribution Service 3.0
RP597: 11/08/2012 11:51:54 - System Checkpoint
RP598: 11/08/2012 22:38:30 - Software Distribution Service 3.0
RP599: 13/08/2012 09:01:48 - Software Distribution Service 3.0
RP600: 29/08/2012 09:54:02 - Software Distribution Service 3.0
RP601: 29/08/2012 23:22:19 - Software Distribution Service 3.0
RP602: 30/08/2012 12:46:53 - Software Distribution Service 3.0
RP603: 30/08/2012 22:47:45 - Removed Java 7 Update 5
RP604: 30/08/2012 22:47:59 - Installed Java 7 Update 7
RP605: 31/08/2012 19:02:07 - Software Distribution Service 3.0
RP606: 01/09/2012 19:21:28 - System Checkpoint
RP607: 02/09/2012 08:27:26 - Software Distribution Service 3.0
RP608: 03/09/2012 11:49:02 - Software Distribution Service 3.0
RP609: 04/09/2012 16:26:10 - Software Distribution Service 3.0
RP610: 05/09/2012 20:14:33 - Software Distribution Service 3.0
RP611: 06/09/2012 20:42:50 - System Checkpoint
RP612: 07/09/2012 12:20:18 - Software Distribution Service 3.0
RP613: 08/09/2012 12:57:25 - System Checkpoint
RP614: 08/09/2012 20:15:11 - Software Distribution Service 3.0
RP615: 10/09/2012 06:04:40 - Software Distribution Service 3.0
RP616: 11/09/2012 12:21:31 - Software Distribution Service 3.0
RP617: 12/09/2012 12:53:31 - System Checkpoint
RP618: 12/09/2012 21:15:31 - Software Distribution Service 3.0
RP619: 13/09/2012 21:16:26 - Software Distribution Service 3.0
RP620: 13/09/2012 23:29:55 - Software Distribution Service 3.0
RP621: 15/09/2012 10:22:57 - Software Distribution Service 3.0
RP622: 15/09/2012 11:14:19 - Removed Skype Click to Call
RP623: 16/09/2012 01:51:13 - Software Distribution Service 3.0
RP624: 17/09/2012 08:51:59 - Software Distribution Service 3.0
RP625: 18/09/2012 10:03:16 - Software Distribution Service 3.0
RP626: 18/09/2012 23:20:21 - Software Distribution Service 3.0
RP627: 20/09/2012 08:55:30 - Software Distribution Service 3.0
RP628: 21/09/2012 12:41:12 - Software Distribution Service 3.0
RP629: 22/09/2012 13:13:26 - System Checkpoint
RP630: 23/09/2012 02:31:14 - Software Distribution Service 3.0
RP631: 23/09/2012 11:59:43 - Software Distribution Service 3.0
RP632: 24/09/2012 12:04:51 - System Checkpoint
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS5.1
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Any Video Converter Ultimate 4.3.9
Any Video Converter Ultimate Crack version 4.3.9
Apple Application Support
Apple Software Update
Belkin F6D4050 Enhanced Wireless USB Adapter
Belkin Wireless USB Adapter Setup
Bonjour
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon Internet Library for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 1.6.1
Canon Utilities EOS Capture 1.3
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CCleaner
ConvertXtoDVD 4.1.19.365
CPUID CPU-Z 1.54
EOS Capture 1.3
ffdshow v1.2.4475 [2012-07-12]
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® Network Connections 15.1.29.0
Internet Explorer (Enable DEP)
Internet Library
Java 7 Update 7
Java Auto Updater
K-Lite Mega Codec Pack 8.9.5
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft IntelliType Pro 8.2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
PDF Settings CS5
Perseus 1.7.1 LT Konus
PhotoStitch
PxMergeModule
QuickTime
RAW Image Task 2.0
Realtek High Definition Audio Driver
Registry Mechanic 9.0.0.114
RemoteCapture Task 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skype™ 5.10
Sony Ericsson Update Engine
Sony PC Companion 2.10.079
SUPERAntiSpyware
swMSM
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687407) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB2736233)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIMICRO USB PC Camera (ZC0301PLH)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
ZC0301PLH_Driver_Setup
.
==== Event Viewer Messages From Past Week ========
.
20/09/2012 08:44:41, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 9444527C0329 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
18/09/2012 23:04:06, error: Service Control Manager [7034] - The DiskManager service terminated unexpectedly. It has done this 1 time(s).
.
==== End Of File ===========================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Tech at 12:40:02 on 2012-09-24
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.556 [GMT 1:00]
.
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\VMSnap3.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [VMSnap3] c:\windows\VMSnap3.exe
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Chrome] c:\chrome\chrome.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F}
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277118227109
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: Interfaces\{7E5FACE1-1C1B-49BA-AE2B-EC41084F3E67} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B9A4682F-FC9A-44FA-9EC3-4C73BE5B83A0} : DhcpNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-3-31 565552]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-12 116608]
R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [2005-6-1 5314]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-21 20968]
R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [2005-6-1 7610]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2012-7-23 32896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-29 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-11-22 1691480]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-6-19 12400]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-29 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-9-1 35144]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-11-11 19056]
S3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2012-4-25 637952]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-11-25 606056]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-6-19 155320]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2011-12-23 475136]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [2011-12-23 1474560]
.
=============== Created Last 30 ================
.
2012-09-23 10:59:45 6980552 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{e1697119-f895-445c-8661-6bfb95a8f771}\mpengine.dll
2012-09-23 01:31:17 6980552 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-09-19 21:49:14 -------- d-sh--w- C:\chrome
2012-09-19 08:00:35 -------- d-----w- C:\ComboFix
2012-09-15 09:28:33 -------- d-----w- c:\documents and settings\tech\application data\Rovio
2012-09-04 11:14:06 -------- d--h--w- c:\windows\PIF
2012-09-02 12:57:55 -------- d-sha-r- C:\cmdcons
2012-09-02 12:56:00 208896 ----a-w- c:\windows\MBR.exe
2012-09-02 12:55:59 98816 ----a-w- c:\windows\sed.exe
2012-09-02 12:55:59 518144 ----a-w- c:\windows\SWREG.exe
2012-09-02 12:55:59 256000 ----a-w- c:\windows\PEV.exe
2012-09-01 08:13:58 -------- d-----w- c:\program files\CCleaner
2012-09-01 07:15:44 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-08-30 21:48:49 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 21:48:40 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-09-19 21:53:25 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-09-19 21:53:25 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-30 21:48:20 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-30 21:48:20 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-14 13:38:14 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2012-07-08 15:42:03 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-08 15:42:03 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-08 15:42:03 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 12:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec
.
============= FINISH: 12:40:55.07 ===============
-
Hi
Can you tell me how to generate a DDS log file please?
-
Hi there
Just booted my PC up this morning and still the same problem.
-
ComboFix 12-09-18.07 - Tech 19/09/2012 9:02.8.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.587 [GMT 1:00]
Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tech\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\chrome
c:\chrome\chrome.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-19 to 2012-09-19 )))))))))))))))))))))))))))))))
.
.
2012-09-18 22:16 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{759776D8-EAB2-4CE5-B63A-F7694AA46CD7}\mpengine.dll
2012-09-17 07:52 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-15 09:28 . 2012-09-15 09:28 -------- d-----w- c:\documents and settings\Tech\Application Data\Rovio
2012-09-04 11:14 . 2012-09-04 11:14 -------- d--h--w- c:\windows\PIF
2012-09-01 08:13 . 2012-09-01 08:14 -------- d-----w- c:\program files\CCleaner
2012-09-01 07:15 . 2012-09-01 07:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-08-30 21:49 . 2012-08-30 21:49 -------- d-----w- c:\program files\Common Files\Java
2012-08-30 21:48 . 2012-08-30 21:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 21:48 . 2012-08-30 21:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 21:48 . 2012-06-19 13:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-30 21:48 . 2012-06-19 13:44 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-05 11:27 . 2012-04-03 20:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-05 11:27 . 2011-08-08 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-14 13:38 . 2012-07-10 20:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2012-07-08 15:42 . 2012-07-08 15:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-08 15:42 . 2012-06-19 13:45 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-08 15:42 . 2012-06-19 13:45 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-06-21 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 12:46 . 2012-04-22 08:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tech^Start Menu^Programs^Startup^TalkTalk Setup CD Reporting Tool.exe]
backup=c:\windows\pss\TalkTalk Setup CD Reporting Tool.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 16:15 49152 ----a-w- c:\windows\VMSnap3.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PerseusLT\\psupdate.exe"=
"c:\\Program Files\\PeerBlock\\peerblock.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [12/08/2011 00:38 116608]
R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [01/06/2005 14:07 5314]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21/06/2010 10:31 20968]
R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [01/06/2005 14:07 7610]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [23/07/2012 13:47 32896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [20/03/2012 08:41 609792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 13:28 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/11/2011 15:06 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19/06/2012 14:45 12400]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/09/2012 08:15 35144]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 13:00 14336]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/11/2011 10:30 47360]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/11/2010 07:59 606056]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19/06/2012 14:38 155320]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [23/12/2011 12:58 475136]
S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [23/12/2011 12:58 1474560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-TECH0001-Tech.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-29 08:46]
.
2012-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-09-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]
.
2012-09-19 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
.
2012-09-19 c:\windows\Tasks\User_Feed_Synchronization-{1D989DC0-EBAA-4B39-896D-221ABA46EDC2}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-19 09:10
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
Completion time: 2012-09-19 09:13:34
ComboFix-quarantined-files.txt 2012-09-19 08:13
ComboFix2.txt 2012-09-18 22:16
ComboFix3.txt 2012-09-05 14:28
ComboFix4.txt 2012-09-05 14:05
ComboFix5.txt 2012-09-19 08:00
.
Pre-Run: 32,452,415,488 bytes free
Post-Run: 32,461,537,280 bytes free
.
- - End Of File - - A2AE962D1A9EE55E68186AC76569D008
-
ComboFix 12-09-18.06 - Tech 18/09/2012 23:04:27.7.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.556 [GMT 1:00]
Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
.
