Jump to content

chalky100

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Great, I will do that and thanks again for all your help !
  2. Does this mean I dont have Java anymore ? if so do I need to get it ?
  3. I dont think so, seems ok at the moment, I will play a bit to check but it looks fine, thanks for helping !
  4. ComboFix 10-03-07.02 - Dad 07/03/2010 20:13:50.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1024.639 [GMT 0:00] Running from: c:\downloads\ComboFix.exe . ((((((((((((((((((((((((( Files Created from 2010-02-07 to 2010-03-07 ))))))))))))))))))))))))))))))) . 2010-03-02 16:11 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe 2010-02-27 12:07 . 2010-02-27 12:09 -------- d-----w- c:\documents and settings\Administrator\Application Data\Spyware Terminator 2010-02-27 11:56 . 2010-02-27 11:56 -------- d-sh--w- c:\documents and settings\Administrator\PrivacIE 2010-02-26 18:52 . 2010-02-26 18:52 -------- d-----w- c:\program files\Trend Micro 2010-02-26 18:43 . 2010-02-26 18:43 -------- d-----w- c:\documents and settings\Dad\Local Settings\Application Data\Threat Expert 2010-02-26 18:33 . 2010-02-27 11:35 -------- d-----w- c:\program files\Common Files\PC Tools 2010-02-26 18:33 . 2010-02-26 19:57 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-02-26 18:23 . 2010-02-26 18:23 -------- d-----w- c:\documents and settings\Dad\Application Data\EMCO 2010-02-26 18:23 . 2010-02-26 18:23 -------- d-----w- c:\program files\EMCO 2010-02-26 18:18 . 2010-02-26 18:18 -------- d-----w- c:\program files\FileASSASSIN 2010-02-26 18:09 . 2010-02-26 18:09 -------- d-----w- c:\documents and settings\Dad\Application Data\dvdcss 2010-02-26 17:54 . 2010-02-26 17:54 29888 ----a-w- c:\documents and settings\Dad\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-26 17:28 . 2010-02-26 17:28 -------- d-sh--w- c:\documents and settings\Administrator\IETldCache 2010-02-26 17:27 . 2010-02-27 11:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Microsoft 2010-02-26 17:27 . 2009-11-20 11:08 38784 ----a-w- c:\documents and settings\Administrator\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-02-26 17:27 . 2009-12-29 23:50 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Adobe 2010-02-26 17:27 . 2010-02-27 11:56 -------- d-----w- c:\documents and settings\Administrator 2010-02-26 15:53 . 2010-02-09 02:04 106496 ----a-w- c:\windows\system32\mworld.exe 2010-02-26 14:18 . 2010-03-06 15:19 -------- d-----w- c:\program files\Spybot - Search & Destroy 2010-02-26 14:18 . 2010-02-26 18:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2010-02-25 14:38 . 2010-02-25 14:38 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2010-02-25 14:38 . 2010-02-25 14:38 47360 ----a-w- c:\documents and settings\Dad\Application Data\pcouffin.sys 2010-02-25 14:38 . 2010-02-26 13:06 -------- d-----w- c:\documents and settings\Dad\Application Data\Vso 2010-02-25 14:38 . 2009-09-02 21:58 626688 ----a-w- c:\windows\system32\vp7vfw.dll 2010-02-25 14:38 . 2009-09-02 21:58 65602 ----a-w- c:\windows\system32\cook3260.dll 2010-02-25 14:38 . 2009-09-02 21:58 217127 ----a-w- c:\windows\system32\drv43260.dll 2010-02-25 14:38 . 2009-09-02 21:58 208935 ----a-w- c:\windows\system32\drv33260.dll 2010-02-25 14:38 . 2009-09-02 21:58 176165 ----a-w- c:\windows\system32\drv23260.dll 2010-02-25 14:38 . 2009-09-02 21:58 102439 ----a-w- c:\windows\system32\sipr3260.dll 2010-02-25 14:38 . 2009-09-02 21:57 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll 2010-02-25 14:37 . 2010-02-26 18:02 -------- d-----w- c:\program files\VSO 2010-02-23 19:29 . 2010-02-26 18:02 -------- d-----w- c:\documents and settings\Dad\Application Data\vlc 2010-02-22 08:13 . 2010-02-22 08:13 -------- d-----w- c:\windows\system32\XPSViewer 2010-02-22 08:13 . 2010-02-22 08:13 -------- d-----w- c:\program files\MSBuild 2010-02-22 08:13 . 