.
((((((((((((((((((((((((( Files Created from 2012-08-18 to 2012-09-18 )))))))))))))))))))))))))))))))
.
.
2012-09-18 22:01 . 2012-09-18 22:01 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B62A7BF1-3E11-4508-8B84-B831C9652568}\MpKslbfdb1d44.sys
2012-09-18 09:03 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B62A7BF1-3E11-4508-8B84-B831C9652568}\mpengine.dll
2012-09-17 07:52 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-15 09:28 . 2012-09-15 09:28 -------- d-----w- c:\documents and settings\Tech\Application Data\Rovio
2012-09-05 14:25 . 2012-09-08 09:06 -------- d-----w- C:\chrome
2012-09-04 11:14 . 2012-09-04 11:14 -------- d--h--w- c:\windows\PIF
2012-09-01 08:13 . 2012-09-01 08:14 -------- d-----w- c:\program files\CCleaner
2012-09-01 07:15 . 2012-09-01 07:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-08-30 21:49 . 2012-08-30 21:49 -------- d-----w- c:\program files\Common Files\Java
2012-08-30 21:48 . 2012-08-30 21:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 21:48 . 2012-08-30 21:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 21:48 . 2012-06-19 13:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-30 21:48 . 2012-06-19 13:44 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-05 11:27 . 2012-04-03 20:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-05 11:27 . 2011-08-08 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-14 13:38 . 2012-07-10 20:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2012-07-08 15:42 . 2012-07-08 15:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-08 15:42 . 2012-06-19 13:45 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-08 15:42 . 2012-06-19 13:45 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-06-21 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 12:46 . 2012-04-22 08:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Chrome"="c:\chrome\chrome.exe" [2012-09-18 1004]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tech^Start Menu^Programs^Startup^TalkTalk Setup CD Reporting Tool.exe]
backup=c:\windows\pss\TalkTalk Setup CD Reporting Tool.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 16:15 49152 ----a-w- c:\windows\VMSnap3.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PerseusLT\\psupdate.exe"=
"c:\\Program Files\\PeerBlock\\peerblock.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352]
R1 MpKslbfdb1d44;MpKslbfdb1d44;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{B62A7BF1-3E11-4508-8B84-B831C9652568}\MpKslbfdb1d44.sys [18/09/2012 23:01 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [12/08/2011 00:38 116608]
R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [01/06/2005 14:07 5314]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21/06/2010 10:31 20968]
R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [01/06/2005 14:07 7610]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [23/07/2012 13:47 32896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [20/03/2012 08:41 609792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 13:28 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/11/2011 15:06 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19/06/2012 14:45 12400]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/09/2012 08:15 35144]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 13:00 14336]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/11/2011 10:30 47360]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/11/2010 07:59 606056]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19/06/2012 14:38 155320]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [23/12/2011 12:58 475136]
S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [23/12/2011 12:58 1474560]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLBFDB1D44
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-15 c:\windows\Tasks\AdobeAAMUpdater-1.0-TECH0001-Tech.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-29 08:46]
.
2012-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]
.
2012-09-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]
.
2012-09-18 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
.
2012-09-18 c:\windows\Tasks\User_Feed_Synchronization-{1D989DC0-EBAA-4B39-896D-221ABA46EDC2}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-18 23:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1400)
c:\windows\system32\sxs.dll
.
- - - - - - - > 'explorer.exe'(3812)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-09-18 23:16:21
ComboFix-quarantined-files.txt 2012-09-18 22:16
ComboFix2.txt 2012-09-05 14:28
ComboFix3.txt 2012-09-05 14:05
ComboFix4.txt 2012-09-04 15:45
ComboFix5.txt 2012-09-18 22:02
.
Pre-Run: 32,118,263,808 bytes free
Post-Run: 32,521,949,184 bytes free
.
- - End Of File - - FC0220158E4C38EED22C767C64A54C83
-
Hi there
Yes im still with you lol
Sorry been busy with work but back to normal now for a week or so.
I have followed your instructions carefully but when i re-boot my pc immediately beeps and comes up with a DOS window and an error message saying something along the lines of '16 bit dos error' 'illegal instruction from Chrome....'
I don't actuially have Chrome installed on my pc and havent had for a long time.
Thanks for sticking with me Maniac.
Would it be easier just to transfer my files to my partners pc and format mine?
-
Hi there
Appologies for no reply but i have been away with work for the last week.
I have done as Maniac instructed and everything looks good, however, i have rebooted by pc and same thing is coming up. 'Chrome has attempted an illegal instruction etc
'
-
ComboFix 12-09-05.01 - Tech 05/09/2012 15:14:11.6.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.556 [GMT 1:00]
Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tech\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\chrome
c:\chrome\chrome.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-05 to 2012-09-05 )))))))))))))))))))))))))))))))
.
.
2012-09-05 14:08 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{55F59D9F-024F-45AD-956B-504AFB6B0265}\mpengine.dll
2012-09-04 12:56 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-04 11:44 . 2012-09-04 11:44 -------- d-----w- c:\program files\ESET
2012-09-04 11:14 . 2012-09-04 11:14 -------- d--h--w- c:\windows\PIF
2012-09-01 08:13 . 2012-09-01 08:14 -------- d-----w- c:\program files\CCleaner
2012-09-01 07:15 . 2012-09-01 07:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-08-30 21:49 . 2012-08-30 21:49 -------- d-----w- c:\program files\Common Files\Java
2012-08-30 21:48 . 2012-08-30 21:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 21:48 . 2012-08-30 21:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-06 17:48 . 2012-08-06 17:54 -------- d-----w- c:\program files\Gabest
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 21:48 . 2012-06-19 13:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-30 21:48 . 2012-06-19 13:44 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-05 11:27 . 2012-04-03 20:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-05 11:27 . 2011-08-08 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-14 13:38 . 2012-07-10 20:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2012-07-08 15:42 . 2012-07-08 15:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-08 15:42 . 2012-06-19 13:45 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-08 15:42 . 2012-06-19 13:45 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-06-21 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 12:46 . 2012-04-22 08:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-06-19 13:45 . 2012-06-19 13:45 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Chrome"="c:\chrome\chrome.exe" [2012-09-05 1004]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tech^Start Menu^Programs^Startup^TalkTalk Setup CD Reporting Tool.exe]
backup=c:\windows\pss\TalkTalk Setup CD Reporting Tool.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 16:15 49152 ----a-w- c:\windows\VMSnap3.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PerseusLT\\psupdate.exe"=
"c:\\Program Files\\PeerBlock\\peerblock.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [01/06/2005 14:07 5314]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21/06/2010 10:31 20968]
R2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [20/03/2012 08:41 609792]
R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [01/06/2005 14:07 7610]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13:33 3064000]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [23/07/2012 13:47 32896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 08:50 158856]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/11/2011 15:06 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19/06/2012 14:45 12400]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/09/2012 08:15 35144]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 13:00 14336]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/11/2011 10:30 47360]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/11/2010 07:59 606056]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19/06/2012 14:38 155320]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [23/12/2011 12:58 475136]
S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [23/12/2011 12:58 1474560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-TECH0001-Tech.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-29 08:46]
.
2012-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]
.
2012-09-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]
.
2012-09-05 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-05 15:23
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1404)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2144)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2012-09-05 15:28:36 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-05 14:28
ComboFix2.txt 2012-09-05 14:05
ComboFix3.txt 2012-09-04 15:45
ComboFix4.txt 2012-09-03 12:39
ComboFix5.txt 2012-09-05 14:12
.
Pre-Run: 26,613,223,424 bytes free
Post-Run: 26,604,564,480 bytes free
.
- - End Of File - - 72246DE9FF6C2C6F966FE02347A54AD2
-
ComboFix 12-09-04.02 - Tech 04/09/2012 16:32:17.4.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.552 [GMT 1:00]
Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((( Files Created from 2012-08-04 to 2012-09-04 )))))))))))))))))))))))))))))))
.
.
2012-09-04 15:26 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D8103920-E6DC-4CD4-AB79-A82F8A7FFB27}\mpengine.dll
2012-09-04 12:56 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-04 11:44 . 2012-09-04 11:44 -------- d-----w- c:\program files\ESET
2012-09-04 11:14 . 2012-09-04 11:14 -------- d--h--w- c:\windows\PIF
2012-09-03 12:35 . 2012-09-03 12:56 -------- d-----w- C:\chrome
2012-09-02 12:23 . 2012-09-02 12:29 -------- d-----w- c:\program files\DownloadManager
2012-09-02 12:23 . 2012-09-02 12:23 -------- d-----w- c:\documents and settings\Tech\Local Settings\Application Data\Giant Savings
2012-09-02 12:22 . 2012-09-04 12:07 -------- d-----w- c:\program files\Giant Savings
2012-09-01 08:13 . 2012-09-01 08:14 -------- d-----w- c:\program files\CCleaner
2012-09-01 07:15 . 2012-09-01 07:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-08-30 21:49 . 2012-08-30 21:49 -------- d-----w- c:\program files\Common Files\Java
2012-08-30 21:48 . 2012-08-30 21:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 21:48 . 2012-08-30 21:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-06 17:48 . 2012-08-06 17:54 -------- d-----w- c:\program files\Gabest
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 21:48 . 2012-06-19 13:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-30 21:48 . 2012-06-19 13:44 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-05 11:27 . 2012-04-03 20:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-05 11:27 . 2011-08-08 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-14 13:38 . 2012-07-10 20:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2012-07-08 15:42 . 2012-07-08 15:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-08 15:42 . 2012-06-19 13:45 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-08 15:42 . 2012-06-19 13:45 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-06-21 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 12:46 . 2012-04-22 08:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-06-19 13:45 . 2012-06-19 13:45 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Chrome"="c:\chrome\chrome.exe" [2012-09-04 1004]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tech^Start Menu^Programs^Startup^TalkTalk Setup CD Reporting Tool.exe]
backup=c:\windows\pss\TalkTalk Setup CD Reporting Tool.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 16:15 49152 ----a-w- c:\windows\VMSnap3.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PerseusLT\\psupdate.exe"=
"c:\\Program Files\\PeerBlock\\peerblock.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352]
R1 MpKsledc064fb;MpKsledc064fb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92A3F554-1D98-41AA-AB95-6F6D317D56FA}\MpKsledc064fb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92A3F554-1D98-41AA-AB95-6F6D317D56FA}\MpKsledc064fb.sys [?]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [01/06/2005 14:07 5314]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21/06/2010 10:31 20968]
R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [01/06/2005 14:07 7610]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [23/07/2012 13:47 32896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [20/03/2012 08:41 609792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13:33 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 08:50 158856]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/11/2011 15:06 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19/06/2012 14:45 12400]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/09/2012 08:15 35144]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 13:00 14336]
S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [11/11/2011 10:21 19056]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/11/2011 10:30 47360]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/11/2010 07:59 606056]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19/06/2012 14:38 155320]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [23/12/2011 12:58 475136]
S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [23/12/2011 12:58 1474560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-TECH0001-Tech.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-29 08:46]
.
2012-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]
.
2012-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]
.
2012-09-04 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = isa_websense:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-04 16:41
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1400)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3048)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2012-09-04 16:45:09
ComboFix-quarantined-files.txt 2012-09-04 15:45
ComboFix2.txt 2012-09-03 12:39
ComboFix3.txt 2012-09-02 13:51
ComboFix4.txt 2012-09-02 13:12
.
Pre-Run: 26,632,241,152 bytes free
Post-Run: 26,762,166,272 bytes free
.
- - End Of File - - 9F1E087B5E215D7E5658C90E34E8C6DE
-
ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=49501e7ced10e34a9fc97eec1744b549
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-04 12:41:58
# local_time=2012-09-04 01:41:58 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=1280 16777215 100 0 0 0 0 0
# compatibility_mode=2560 16777215 100 0 0 0 0 0
# compatibility_mode=5891 16776533 42 92 537 14490210 0 0
# compatibility_mode=8192 67108863 100 0 196 196 0 0
# scanned=71074
# found=6
# cleaned=6
# scan_time=3258
C:\Program Files\Giant Savings\Giant Savings.dll Win32/Toolbar.CrossRider application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\chrome\chrome\%DRIVE~1\chrome\prtest.exe.vir a variant of Win32/Adware.SafeSurf.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Qoobox\Quarantine\C\chrome\chrome\%DRIVE~1\chrome\SURFGU~1.EXE.vir a variant of Win32/Adware.SafeSurf.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B2A1FAE3-805C-4CCE-9542-318AC7067479}\RP607\A0092080.exe a variant of Win32/Adware.SafeSurf.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B2A1FAE3-805C-4CCE-9542-318AC7067479}\RP607\A0092082.exe a variant of Win32/Adware.SafeSurf.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\System Volume Information\_restore{B2A1FAE3-805C-4CCE-9542-318AC7067479}\RP608\A0092490.dll Win32/Toolbar.CrossRider application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
-
scan has no report to save as no threats were found. What shall i do next Maniac?
Regards
Alanmads
-
Malwarebytes Anti-Malware 1.62.0.1300
Database version: v2012.09.03.05
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Tech :: TECH0001 [administrator]
03/09/2012 13:48:21
mbam-log-2012-09-03 (13-48-21).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 208310
Time elapsed: 4 minute(s), 39 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 6
HKCR\CrossriderApp0004479.BHO (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCR\CrossriderApp0004479.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\Software\InstalledBrowserExtensions\215 Apps|4479 (PUP.CrossFire.SA) -> Data: Giant Savings -> Quarantined and deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Chrome (Trojan.Agent) -> Data: C:\chrome\chrome.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\chrome\chrome.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-03 13:57:38
-----------------------------
13:57:38.687 OS Version: Windows 5.1.2600 Service Pack 3
13:57:38.687 Number of processors: 1 586 0x605
13:57:38.687 ComputerName: TECH0001 UserName: Tech
13:57:39.859 Initialize success
13:59:47.312 AVAST engine defs: 12090300
14:00:16.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
14:00:16.640 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OAB3A Size: 78533MB BusType: 3
14:00:16.656 Disk 0 MBR read successfully
14:00:16.656 Disk 0 MBR scan
14:00:16.718 Disk 0 Windows XP default MBR code
14:00:16.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78528 MB offset 63
14:00:16.734 Disk 0 scanning sectors +160826715
14:00:16.796 Disk 0 scanning C:\WINDOWS\system32\drivers
14:00:27.140 Service scanning
14:00:52.593 Modules scanning
14:01:00.671 Disk 0 trace - called modules:
14:01:00.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:01:00.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f1bab8]
14:01:01.187 3 CLASSPNP.SYS[f76befd7] -> nt!IofCallDriver -> \Device\0000006f[0x86f53a00]
14:01:01.187 5 ACPI.sys[f7545620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x86fabb00]
14:01:02.046 AVAST engine scan C:\WINDOWS
14:01:11.750 AVAST engine scan C:\WINDOWS\system32
14:03:48.812 AVAST engine scan C:\WINDOWS\system32\drivers
14:04:02.156 AVAST engine scan C:\Documents and Settings\Tech
14:07:31.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tech\Desktop\MBR.dat"
14:07:31.968 The log file has been saved successfully to "C:\Documents and Settings\Tech\Desktop\aswMBR.txt"
aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-09-03 13:57:38
-----------------------------
13:57:38.687 OS Version: Windows 5.1.2600 Service Pack 3
13:57:38.687 Number of processors: 1 586 0x605
13:57:38.687 ComputerName: TECH0001 UserName: Tech
13:57:39.859 Initialize success
13:59:47.312 AVAST engine defs: 12090300
14:00:16.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5
14:00:16.640 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OAB3A Size: 78533MB BusType: 3
14:00:16.656 Disk 0 MBR read successfully
14:00:16.656 Disk 0 MBR scan
14:00:16.718 Disk 0 Windows XP default MBR code
14:00:16.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78528 MB offset 63
14:00:16.734 Disk 0 scanning sectors +160826715
14:00:16.796 Disk 0 scanning C:\WINDOWS\system32\drivers
14:00:27.140 Service scanning
14:00:52.593 Modules scanning
14:01:00.671 Disk 0 trace - called modules:
14:01:00.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
14:01:00.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f1bab8]
14:01:01.187 3 CLASSPNP.SYS[f76befd7] -> nt!IofCallDriver -> \Device\0000006f[0x86f53a00]
14:01:01.187 5 ACPI.sys[f7545620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x86fabb00]
14:01:02.046 AVAST engine scan C:\WINDOWS
14:01:11.750 AVAST engine scan C:\WINDOWS\system32
14:03:48.812 AVAST engine scan C:\WINDOWS\system32\drivers
14:04:02.156 AVAST engine scan C:\Documents and Settings\Tech
14:07:31.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tech\Desktop\MBR.dat"
14:07:31.968 The log file has been saved successfully to "C:\Documents and Settings\Tech\Desktop\aswMBR.txt"
14:08:09.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tech\Desktop\MBR.dat"
14:08:09.218 The log file has been saved successfully to "C:\Documents and Settings\Tech\Desktop\aswMBR.txt"
-
ComboFix 12-08-31.08 - Tech 03/09/2012 13:24:41.3.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.558 [GMT 1:00]
Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tech\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\chrome
c:\chrome\chrome.exe
.
.
--------------- FCopy ---------------
.
c:\windows\erdnt\cache\svchost.exe --> c:\windows\system32\svchost.exe
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 10:49 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6CA06AE-5E59-4F99-815F-52892E83000A}\mpengine.dll
2012-09-02 14:28 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-02 12:23 . 2012-09-02 12:29 -------- d-----w- c:\program files\DownloadManager
2012-09-02 12:23 . 2012-09-02 12:23 -------- d-----w- c:\documents and settings\Tech\Local Settings\Application Data\Giant Savings
2012-09-02 12:22 . 2012-09-02 12:23 -------- d-----w- c:\program files\Giant Savings
2012-09-01 08:13 . 2012-09-01 08:14 -------- d-----w- c:\program files\CCleaner
2012-09-01 07:15 . 2012-09-01 07:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-08-30 21:49 . 2012-08-30 21:49 -------- d-----w- c:\program files\Common Files\Java
2012-08-30 21:48 . 2012-08-30 21:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 21:48 . 2012-08-30 21:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-06 17:48 . 2012-08-06 17:54 -------- d-----w- c:\program files\Gabest
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 21:48 . 2012-06-19 13:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-30 21:48 . 2012-06-19 13:44 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-05 11:27 . 2012-04-03 20:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-05 11:27 . 2011-08-08 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-14 13:38 . 2012-07-10 20:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2012-07-08 15:42 . 2012-07-08 15:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-08 15:42 . 2012-06-19 13:45 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-08 15:42 . 2012-06-19 13:45 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-06-21 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 12:46 . 2012-04-22 08:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-06-19 13:45 . 2012-06-19 13:45 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Chrome"="c:\chrome\chrome.exe" [2012-09-03 0]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tech^Start Menu^Programs^Startup^TalkTalk Setup CD Reporting Tool.exe]
backup=c:\windows\pss\TalkTalk Setup CD Reporting Tool.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 16:15 49152 ----a-w- c:\windows\VMSnap3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PerseusLT\\psupdate.exe"=
"c:\\Program Files\\PeerBlock\\peerblock.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [01/06/2005 14:07 5314]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21/06/2010 10:31 20968]
R2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [20/03/2012 08:41 609792]
R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [01/06/2005 14:07 7610]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13:33 3064000]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [23/07/2012 13:47 32896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 08:50 158856]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/11/2011 15:06 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19/06/2012 14:45 12400]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/09/2012 08:15 35144]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 13:00 14336]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/11/2011 10:30 47360]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/11/2010 07:59 606056]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19/06/2012 14:38 155320]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [23/12/2011 12:58 475136]
S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [23/12/2011 12:58 1474560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-TECH0001-Tech.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-29 08:46]
.