2010-02-22 08:13 -------- d-----w- c:\program files\Reference Assemblies 2010-02-22 08:12 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2010-02-22 08:12 . 2008-07-06 12:06 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-02-22 08:12 . 2008-07-06 12:06 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-02-22 08:12 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-02-22 08:12 . 2008-07-06 12:06 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-02-22 08:12 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-02-22 08:12 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll 2010-02-22 08:12 . 2008-07-06 10:50 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-02-22 08:12 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe 2010-02-22 08:12 . 2010-02-22 08:12 -------- d-----w- C:\6c21a8fde76fc8286fb1756905 2010-02-21 13:15 . 2010-02-21 13:15 -------- d-----w- c:\documents and settings\Dad\Local Settings\Application Data\Sony 2010-02-21 13:11 . 2010-02-21 13:11 -------- d-----w- c:\program files\Vstplugins 2010-02-21 13:11 . 2010-02-21 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Sony 2010-02-21 13:11 . 2010-02-21 13:14 -------- d-----w- c:\program files\Sony 2010-02-21 12:02 . 2010-02-21 12:03 23510720 ----a-w- c:\documents and settings\Dad\Application Data\Sony Setup\09063B41-0916-4360-A80D-0C2A2B89D300\dotnetfx.exe 2010-02-21 12:02 . 2010-02-21 12:02 -------- d-----w- c:\documents and settings\Dad\Application Data\Sony Setup 2010-02-21 12:01 . 2010-02-21 13:13 -------- d-----w- c:\program files\Sony Setup 2010-02-14 19:21 . 2010-02-14 19:21 -------- d-----w- c:\program files\MP3 Splitter & Joiner . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-03-07 19:55 . 2010-01-05 19:28 -------- d-----w- c:\program files\FlashGet 2010-03-07 10:49 . 2009-12-30 00:05 24 ----a-w- c:\windows\system32\DVCStateBkp-{00000000-00000000-0000000F-00001102-00000004-00531102}.dat 2010-03-07 10:49 . 2009-12-30 00:05 24 ----a-w- c:\windows\system32\DVCState-{00000000-00000000-0000000F-00001102-00000004-00531102}.dat 2010-03-06 17:35 . 2009-12-30 11:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2010-03-06 15:13 . 2010-01-03 11:14 -------- d-----w- c:\program files\Loaris Trojan Remover 2010-02-24 09:16 . 2009-12-29 23:42 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-02-05 20:45 . 2009-12-30 09:44 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-02-05 14:14 . 2010-01-22 13:35 -------- d-----w- c:\documents and settings\Dad\Application Data\HpUpdate 2010-02-05 08:31 . 2010-01-13 17:58 -------- d-----w- c:\program files\Google 2010-01-31 20:01 . 2010-01-31 18:42 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2010-01-31 20:01 . 2010-01-31 18:42 2828 --sha-w- c:\documents and settings\All Users\Application Data\KGyGaAvL.sys 2010-01-31 19:01 . 2010-01-31 18:41 -------- d-----w- c:\documents and settings\Dad\Application Data\Corel 2010-01-31 19:00 . 2010-01-31 18:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel 2010-01-31 19:00 . 2010-01-31 19:00 -------- d-----w- c:\program files\Common Files\Protexis 2010-01-31 18:57 . 2010-01-31 18:57 -------- d-----w- c:\program files\Common Files\Corel 2010-01-31 18:56 . 2010-01-31 18:56 -------- d-----w- c:\program files\Corel 2010-01-31 18:42 . 2010-01-31 18:42 8 --sh--r- c:\documents and settings\All Users\Application Data\B8330414B2.sys 2010-01-31 18:42 . 2010-01-31 18:42 8 --sh--r- c:\documents and settings\All Users\Application Data\B8330414B2.sys 2010-01-30 14:23 . 2009-12-29 23:45 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS 2010-01-29 15:26 . 2010-01-29 15:26 -------- d-----w- c:\program files\MSXML 4.0 2010-01-26 19:15 . 2009-12-29 23:49 -------- d-----w- c:\program files\Common Files\Adobe 2010-01-22 15:27 . 2010-01-22 15:27 -------- d-----w- c:\program files\FragFX 2010-01-22 13:50 . 2010-01-22 13:45 77347 ----a-w- c:\windows\hpqins05.dat 2010-01-22 13:48 . 