2012-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]
.
2012-09-03 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = isa_websense:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-03 13:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1100)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2704)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\RTHDCPL.EXE
.
**************************************************************************
.
Completion time: 2012-09-03 13:39:02 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-03 12:38
ComboFix2.txt 2012-09-02 13:51
ComboFix3.txt 2012-09-02 13:12
.
Pre-Run: 26,280,767,488 bytes free
Post-Run: 26,292,514,816 bytes free
.
- - End Of File - - 7FF492F1D3D4A53F37F566EA6D4F11ED
-
SystemLook 30.07.11 by jpshortstuff
Log created at 13:02 on 03/09/2012 by Tech
Administrator - Elevation successful
========== filefind ==========
Searching for "*svchost.exe*"
C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe --a---- 217672 bytes [08:51 22/04/2012] [12:46 03/07/2012] 8A7F34F0BBD076EC3815680A7309114F
C:\WINDOWS\erdnt\cache\svchost.exe --a---- 14336 bytes [13:10 02/09/2012] [12:00 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe --a---- 132096 bytes [18:16 29/07/2008] [18:16 29/07/2008] D34612C5D02D026535B3095D620626AE
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config --a--c- 1951 bytes [15:49 09/05/2008] [15:49 09/05/2008] 757BC33428B870035A16FD96B9DDB7FA
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe --a---- 124240 bytes [12:16 18/03/2010] [12:16 18/03/2010] D22CD77D4F0D63D1169BB35911BFF12D
C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.config --a---- 2262 bytes [02:23 31/08/2009] [02:23 31/08/2009] A9E7E2A3A82362D180CEA7EA1EDFA81A
C:\WINDOWS\system32\svchost.exe --a---- 14336 bytes [12:00 14/04/2008] [12:00 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
C:\WINDOWS\system32\dllcache\svchost.exe --a--c- 14336 bytes [12:00 14/04/2008] [12:00 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18
-= EOF =-
-
-
Ah right. Appologies, i didn't know.
Thanks MrCharlie.
-
Hi there.
I requested some assistance earlier with the removal of a stubborn Trojan (Chrome.exe).
Somebody called Maniac has been helping me on here however the person has just dissaperared and i am left part way through the fix.
Can anyone else help me please so i can finish what we started earlier today?
Kind regards
Alanmads
-
Hi Maniac.
Is there anything else i need to do?
Cheers
-
ComboFix 12-08-31.08 - Tech 02/09/2012 14:32:23.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.518 [GMT 1:00]
Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tech\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\chrome
c:\chrome\chrome.exe
c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\381814F6F5270FFBB27E244D6138BC023AF911D5.heu
c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\381814F6F5270FFBB27E244D6138BC023AF911D5.swz
c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\440AE73B017A477382DEFF7C0DBE4896FED21079.heu
c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\440AE73B017A477382DEFF7C0DBE4896FED21079.swz
c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\6344DCC80A9A6A3676DCEA0C92C8C45EFD2F3220.heu
c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\6344DCC80A9A6A3676DCEA0C92C8C45EFD2F3220.swz
c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\6DDB94AE3365798230849FA0F931AC132FE417D1.heu
c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\6DDB94AE3365798230849FA0F931AC132FE417D1.swz
c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\7421C71F94DB4F028E7528B2D278F3FE4DC21273.heu
c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\7421C71F94DB4F028E7528B2D278F3FE4DC21273.swz
c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\871F12AF0853C06E4EB80A1CCAB295CEADBB817A.heu
c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\871F12AF0853C06E4EB80A1CCAB295CEADBB817A.swz
c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\cacheSize.txt
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\ad1a.tankionline.com\AlternativaLoader.swf\name.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\ad1a.tankionline.com\localstorage.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\cdn.zopim.com\5y5vLwQkxYuPygDoX6oaMED1d1gu6U2ISession_SO.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\cdn.zopim.com\5y5vLwQkxYuPygDoX6oaMED1d1gu6U2IVolatile_SO.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\cdn.zopim.com\swf\ZClientController.swf\ZopConfig.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\heias.com\x\heias_sc.swf\heias.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\i0.poll.fm\swf\storage.swf\SwfStore.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\img.mail.ru\r\video2\player_v2.swf\MailRu.UniversalVideoPlayer.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\kiks.yandex.ru\fuid01.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\lookup.bluecava.com\machine_data.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\mpsnare.iesnare.com\stm.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\ph-static.phncdn.com\flash\pornhubSkin.swf\pornhub_opts.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\player.onescreen.net\1.8\s\MediaPlayer.swf\OsMediaPlayerId.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\podsos.com\newplayer\player.swf\hexaplayerVolumeCookie.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\podsos.com\player-3.swf\hexaplayerVolumeCookie.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\rutube.ru\analytics.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\rutube.ru\player.swf\rutube.cookies.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\s.ytimg.com\soundData.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\s.ytimg.com\videostats.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\st.pc.adonweb.ru\params.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\static.99widgets.com\polls\swf\poll.swf\xml.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\static.awempire.com\flash\custom-freechat\freechat182.swf\jasmin_versio.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\static.awempire.com\flash\custom-freechat\freechat182.swf\jasminmember01.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.mixcloud.com\media\swf\player\apiplayer.152.swf\_MixcloudVolumeProxySO.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.mixcloud.com\media\swf\player\apiplayer.152.swf\mccp_lso_hf74jsla02jcdb.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.mixcloud.com\media\swf\player\apiplayer.152.swf\mccp_lso_sfg87h299fh2.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.mixcloud.com\media\swf\player\apiplayer.153.swf\_MixcloudVolumeProxySO.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.mixcloud.com\media\swf\player\apiplayer.153.swf\mccp_lso_hf74jsla02jcdb.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.mixcloud.com\media\swf\player\apiplayer.153.swf\mccp_lso_sfg87h299fh2.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.needlive.com\swf\connectiontest3.swf\userData.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.needlive.com\swf\receiver_o.swf\userData.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.needlive.com\swf\receiver_o.swf\videoVolume.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.overkings.ru\swf\overkings209.swf\overkings_flash_enter.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.xvideos.com\sitevideos\flv_player_site_v4.swf\hexaplayerVolumeCookie.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ad1a.tankionline.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.btrll.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.zopim.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#counter.rambler.ru\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#embed.redtube.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#heias.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#i0.poll.fm\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#img.mail.ru\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#kiks.yandex.ru\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#km-static.phncdn.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#lookup.bluecava.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mpsnare.iesnare.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#naruto-best.clan.su\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pejnya.ru\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ph-static.phncdn.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.longtailvideo.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.onescreen.net\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#podsos.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#releases.flowplayer.org\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#rutube.ru\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#skype.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#st.pc.adonweb.ru\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#stat.ed.cupidplc.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#stat.upforitnetworks.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.99widgets.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.awempire.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#teenredtube.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.dojki.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.localpages.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mixcloud.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.needlive.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.overkings.ru\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.xvideos.com\settings.sol
c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol
c:\chrome\chrome\%Cookies%\index.dat
c:\chrome\chrome\%Cookies%\P9EOFGNY.txt
c:\chrome\chrome\%drive_C%\chrome\auth.txt
c:\chrome\chrome\%drive_C%\chrome\block.txt
c:\chrome\chrome\%drive_C%\chrome\crashes.txt
c:\chrome\chrome\%drive_C%\chrome\f\1\AccessibleMarshal.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\chrome.manifest
c:\chrome\chrome\%drive_C%\chrome\f\1\components\binary.manifest
c:\chrome\chrome\%drive_C%\chrome\f\1\D3DCompiler_43.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\d3dx9_43.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\dependentlibs.list
c:\chrome\chrome\%drive_C%\chrome\f\1\freebl3.chk
c:\chrome\chrome\%drive_C%\chrome\f\1\freebl3.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\gkmedias.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\IA2Marshal.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\js.exe
c:\chrome\chrome\%drive_C%\chrome\f\1\libEGL.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\libGLESv2.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\Microsoft.VC80.CRT.manifest
c:\chrome\chrome\%drive_C%\chrome\f\1\mozalloc.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\mozglue.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\mozjs.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\mozsqlite3.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\msvcm80.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\msvcp80.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\msvcr80.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\nspr4.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\nss3.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\nssckbi.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\nssdbm3.chk
c:\chrome\chrome\%drive_C%\chrome\f\1\nssdbm3.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\nssutil3.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\omni.ja
c:\chrome\chrome\%drive_C%\chrome\f\1\platform.ini
c:\chrome\chrome\%drive_C%\chrome\f\1\plc4.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\plds4.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\plugin-container.exe
c:\chrome\chrome\%drive_C%\chrome\f\1\plugins\NPSWF32_11_2_202_228.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\precomplete
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\_CACHE_001_
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\_CACHE_002_
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\_CACHE_003_
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\_CACHE_MAP_
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\05\9AB7Cd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\0F\EE80Bd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\50\40621d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\62\B0DD9d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\6C\E3F75d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\72\7ED1Fd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\91\B4012d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\98\42836d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\A4\01682d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\AA\5F158d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\AC\EB34Dd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\B7\E045Fd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\BC\DB355d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\CD\58728d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\CF\C8192d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\D0\2AA9Cd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\E9\0114Dd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\03\C007Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\0B\C0863d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\10\CA96Dd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\24\A5788d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\36\E6070d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\49\18E9Ad01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\51\429FDd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\54\ADAA3d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\64\2F23Bd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\6B\A7DC6d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\76\23902d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\95\46BC0d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\97\21402d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\A3\46408d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\BD\0703Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\C2\1AC61d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\D2\9E2DBd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\E7\57FDDd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\F1\1B32Fd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\02\A88ABd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\0B\0D2A6d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\0F\82860d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\11\947A0d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\23\07955d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\3D\79D64d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\54\ACBD1d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\58\A5A6Bd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\63\5154Dd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\6B\70EF4d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\75\74FC3d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\80\72D9Fd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\92\990ACd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\A9\64144d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\BA\ACC13d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\BB\98AF1d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\BD\13DBEd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\CB\AC242d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\CD\6E5BCd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\D9\183B6d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\E6\9226Fd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\E7\10FE0d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\F2\F42BBd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\F4\D33BDd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\FE\1C0CDd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\05\EDEBBd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\05\FBC96d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\23\8CC9Ad01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\3A\E4D70d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\40\069DCd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\59\C798Fd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\5B\60A5Ad01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\71\6E100d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\7A\F8DA2d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\85\5E422d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\8A\190EDd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\8B\40ADEd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\92\86547d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\95\442FDd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\A0\49D48d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\AA\B9C10d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\B0\CEEA9d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\BB\6357Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\BB\BD24Cd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\C0\92879d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\C1\C0D9Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\C9\18DD5d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\D4\D7996d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\DF\BC095d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\E7\D5C87d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\F2\38283d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\0E\C3288d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\26\D3BB0d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\2B\C90FCd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\31\D8E87d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\31\F864Fd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\3B\0E3EAd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\3B\F009Fd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\45\B274Bd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\55\0654Fd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\71\BE3DFd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\77\32931d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\81\5CF75d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\8C\9E75Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\99\96CEBd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\B5\208EBd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\BE\3D83Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\D4\E3CA3d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\E2\0EE6Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\E3\52857d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\F0\77C6Cd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\F1\AB2FBd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\0A\83323d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\23\89716d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\37\260CAd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\3A\CEB7Fd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\3B\311BAd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\48\5D6EEd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\60\C8C7Dd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\6F\B43A5d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\73\6A268d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\8B\55D88d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\8D\B1ADCd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\93\A2A78d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\97\FED51d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\9B\23280d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\A0\212BDd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\C3\DF813d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\D1\D42E2d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\DD\3E51Fd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\DD\B7367d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\F0\7A8CAd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\F5\CE856d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\F8\0C3E8d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\02\2E471d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\03\EAF78d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\11\41D8Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\11\67C0Ad01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\18\3AE89d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\37\E38F4d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\4E\1F45Dd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\65\2ADF2d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\7D\CC057d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\7E\5F0A7d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\83\2AA6Fd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\8C\7D71Ad01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\9C\97DD2d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\AA\C176Cd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\AC\E06E8d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\BE\975A2d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\C9\46FDDd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\CA\1B683d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\D5\20A62d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\D9\4AFBBd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\D9\C97F7d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\DB\1CC10d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\F8\B9237d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\01\9EF40d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\0E\D6711d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\19\C1440d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\1B\9B0E0d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\21\36045d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\2C\B8DADd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\33\6018Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\36\D84D4d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\47\5989Cd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\56\71230d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\5F\580F5d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\72\FA02Cd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\84\63D2Cd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\8C\596C1d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\8E\3B8A9d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\8F\CBC57d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\97\71E5Ad01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\A2\39943d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\A5\47FC3d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\AA\3A4C7d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\CA\4E961d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\CE\5F3AAd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\CE\D7924d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\E0\674C1d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\E7\0AABBd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\E7\A00D4d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\E8\10A65d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\FA\450C0d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\FB\FD1BFd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\13\34B1Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\14\00D5Fd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\19\75A89d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\21\48F82d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\23\E4005d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\24\B8197d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\28\AC786d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\2C\E3578d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\44\881AAd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\56\0A380d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\56\AF4DDd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\66\61940d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\7F\CAFA7d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\8A\08642d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\93\40A95d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\B4\480B7d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\D2\B2A81d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\D9\1AA91d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\E5\6DD8Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\E9\01595d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\F0\6AD7Bd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\05\6E60Dd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\18\74451d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\21\98251d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\2E\A3FFBd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\30\81BCEd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\51\5A555d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\52\A9710d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\58\AD33Cd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\64\438F9d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\65\D9102d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\67\C1BC6d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\68\5D564d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\7E\6E934d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\87\957D0d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\93\95B2Fd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\9D\14B8Bd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\BA\5AED3d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\D6\8ED45d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\DF\36F74d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\E2\C9653d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\ED\8530Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\F9\47669d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\13\83560d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\22\A5245d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\3A\1D28Dd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\42\E0273d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\56\153ACd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\6B\D4DB4d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\88\0EBC6d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\A8\292F9d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\AA\A6A02d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\BE\12669d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\C3\47252d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\E8\46101d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\FD\30964d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\FE\8713Ad01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\12\4B040d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\1B\477B3d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\1C\6B830d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\27\E4463d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\3A\94772d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\3C\0E2FBd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\47\126A1d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\4F\A06BDd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\52\155E5d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\69\93F9Fd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\69\A5601d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\69\C4690d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\6D\E8C22d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\8F\1CD1Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\93\A4604d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\99\D3C23d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\A6\AD8AEd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\A9\EA889d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\AC\EEEE4d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\B4\BEB08d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\B8\F2552d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\BA\5EB97d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\BA\B9B53d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\BA\DE1D2d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\C9\66CB2d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\F9\E1B77d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\FA\FFFA7d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\02\B5D3Cd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\05\571DAd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\0D\9E535d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\0F\F003Cd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\24\BD2FCd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\41\12E8Cd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\49\7A582d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\5B\619D8d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\5F\92C8Ad01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\65\A3821d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\67\5D578d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\80\AB5A0d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\90\FD185d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\A5\00082d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\BD\8935Bd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\CF\30206d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\EE\F1936d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\F4\7E4F0d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\FC\06C46d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\05\394CCd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\12\86BF3d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\16\47BACd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\25\3CBC2d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\2C\22162d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\3A\204E6d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\4C\AB290d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\4F\E2A9Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\58\9C02Bd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\59\67C13d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\59\976C3d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\5C\9C56Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\63\E8E49d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\69\CC665d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\88\2EA76d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\8F\A2D4Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\9C\B212Fd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\A4\42E2Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\B2\39973d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\BD\9D628d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\BF\C106Fd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\C3\8CEC2d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\D3\66B75d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\E5\4D0FBd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\EC\F8C27d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\F7\A3325d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\00\C246Ad01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\02\58A4Dd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\0C\6E4E0d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\3E\D91EAd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\40\AC61Ad01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\53\7BB08d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\60\38733d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\6B\054C0d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\76\BCA54d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\79\573B2d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\8F\9A0FAd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\CC\C1B2Bd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\CC\CDBB8d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\D4\29A99d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\D7\67B3Cd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\ED\D369Bd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\F3\AB438d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\FD\F95A6d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\1B\00870d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\1F\069A4d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\1F\EA163d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\23\7ACCBd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\55\3D2FEd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\68\719EFd01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\98\E0BB5d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\99\C7161d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\A1\2C41Ed01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\CD\64400d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\D0\7A3F9d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\EA\CE710d01