2010-01-13 13:02 -------- d-----w- c:\documents and settings\All Users\Application Data\HP 2010-01-22 13:47 . 2010-01-22 13:47 -------- d-----w- c:\documents and settings\All Users\Application Data\HP Product Assistant 2010-01-21 11:50 . 2010-01-21 11:48 -------- d-----w- c:\program files\IrfanView 2010-01-19 15:52 . 2010-01-19 15:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Motive 2010-01-19 15:41 . 2010-01-19 15:41 -------- d-----w- c:\documents and settings\Dad\Application Data\Motive 2010-01-13 17:58 . 2010-01-13 17:58 -------- d-----w- c:\program files\DivX 2010-01-13 13:14 . 2010-01-13 13:12 -------- d-----w- c:\documents and settings\Dad\Application Data\HP 2010-01-13 13:14 . 2010-01-13 13:14 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG 2010-01-13 13:14 . 2010-01-13 11:57 164746 ----a-w- c:\windows\hpoins21.dat 2010-01-13 13:12 . 2010-01-13 11:58 -------- d-----w- c:\program files\HP 2010-01-13 13:11 . 2010-01-13 13:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Hewlett-Packard 2010-01-13 13:01 . 2010-01-13 13:01 -------- d-----w- c:\program files\Hewlett-Packard 2010-01-13 13:00 . 2010-01-13 13:00 -------- d-----w- c:\program files\Common Files\HP 2010-01-13 11:58 . 2010-01-13 11:58 -------- d-----w- c:\program files\Common Files\Hewlett-Packard 2010-01-10 18:23 . 2009-12-30 09:40 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-10 18:15 . 2010-01-01 10:41 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-10 13:21 . 2010-01-10 13:19 -------- d-----w- c:\documents and settings\Dad\Application Data\Nokia 2010-01-10 13:21 . 2010-01-10 13:19 -------- d-----w- c:\documents and settings\Dad\Application Data\PC Suite 2010-01-10 13:20 . 2010-01-10 13:20 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2010-01-10 13:20 . 2010-01-10 13:20 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2010-01-10 13:19 . 2010-01-10 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Suite 2010-01-10 13:17 . 2010-01-10 13:17 -------- d-----w- c:\program files\Common Files\PCSuite 2010-01-10 13:17 . 2010-01-10 13:17 -------- d-----w- c:\program files\Common Files\Nokia 2010-01-10 13:17 . 2010-01-10 13:16 -------- d-----w- c:\program files\Nokia 2010-01-10 13:17 . 2010-01-10 13:17 -------- d-----w- c:\program files\DIFX 2010-01-10 13:16 . 2010-01-10 13:16 -------- d-----w- c:\program files\PC Connectivity Solution 2010-01-10 13:15 . 2010-01-10 13:15 95232 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\pcswpcsi.exe 2010-01-10 13:15 . 2010-01-10 13:15 8192 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstCCD.exe 2010-01-10 13:15 . 2010-01-10 13:15 61440 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCSFEMsi.exe 2010-01-10 13:15 . 2010-01-10 13:15 10240 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Installer\CommonCustomActions\UninstPCS.exe 2010-01-10 13:15 . 2010-01-10 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Installations 2010-01-10 13:15 . 2010-01-10 13:16 34429264 ----a-w- c:\documents and settings\All Users\Application Data\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_wu_eng.exe 2010-01-10 13:12 . 2010-01-10 13:12 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2010-01-10 13:12 . 2010-01-10 13:12 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-01-10 13:07 . 2010-01-10 13:07 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-01-10 13:07 . 2010-01-10 13:07 -------- d-----w- c:\program files\Common Files\InstallShield 2010-01-07 16:07 . 2009-12-30 09:40 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 16:07 . 2009-12-30 09:40 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-02 20:25 . 2010-01-02 20:25 8 ----a-w- c:\windows\system32\nvModes.dat 2009-12-31 16:50 . 2001-08-18 12:00 353792 ----a-w- c:\windows\system32\drivers\srv.sys 2009-12-31 12:07 . 