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\cert8.db
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\chromeappsstore.sqlite
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\cookies.sqlite-shm
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\cookies.sqlite-wal
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\cookies.sqlite
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\key3.db
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\permissions.sqlite
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\places.sqlite-shm
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\places.sqlite-wal
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\places.sqlite
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\pluginreg.dat
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\secmod.db
c:\chrome\chrome\%drive_C%\chrome\f\1\profile\webappsstore.sqlite
c:\chrome\chrome\%drive_C%\chrome\f\1\redit.exe
c:\chrome\chrome\%drive_C%\chrome\f\1\smime3.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\softokn3.chk
c:\chrome\chrome\%drive_C%\chrome\f\1\softokn3.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\ssl3.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\xpcom.dll
c:\chrome\chrome\%drive_C%\chrome\f\1\xpcshell.exe
c:\chrome\chrome\%drive_C%\chrome\f\1\xul.dll
c:\chrome\chrome\%drive_C%\chrome\f\jet.exe
c:\chrome\chrome\%drive_C%\chrome\f\sfa.bin
c:\chrome\chrome\%drive_C%\chrome\f\sfa.txt
c:\chrome\chrome\%drive_C%\chrome\f\sfc.txt
c:\chrome\chrome\%drive_C%\chrome\f\upcache
c:\chrome\chrome\%drive_C%\chrome\lastowner.txt
c:\chrome\chrome\%drive_C%\chrome\lastsid.txt
c:\chrome\chrome\%drive_C%\chrome\log.txt
c:\chrome\chrome\%drive_C%\chrome\prevsid.txt
c:\chrome\chrome\%drive_C%\chrome\prtest.exe
c:\chrome\chrome\%drive_C%\chrome\SafeSurf ABUSE README.txt
c:\chrome\chrome\%drive_C%\chrome\safesurf.port
c:\chrome\chrome\%drive_C%\chrome\sfa.bin
c:\chrome\chrome\%drive_C%\chrome\skybound.gecko.dll
c:\chrome\chrome\%drive_C%\chrome\surfguard.exe
c:\chrome\chrome\%drive_C%\SafeSurf ABUSE README.txt
c:\chrome\chrome\%History%\History.IE5\index.dat
c:\chrome\chrome\%Internet Cache%\Content.IE5\1FCRQW10\bg[1].png
c:\chrome\chrome\%Internet Cache%\Content.IE5\1FCRQW10\desktop.ini
c:\chrome\chrome\%Internet Cache%\Content.IE5\desktop.ini
c:\chrome\chrome\%Internet Cache%\Content.IE5\GSTFSDE7\bg[1].png
c:\chrome\chrome\%Internet Cache%\Content.IE5\GSTFSDE7\blogs[1].jpg
c:\chrome\chrome\%Internet Cache%\Content.IE5\GSTFSDE7\counter_yadro_ru[1].txt
c:\chrome\chrome\%Internet Cache%\Content.IE5\GSTFSDE7\desktop.ini
c:\chrome\chrome\%Internet Cache%\Content.IE5\index.dat
c:\chrome\chrome\%Internet Cache%\Content.IE5\Q7L628OV\blogs[1].jpg
c:\chrome\chrome\%Internet Cache%\Content.IE5\Q7L628OV\counter_yadro_ru[1].txt
c:\chrome\chrome\%Internet Cache%\Content.IE5\Q7L628OV\desktop.ini
c:\chrome\chrome\%Internet Cache%\desktop.ini
c:\chrome\chrome\%Local AppData%\GDIPFONTCACHEV1.DAT
c:\chrome\chrome\%Local AppData%\Microsoft\Internet Explorer\MSIMGSIZ.DAT
c:\chrome\chrome\%Personal%\SafeSurf ABUSE README.txt
c:\chrome\chrome\%Profile%\IETldCache\index.dat
c:\chrome\chrome\%SystemRoot%\Debug\UserMode\userenv.log
c:\chrome\chrome\%SystemRoot%\h323log.txt
c:\chrome\chrome\%SystemRoot%\tracing\BAP.LOG
c:\chrome\chrome\%SystemRoot%\tracing\conftsp.LOG
c:\chrome\chrome\%SystemRoot%\tracing\conftsp.OLD
c:\chrome\chrome\%SystemRoot%\tracing\KMDDSP.LOG
c:\chrome\chrome\%SystemRoot%\tracing\KMDDSP.OLD
c:\chrome\chrome\%SystemRoot%\tracing\NDPTSP.LOG
c:\chrome\chrome\%SystemRoot%\tracing\NDPTSP.OLD
c:\chrome\chrome\%SystemRoot%\tracing\PPP.LOG
c:\chrome\chrome\%SystemRoot%\tracing\RASAPI32.LOG
c:\chrome\chrome\%SystemRoot%\tracing\RASBACP.LOG
c:\chrome\chrome\%SystemRoot%\tracing\RASCCP.LOG
c:\chrome\chrome\%SystemRoot%\tracing\RASEAP.LOG
c:\chrome\chrome\%SystemRoot%\tracing\RASIPCP.LOG
c:\chrome\chrome\%SystemRoot%\tracing\RASIPHLP.LOG
c:\chrome\chrome\%SystemRoot%\tracing\RASMAN.LOG
c:\chrome\chrome\%SystemRoot%\tracing\RASPAP.LOG
c:\chrome\chrome\%SystemRoot%\tracing\RASQEC.LOG
c:\chrome\chrome\%SystemRoot%\tracing\RASSPAP.LOG
c:\chrome\chrome\%SystemRoot%\tracing\RASTAPI.LOG
c:\chrome\chrome\%SystemRoot%\tracing\tapi32.LOG
c:\chrome\chrome\%SystemRoot%\tracing\tapisrv.LOG
c:\chrome\chrome\%SystemRoot%\tracing\tapisrv.OLD
c:\chrome\chrome\%Temp%\Cookies\IKO0EK2W.txt
c:\chrome\chrome\%Temp%\Cookies\index.dat
c:\chrome\chrome\%Temp%\History\History.IE5\desktop.ini
c:\chrome\chrome\%Temp%\History\History.IE5\index.dat
c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\desktop.ini
c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\GDFZ3Y3P\blogs[1].jpg
c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\GDFZ3Y3P\desktop.ini
c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\HFNH5ADQ\counter_yadro_ru[1].txt
c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\HFNH5ADQ\desktop.ini
c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\index.dat
c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\K04Y1W61\bg[1].png
c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\K04Y1W61\desktop.ini
c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\U6IW3SG2\desktop.ini
c:\chrome\chrome\Registry.rw.tvr
c:\chrome\chrome\Registry.rw.tvr.lck
c:\chrome\chrome\Registry.rw.tvr.transact
c:\chrome\chrome\Registry.tlog
c:\chrome\chrome\Registry.tlog.cache
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 12:23 . 2012-09-02 12:29 -------- d-----w- c:\program files\DownloadManager
2012-09-02 12:23 . 2012-09-02 12:23 -------- d-----w- c:\documents and settings\Tech\Local Settings\Application Data\Giant Savings
2012-09-02 12:22 . 2012-09-02 12:23 -------- d-----w- c:\program files\Giant Savings
2012-09-02 07:27 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B778643-5855-49D8-84CB-A7A1A225D9F4}\mpengine.dll
2012-09-01 08:13 . 2012-09-01 08:14 -------- d-----w- c:\program files\CCleaner
2012-09-01 07:15 . 2012-09-01 07:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-08-31 18:02 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-30 21:49 . 2012-08-30 21:49 -------- d-----w- c:\program files\Common Files\Java
2012-08-30 21:48 . 2012-08-30 21:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 21:48 . 2012-08-30 21:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-06 17:48 . 2012-08-06 17:54 -------- d-----w- c:\program files\Gabest
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 21:48 . 2012-06-19 13:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-30 21:48 . 2012-06-19 13:44 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-05 11:27 . 2012-04-03 20:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-05 11:27 . 2011-08-08 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-14 13:38 . 2012-07-10 20:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2012-07-08 15:42 . 2012-07-08 15:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-08 15:42 . 2012-06-19 13:45 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-08 15:42 . 2012-06-19 13:45 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-06-21 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 12:46 . 2012-04-22 08:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-06-19 13:45 . 2012-06-19 13:45 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Chrome"="c:\chrome\chrome.exe" [2012-09-02 1004]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tech^Start Menu^Programs^Startup^TalkTalk Setup CD Reporting Tool.exe]
backup=c:\windows\pss\TalkTalk Setup CD Reporting Tool.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 16:15 49152 ----a-w- c:\windows\VMSnap3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PerseusLT\\psupdate.exe"=
"c:\\Program Files\\PeerBlock\\peerblock.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [01/06/2005 14:07 5314]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21/06/2010 10:31 20968]
R2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [20/03/2012 08:41 609792]
R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [01/06/2005 14:07 7610]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13:33 3064000]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [23/07/2012 13:47 32896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 08:50 158856]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/11/2011 15:06 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19/06/2012 14:45 12400]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/09/2012 08:15 35144]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 13:00 14336]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/11/2011 10:30 47360]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/11/2010 07:59 606056]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19/06/2012 14:38 155320]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [23/12/2011 12:58 475136]
S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [23/12/2011 12:58 1474560]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-TECH0001-Tech.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-29 08:46]
.
2012-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]
.
2012-09-02 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = isa_websense:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-02 14:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1404)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(2672)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2012-09-02 14:51:21 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-02 13:51
ComboFix2.txt 2012-09-02 13:12
.
Pre-Run: 31,873,196,032 bytes free
Post-Run: 31,809,617,920 bytes free
.
- - End Of File - - 58FFF44D45852063069F5B43EE73A733
-
Hi Maniac. Thanks for your assistance so far.
Here is the log report
ComboFix 12-08-31.08 - Tech 02/09/2012 13:59:56.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.539 [GMT 1:00]
Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\windows\system32\SET39.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET75.tmp
c:\windows\system32\SET79.tmp
c:\windows\system32\SET81.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))
.
.
2012-09-02 12:23 . 2012-09-02 12:29 -------- d-----w- c:\program files\DownloadManager
2012-09-02 12:23 . 2012-09-02 12:23 -------- d-----w- c:\documents and settings\Tech\Local Settings\Application Data\Giant Savings
2012-09-02 12:22 . 2012-09-02 12:23 -------- d-----w- c:\program files\Giant Savings
2012-09-02 12:01 . 2012-09-02 12:01 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B778643-5855-49D8-84CB-A7A1A225D9F4}\MpKsle2f7849b.sys
2012-09-02 07:27 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B778643-5855-49D8-84CB-A7A1A225D9F4}\mpengine.dll
2012-09-01 08:13 . 2012-09-01 08:14 -------- d-----w- c:\program files\CCleaner
2012-09-01 07:15 . 2012-09-01 07:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-08-31 18:02 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-30 21:49 . 2012-08-30 21:49 -------- d-----w- c:\program files\Common Files\Java
2012-08-30 21:48 . 2012-08-30 21:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 21:48 . 2012-08-30 21:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-06 17:48 . 2012-08-06 17:54 -------- d-----w- c:\program files\Gabest
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-30 21:48 . 2012-06-19 13:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-30 21:48 . 2012-06-19 13:44 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-05 11:27 . 2012-04-03 20:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-05 11:27 . 2011-08-08 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-14 13:38 . 2012-07-10 20:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2012-07-08 15:42 . 2012-07-08 15:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-08 15:42 . 2012-06-19 13:45 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-08 15:42 . 2012-06-19 13:45 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-06-21 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 12:46 . 2012-04-22 08:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-06-19 13:45 . 2012-06-19 13:45 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-03 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Chrome"="c:\chrome\chrome.exe" [2012-09-02 1004]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tech^Start Menu^Programs^Startup^TalkTalk Setup CD Reporting Tool.exe]
backup=c:\windows\pss\TalkTalk Setup CD Reporting Tool.exeStartup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 16:15 49152 ----a-w- c:\windows\VMSnap3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PerseusLT\\psupdate.exe"=
"c:\\Program Files\\PeerBlock\\peerblock.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352]
R1 MpKsle2f7849b;MpKsle2f7849b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B778643-5855-49D8-84CB-A7A1A225D9F4}\MpKsle2f7849b.sys [02/09/2012 13:01 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [01/06/2005 14:07 5314]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21/06/2010 10:31 20968]
R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [01/06/2005 14:07 7610]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [23/07/2012 13:47 32896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [20/03/2012 08:41 609792]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]
S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13:33 3064000]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 08:50 158856]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/11/2011 15:06 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19/06/2012 14:45 12400]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/09/2012 08:15 35144]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 13:00 14336]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/11/2011 10:30 47360]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/11/2010 07:59 606056]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19/06/2012 14:38 155320]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [23/12/2011 12:58 475136]
S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [23/12/2011 12:58 1474560]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSLE2F7849B
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-TECH0001-Tech.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-29 08:46]
.
2012-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]
.
2012-09-02 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyServer = isa_websense:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
SafeBoot-mbamchameleon
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-02 14:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1404)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
Completion time: 2012-09-02 14:12:56
ComboFix-quarantined-files.txt 2012-09-02 13:12
.