2009-12-30 11:15 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-29 23:58 . 2009-12-29 23:58 305 ----a-w- c:\windows\system32\secushr.dat 2009-12-29 23:51 . 2009-12-29 23:51 0 ----a-w- c:\windows\nsreg.dat 2009-12-29 23:46 . 2009-12-29 23:46 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe 2009-12-29 23:11 . 2009-12-29 21:53 76487 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat 2009-12-29 21:51 . 2009-12-29 21:51 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-12-21 19:14 . 2001-08-18 12:00 916480 ------w- c:\windows\system32\wininet.dll 2009-12-17 17:14 . 2010-01-02 13:01 411368 ----a-w- c:\windows\system32\deploytk.dll 2009-12-16 18:43 . 2009-12-29 21:50 343040 ----a-w- c:\windows\system32\mspaint.exe 2009-12-14 07:08 . 2001-08-18 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Jet Detection"="c:\program files\Creative\SBAudigy\PROGRAM\ADGJDet.exe" [2001-04-20 28672] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "UpdReg"="c:\windows\Updreg.exe" [2000-05-11 90112] "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-03 866584] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-11-20 110184] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-11-20 12669544] "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2010-01-07 429392] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-14 49152] "hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360] c:\documents and settings\Dad\Start Menu\Programs\Startup\ mworld.lnk - c:\windows\system32\mworld.exe [2010-2-26 106496] c:\documents and settings\All Users\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend] @="Service" [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\FlashGet\\flashget.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"= "c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"= R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [30/12/2009 09:40 236368] R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys [29/12/2009 22:40 1758336] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [30/12/2009 09:40 19160] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [05/02/2010 08:29 135664] S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 19:19 13592] S3 USBVSP;USBVSP;c:\windows\system32\drivers\usbvsp.sys [10/01/2010 13:07 89728] S3 WT6563F;PS3 ISP Update;c:\windows\system32\drivers\WT6563F.sys [22/01/2010 15:27 13120] --- Other Services/Drivers In Memory --- *NewlyCreated* - APPMGMT [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc HPService REG_MULTI_SZ HPSLPSVC . Contents of the 'Scheduled Tasks' folder 2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:29] 2010-03-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 08:29] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.co.uk/ uSearchURL,(Default) = hxxp://www.google.com/keyword/%s IE: &Download All with FlashGet - c:\program files\FlashGet\jc_all.htm IE: &Download with FlashGet - c:\program files\FlashGet\jc_link.htm IE: &Google Search - c:\program files\Google\GoogleToolbar1.dll/cmsearch.html IE: Backward &Links - c:\program files\Google\GoogleToolbar1.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\Google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\Google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\Google\GoogleToolbar1.dll/cmtrans.html Trusted Zone: kuaiche.com\software FF - ProfilePath - c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\xn3zco3y.default\ FF - component: c:\documents and settings\Dad\Application Data\Mozilla\Firefox\Profiles\xn3zco3y.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll FF - component: c:\program files\Nokia\Nokia PC Suite 7\bkmrksync\components\BkMrkExt.