Pre-Run: 31,633,731,584 bytes free
Post-Run: 31,875,334,144 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 92FE6B25CB1195553351990D57AE72CC
-
utorrent has now been removed as advised.
Malwarebytes Anti-Malware 1.62.0.1300
Database version: v2012.09.02.02
Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
:: TECH0001 [administrator]
02/09/2012 12:32:56
mbam-log-2012-09-02 (12-32-56).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 211896
Time elapsed: 12 minute(s), 23 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Chrome (Trojan.Agent) -> Data: C:\chrome\chrome.exe -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
C:\chrome\chrome.exe (Trojan.Agent) -> Quarantined and deleted successfully.
(end)
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2
Run by Tech at 13:06:16 on 2012-09-02
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.471 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\VMSnap3.exe
C:\DiskManager\Updater.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.co.uk/
uSearch Bar = hxxp://www.google.com/ie
uInternet Settings,ProxyServer = isa_websense:8080
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [igfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [VMSnap3] c:\windows\VMSnap3.exe
mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Chrome] c:\chrome\chrome.exe
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110}
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F}
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277118227109
DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{61C4B7FC-D390-4E0F-BCCC-89C0151ED7C3} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{7E5FACE1-1C1B-49BA-AE2B-EC41084F3E67} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{B9A4682F-FC9A-44FA-9EC3-4C73BE5B83A0} : DhcpNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: igfxcui - igfxdev.dll
Notify: klogon - c:\windows\system32\klogon.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]
R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-3-31 565552]
R1 MpKsle2f7849b;MpKsle2f7849b;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2b778643-5855-49d8-84cb-a7a1a225d9f4}\MpKsle2f7849b.sys [2012-9-2 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]
R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [2005-6-1 5314]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-21 20968]
R2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [2012-3-20 609792]
R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [2005-6-1 7610]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2012-7-23 32896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]
R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2012-4-25 637952]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-29 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-11-22 1691480]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-6-19 12400]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-29 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-9-1 35144]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-11-25 606056]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-6-19 155320]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2011-12-23 475136]
S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [2011-12-23 1474560]
.
=============== Created Last 30 ================
.
2012-09-02 12:01:48 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2b778643-5855-49d8-84cb-a7a1a225d9f4}\MpKsle2f7849b.sys
2012-09-02 07:27:37 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2b778643-5855-49d8-84cb-a7a1a225d9f4}\mpengine.dll
2012-09-01 08:13:58 -------- d-----w- c:\program files\CCleaner
2012-09-01 07:15:44 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2012-08-31 18:02:14 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-08-30 21:48:49 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 21:48:40 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
==================== Find3M ====================
.
2012-08-30 21:48:20 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-30 21:48:20 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-05 11:27:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-05 11:27:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-14 13:38:14 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2012-07-08 15:42:03 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-08 15:42:03 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-08 15:42:03 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 12:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll
2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec
2012-06-19 13:45:03 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2012-06-06 19:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll
.
============= FINISH: 13:07:16.81 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 21/06/2010 10:21:02
System Uptime: 02/09/2012 13:00:58 (0 hours ago)
.
Motherboard: Intel Corporation | | D945GCCR
Processor: Intel® Celeron® D CPU 3.20GHz | LGA 775 | 3192/133mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 77 GiB total, 29.621 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP512: 04/06/2012 09:45:27 - Software Distribution Service 3.0
RP513: 06/06/2012 14:25:50 - Software Distribution Service 3.0
RP514: 06/06/2012 14:31:01 - Software Distribution Service 3.0
RP515: 07/06/2012 14:34:57 - System Checkpoint
RP516: 08/06/2012 09:44:09 - Software Distribution Service 3.0
RP517: 09/06/2012 12:14:01 - Software Distribution Service 3.0
RP518: 10/06/2012 12:41:33 - Software Distribution Service 3.0
RP519: 11/06/2012 16:19:12 - Software Distribution Service 3.0
RP520: 12/06/2012 16:45:43 - System Checkpoint
RP521: 13/06/2012 07:15:58 - Software Distribution Service 3.0
RP522: 13/06/2012 23:26:49 - Software Distribution Service 3.0
RP523: 14/06/2012 08:35:47 - Software Distribution Service 3.0
RP524: 15/06/2012 09:45:12 - System Checkpoint
RP525: 15/06/2012 11:34:31 - Software Distribution Service 3.0
RP526: 16/06/2012 11:37:29 - Software Distribution Service 3.0
RP527: 17/06/2012 17:13:46 - Software Distribution Service 3.0
RP528: 18/06/2012 17:51:42 - System Checkpoint
RP529: 19/06/2012 09:04:37 - Software Distribution Service 3.0
RP530: 19/06/2012 14:39:07 - Sony PC Companion
RP531: 19/06/2012 14:44:55 - Uninstalled Sony Ericsson Drivers
RP532: 19/06/2012 14:45:02 - Installed Sony Ericsson Drivers
RP533: 19/06/2012 14:52:36 - Installed Windows XP Wdf01007.
RP534: 19/06/2012 15:02:00 - Sony PC Companion
RP535: 20/06/2012 13:19:22 - Software Distribution Service 3.0
RP536: 21/06/2012 16:10:48 - Software Distribution Service 3.0
RP537: 22/06/2012 21:48:19 - Software Distribution Service 3.0
RP538: 23/06/2012 21:47:31 - Software Distribution Service 3.0
RP539: 24/06/2012 02:29:29 - Software Distribution Service 3.0
RP540: 24/06/2012 21:47:43 - Software Distribution Service 3.0
RP541: 25/06/2012 22:19:34 - System Checkpoint
RP542: 26/06/2012 13:11:55 - Software Distribution Service 3.0
RP543: 27/06/2012 13:10:46 - Software Distribution Service 3.0
RP544: 28/06/2012 14:01:01 - System Checkpoint
RP545: 28/06/2012 20:44:53 - Software Distribution Service 3.0
RP546: 30/06/2012 13:48:06 - Software Distribution Service 3.0
RP547: 01/07/2012 16:36:24 - Software Distribution Service 3.0
RP548: 02/07/2012 18:19:30 - Software Distribution Service 3.0
RP549: 03/07/2012 10:31:11 - Sony PC Companion
RP550: 04/07/2012 09:03:22 - Software Distribution Service 3.0
RP551: 05/07/2012 09:48:10 - Software Distribution Service 3.0
RP552: 06/07/2012 10:35:49 - System Checkpoint
RP553: 07/07/2012 08:34:16 - Software Distribution Service 3.0
RP554: 08/07/2012 11:01:16 - Software Distribution Service 3.0
RP555: 08/07/2012 11:13:11 - Software Distribution Service 3.0
RP556: 08/07/2012 16:41:49 - Uninstalled Sony Ericsson Drivers
RP557: 08/07/2012 16:42:02 - Installed Sony Ericsson Drivers
RP558: 08/07/2012 16:45:43 - Installed Windows XP Wdf01009.
RP559: 09/07/2012 16:59:42 - System Checkpoint
RP560: 10/07/2012 08:39:00 - Software Distribution Service 3.0
RP561: 11/07/2012 08:40:02 - System Checkpoint
RP562: 12/07/2012 14:05:43 - Software Distribution Service 3.0
RP563: 12/07/2012 14:45:25 - Software Distribution Service 3.0
RP564: 13/07/2012 14:29:21 - Software Distribution Service 3.0
RP565: 13/07/2012 21:17:10 - Software Distribution Service 3.0
RP566: 14/07/2012 21:19:19 - System Checkpoint
RP567: 15/07/2012 01:10:00 - Software Distribution Service 3.0
RP568: 16/07/2012 03:13:51 - System Checkpoint
RP569: 16/07/2012 08:46:41 - Software Distribution Service 3.0
RP570: 17/07/2012 08:47:08 - System Checkpoint
RP571: 17/07/2012 08:48:20 - Software Distribution Service 3.0
RP572: 18/07/2012 10:45:40 - Software Distribution Service 3.0
RP573: 19/07/2012 03:01:43 - Removed Nero 7 Ultra Edition
RP574: 19/07/2012 03:16:09 - Installed Nero 7 Ultra Edition
RP575: 19/07/2012 12:31:16 - Software Distribution Service 3.0
RP576: 19/07/2012 12:39:29 - Software Distribution Service 3.0
RP577: 19/07/2012 12:44:40 - Removed Nero 7 Ultra Edition
RP578: 19/07/2012 13:40:55 - Installed Nero 7 Ultra Edition
RP579: 19/07/2012 13:49:33 - Removed Nero 7 Ultra Edition
RP580: 19/07/2012 13:58:08 - Installed Nero 7 Ultra Edition
RP581: 20/07/2012 14:01:10 - System Checkpoint
RP582: 20/07/2012 20:22:00 - Software Distribution Service 3.0
RP583: 21/07/2012 22:39:51 - System Checkpoint
RP584: 22/07/2012 01:39:28 - Software Distribution Service 3.0
RP585: 22/07/2012 16:46:36 - Software Distribution Service 3.0
RP586: 23/07/2012 16:55:57 - System Checkpoint
RP587: 23/07/2012 20:15:17 - Software Distribution Service 3.0
RP588: 24/07/2012 22:50:04 - Software Distribution Service 3.0
RP589: 26/07/2012 07:39:27 - Software Distribution Service 3.0
RP590: 04/08/2012 09:25:47 - Software Distribution Service 3.0
RP591: 05/08/2012 12:35:59 - Software Distribution Service 3.0
RP592: 06/08/2012 17:27:05 - Software Distribution Service 3.0
RP593: 07/08/2012 18:14:35 - System Checkpoint
RP594: 08/08/2012 09:19:29 - Software Distribution Service 3.0
RP595: 09/08/2012 11:13:41 - System Checkpoint
RP596: 10/08/2012 08:36:27 - Software Distribution Service 3.0
RP597: 11/08/2012 11:51:54 - System Checkpoint
RP598: 11/08/2012 22:38:30 - Software Distribution Service 3.0
RP599: 13/08/2012 09:01:48 - Software Distribution Service 3.0
RP600: 29/08/2012 09:54:02 - Software Distribution Service 3.0
RP601: 29/08/2012 23:22:19 - Software Distribution Service 3.0
RP602: 30/08/2012 12:46:53 - Software Distribution Service 3.0
RP603: 30/08/2012 22:47:45 - Removed Java 7 Update 5
RP604: 30/08/2012 22:47:59 - Installed Java 7 Update 7
RP605: 31/08/2012 19:02:07 - Software Distribution Service 3.0
RP606: 01/09/2012 19:21:28 - System Checkpoint
RP607: 02/09/2012 08:27:26 - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Download Manager
Adobe Flash Player 10 Plugin
Adobe Flash Player 11 ActiveX
Adobe Photoshop CS5.1
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Any Video Converter Ultimate 4.3.9
Any Video Converter Ultimate Crack version 4.3.9
Apple Application Support
Apple Software Update
Belkin F6D4050 Enhanced Wireless USB Adapter
Belkin Wireless USB Adapter Setup
Bonjour
Camera Support Core Library
Camera Window DS
Camera Window DVC
Camera Window MC
Canon Camera Support Core Library
Canon Camera WIA Driver
Canon Camera Window DS for ZoomBrowser EX
Canon Camera Window DVC for ZoomBrowser EX
Canon Camera Window for ZoomBrowser EX
Canon EOS Kiss_N REBEL_XT 350D WIA Driver
Canon Internet Library for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities Digital Photo Professional 1.6.1
Canon Utilities EOS Capture 1.3
Canon Utilities PhotoStitch 3.1
Canon ZoomBrowser EX
CCleaner
ConvertXtoDVD 4.1.19.365
CPUID CPU-Z 1.54
EOS Capture 1.3
ffdshow v1.2.4475 [2012-07-12]
Google Toolbar for Internet Explorer
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2570791)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB976002-v5)
Hotfix for Windows XP (KB981793)
Intel® Graphics Media Accelerator Driver
Intel® Network Connections 15.1.29.0
Internet Explorer (Enable DEP)
Internet Library
Java 7 Update 7
Java Auto Updater
K-Lite Mega Codec Pack 8.9.5
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Fix it Center
Microsoft IntelliType Pro 8.2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office Outlook Connector
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Professional Plus 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft Software Update for Web Folders (English) 12
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFCLOC_x86
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
PDF Settings CS5
Perseus 1.7.1 LT Konus