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2010-03-07 20:16 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1060284298-842925246-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5850C359-C6B1-43C0-3D02-5A84CB8B12D4}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "ianmcmdggmijhkibpe"=hex:6b,61,61,63,6e,6f,66,66,6c,6a,67,6c,66,68,69,6d,68,6b, 62,67,65,68,00,00 "hadmaccebamlddcj"=hex:6b,61,61,63,6e,6f,66,66,6c,6a,67,6c,66,68,69,6d,68,6b, 62,67,65,68,00,00 "gamlhfdkkgbcjn"=hex:61,63,68,62,70,6f,64,6f,67,65,63,61,61,69,69,63,66,65,66, 65,65,63,6c,69,6a,6c,63,6d,6b,70,6e,6d,68,70,68,6c,6f,6c,63,6e,70,67,6d,6d,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(3280) c:\windows\system32\WININET.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll . Completion time: 2010-03-07 20:17:43 ComboFix-quarantined-files.txt 2010-03-07 20:17 Pre-Run: 61,848,084,480 bytes free Post-Run: 61,828,235,264 bytes free - - End Of File - - 878747AF824A6F3998FDBBB42E2C668F
  5. Here are the files thanks, The combofix file I cant upload after renaming it, Upload failed. You are not permitted to upload this type of file Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 19:59:42, on 07/03/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\explorer.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (file missing) O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (file missing) O4 - HKLM\..\Run: [updReg] C:\WINDOWS\Updreg.exe O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [Jet Detection] C:\Program Files\Creative\SBAudigy\PROGRAM\ADGJDet.exe O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Startup: mworld.lnk = C:\WINDOWS\system32\mworld.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://software.kuaiche.com O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDownlo...sreqlab_nvd.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1262124431718 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1262126829187 O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} (Windows Live Hotmail Photo Upload Tool) - http://gfx2.hotmail.com/mail/w4/pr01/photo...ol/MSNPUpld.cab O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- End of file - 6740 bytes I will try again sorry.
  6. Hi Borislav and thanks for helping me, here are the files Malwarebytes' Anti-Malware 1.44 Database version: 3833 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 07/03/2010 19:01:41 mbam-log-2010-03-07 (19-01-41).txt Scan type: Quick Scan Objects scanned: 131928 Time elapsed: 6 minute(s), 44 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) JavaRa 1.15 Removal Log. Report follows after line. ------------------------------------ The JavaRa removal process was started on Sun Mar 07 18:47:26 2010 ------------------------------------ Finished reporting. Thanyou. DDS.txt Attach.txt
  7. Hi, First time here and not to good at computers my AntiVir Guard has found the HTML/Infected.WebPage.Gen. Here are the files requested; DDS (Ver_09-12-01.01) - NTFSx86 Run by Dad at 13:50:34.43 on 28/02/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1024.399 [GMT 0:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\mworld.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Loaris Trojan Remover\ltr.exe C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Dad\Desktop\New Folder\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://www.google.com/ie BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [Jet Detection] c:\program files\creative\sbaudigy\program\ADGJDet.exe mRun: [updReg] c:\windows\Updreg.exe mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\dad\startm~1\programs\startup\mworld.lnk - c:\windows\system32\mworld.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Backward &Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: kuaiche.com\software DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262124431718 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262126829187 DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\xn3zco3y.default\ FF - component: c:\documents and settings\dad\application data\mozilla\firefox\profiles\xn3zco3y.