PhotoStitch
PxMergeModule
QuickTime
RAW Image Task 2.0
Realtek High Definition Audio Driver
Registry Mechanic 9.0.0.114
RemoteCapture Task 1.1
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2647516)
Security Update for Windows Internet Explorer 8 (KB2675157)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2722913)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player (KB979402)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503665)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2536276)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2544893)
Security Update for Windows XP (KB2555917)
Security Update for Windows XP (KB2562937)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2567053)
Security Update for Windows XP (KB2567680)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135)
Security Update for Windows XP (KB2731847)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB971961)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979559)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981349)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982381)
Security Update for Windows XP (KB982665)
Skype Click to Call
Skype™ 5.8
Sony Ericsson Update Engine
Sony PC Companion 2.10.079
SUPERAntiSpyware
swMSM
System Requirements Lab for Intel
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update for Microsoft Windows (KB971513)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2492386)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2607712)
Update for Windows XP (KB2616676-v2)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB961503)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VIMICRO USB PC Camera (ZC0301PLH)
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Management Framework Core
Windows Media Format 11 runtime
Windows Media Player 11
WinRAR archiver
ZC0301PLH_Driver_Setup
.
==== Event Viewer Messages From Past Week ========
.
31/08/2012 19:33:13, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 9444527C0329 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).
29/08/2012 09:41:58, error: Service Control Manager [7000] - The Kaspersky Anti-Virus Service service failed to start due to the following error: The system cannot find the path specified.
01/09/2012 08:14:54, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm KLIF MpFilter SASDIFSV SASKUTIL
01/09/2012 08:14:37, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
01/09/2012 08:14:11, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MatSvc with arguments "" in order to run the server: {109DB0ED-7C89-416B-AC66-6D0323941464}
01/09/2012 08:14:03, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MatSvc with arguments "" in order to run the server: {8843B4A2-A3CB-4CB9-9CCE-F443F641009F}
01/09/2012 08:13:43, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
.
==== End Of File ===========================
-
Thanks so much.
Just posted logs as requested.
Cheers.
Chrome trojan issue
in Resolved Malware Removal Logs
Posted
ComboFix 12-09-30.01 - Tech 30/09/2012 14:52:37.9.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.557 [GMT 1:00]
Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Tech\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\chrome
c:\chrome\chrome.exe
c:\documents and settings\Tech\Local Settings\Application Data\Google
c:\documents and settings\Tech\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\chrome-extension_ndkhncnongaclekkbelchmeafffimifj_0\3
c:\documents and settings\Tech\Local Settings\Application Data\Google\Chrome\User Data\Default\databases\Databases.db
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar Cache\7.4.3203.136\en-GB\translate_element.js.content
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar Cache\7.4.3203.136\en-GB\translate_languages.json.content
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar DNS data\data
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_13262592464.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_14244984297.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_173714309151.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_2089238738.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_212744145827.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_212961510655.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_219954078162.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_2228746261.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_225360555212.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_225600079063.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_22803806269.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_22812589409.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_25374067137.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_25420760136.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_2552944905.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_25626419276.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_25637004932.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_2571584450.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_25750398483.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_25950049365.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_26492624926.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_2663812129.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_27150523803.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_27311415325.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_28659942639.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_28698540604.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_28816114639.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_2897915356.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_29071501545.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_3387784307.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_340193067656.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_340290601446.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_340700922439.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_3558652877.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_3858311617.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_38617217556.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_38678038629.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_3873937136.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_3883815615.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_39230745779.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_39232124292.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_39614302323.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_43945157441.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_44171588568.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_56302235706.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_58175894873.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_64261971934.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_64363115360.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_64384644689.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_64468477472.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_6495883254.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_65120249673.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_65294995086.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_69120095199.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_69853151449.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_70261276195.xml
c:\documents and settings\Tech\Local Settings\Application Data\Google\Toolbar\metrics_70289440064.xml
.
.
((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-30 )))))))))))))))))))))))))))))))
.
.
2012-09-30 13:46 . 2012-09-30 13:46 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E2C784F-E9D4-4E37-BCA7-7C86FBE66338}\MpKsl37fcdc94.sys
2012-09-30 00:48 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E2C784F-E9D4-4E37-BCA7-7C86FBE66338}\mpengine.dll
2012-09-29 11:04 . 2012-08-30 08:17 6980552 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-09-15 09:28 . 2012-09-15 09:28 -------- d-----w- c:\documents and settings\Tech\Application Data\Rovio
2012-09-04 11:14 . 2012-09-04 11:14 -------- d--h--w- c:\windows\PIF
2012-09-01 08:13 . 2012-09-01 08:14 -------- d-----w- c:\program files\CCleaner
2012-09-01 07:15 . 2012-09-01 07:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-19 21:53 . 2012-04-03 20:15 696240 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-19 21:53 . 2011-08-08 17:51 73136 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-30 21:48 . 2012-08-30 21:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-08-30 21:48 . 2012-08-30 21:48 143872 ----a-w- c:\windows\system32\javacpl.cpl
2012-08-30 21:48 . 2012-06-19 13:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-30 21:48 . 2012-06-19 13:44 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-28 15:14 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec
2012-07-14 13:38 . 2012-07-10 20:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll
2012-07-08 15:42 . 2012-07-08 15:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2012-07-08 15:42 . 2012-06-19 13:45 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2012-07-08 15:42 . 2012-06-19 13:45 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys
2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll
2012-07-04 14:05 . 2010-06-21 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-07-03 12:46 . 2012-04-22 08:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^Tech^Start Menu^Programs^Startup^TalkTalk Setup CD Reporting Tool.exe]
backup=c:\windows\pss\TalkTalk Setup CD Reporting Tool.exeStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]
2006-07-18 16:15 49152 ----a-w- c:\windows\VMSnap3.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\PerseusLT\\psupdate.exe"=
"c:\\Program Files\\PeerBlock\\peerblock.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352]
R1 MpKsl37fcdc94;MpKsl37fcdc94;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8E2C784F-E9D4-4E37-BCA7-7C86FBE66338}\MpKsl37fcdc94.sys [30/09/2012 14:46 29904]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [12/08/2011 00:38 116608]
R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [01/06/2005 14:07 5314]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21/06/2010 10:31 20968]
R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [01/06/2005 14:07 7610]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [23/07/2012 13:47 32896]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [13/07/2012 13:28 160944]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/11/2011 15:06 1691480]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19/06/2012 14:45 12400]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]
S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/09/2012 08:15 35144]
S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 13:00 14336]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/11/2011 10:30 47360]
S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/11/2010 07:59 606056]
S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19/06/2012 14:38 155320]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]
S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [23/12/2011 12:58 475136]
S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [23/12/2011 12:58 1474560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-30 c:\windows\Tasks\AdobeAAMUpdater-1.0-TECH0001-Tech.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-29 08:46]
.
2012-09-29 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]
.
2012-09-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]
.
2012-09-30 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]
.
2012-09-30 c:\windows\Tasks\User_Feed_Synchronization-{1D989DC0-EBAA-4B39-896D-221ABA46EDC2}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.co.uk/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.1
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-30 15:01
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3036)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\IoctlSvc.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\igfxsrvc.exe
.
**************************************************************************
.
Completion time: 2012-09-30 15:07:19 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-30 14:07
ComboFix2.txt 2012-09-19 08:13
ComboFix3.txt 2012-09-18 22:16
ComboFix4.txt 2012-09-05 14:28
ComboFix5.txt 2012-09-30 13:50
.
Pre-Run: 30,081,077,248 bytes free
Post-Run: 30,089,883,648 bytes free
.
- - End Of File - - DFC9345F927C459A94CAA749EA9B6CFA