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-30 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-30 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-30 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-30 56816] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-30 236368] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys [2009-12-29 1758336] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-30 19160] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664] S3 USBVSP;USBVSP;c:\windows\system32\drivers\usbvsp.sys [2010-1-10 89728] S3 WT6563F;PS3 ISP Update;c:\windows\system32\drivers\WT6563F.sys [2010-1-22 13120] =============== Created Last 30 ================ 2010-02-28 13:48:20 0 ----a-w- c:\documents and settings\dad\defogger_reenable 2010-02-28 11:47:35 0 d-----w- C:\ComboFix 2010-02-27 12:22:29 0 d-----w- c:\docume~1\dad\applic~1\Spyware Terminator 2010-02-27 12:07:18 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2010-02-27 12:07:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Spyware Terminator 2010-02-27 12:07:04 0 d-----w- c:\program files\Spyware Terminator 2010-02-26 18:52:44 0 d-----w- c:\program files\Trend Micro 2010-02-26 18:33:41 0 d-----w- c:\program files\common files\PC Tools 2010-02-26 18:23:49 0 d-----w- c:\docume~1\dad\applic~1\EMCO 2010-02-26 18:23:43 0 d-----w- c:\program files\EMCO 2010-02-26 18:18:45 0 d-----w- c:\program files\FileASSASSIN 2010-02-26 15:53:00 106496 ----a-w- c:\windows\system32\mworld.exe 2010-02-26 14:18:27 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-02-26 14:18:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-02-25 14:38:16 87608 ----a-w- c:\docume~1\dad\applic~1\inst.exe 2010-02-25 14:38:16 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2010-02-25 14:38:16 47360 ----a-w- c:\docume~1\dad\applic~1\pcouffin.sys 2010-02-25 14:38:03 65602 ----a-w- c:\windows\system32\cook3260.dll 2010-02-25 14:38:03 626688 ----a-w- c:\windows\system32\vp7vfw.dll 2010-02-25 14:38:03 217127 ----a-w- c:\windows\system32\drv43260.dll 2010-02-25 14:38:03 208935 ----a-w- c:\windows\system32\drv33260.dll 2010-02-25 14:38:03 176165 ----a-w- c:\windows\system32\drv23260.dll 2010-02-25 14:38:03 102439 ----a-w- c:\windows\system32\sipr3260.dll 2010-02-25 14:38:02 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll 2010-02-25 14:37:59 0 d-----w- c:\program files\VSO 2010-02-22 08:13:14 0 d-----w- c:\windows\system32\XPSViewer 2010-02-22 08:12:25 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-02-22 08:12:25 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-02-22 08:12:25 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-02-22 08:12:25 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-02-22 08:12:25 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-02-22 08:12:25 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-02-22 08:12:25 117760 ------w- c:\windows\system32\prntvpt.dll 2010-02-22 08:12:24 0 d-----w- C:\6c21a8fde76fc8286fb1756905 2010-02-21 13:11:50 0 d-----w- c:\program files\Vstplugins 2010-02-21 13:11:34 0 d-----w- c:\program files\Sony 2010-02-21 12:01:39 0 d-----w- c:\program files\Sony Setup 2010-02-14 19:21:25 0 d-----w- c:\program files\MP3 Splitter & Joiner 2010-02-05 14:43:23 0 d--h--w- c:\windows\PIF 2010-02-05 12:59:15 0 d-sh--w- c:\documents and settings\dad\IECompatCache 2010-01-31 19:04:49 17768 ----a-w- c:\windows\FontData.fdb 2010-01-31 19:00:22 0 d-----w- c:\program files\common files\Protexis 2010-01-31 18:57:30 0 d-----w- c:\program files\common files\Corel 2010-01-31 18:56:47 0 d-----w- c:\program files\Corel 2010-01-31 18:42:08 8 --sh--r- c:\docume~1\alluse~1\applic~1\B8330414B2.sys 2010-01-31 18:42:08 2828 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys 2010-01-31 18:40:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Corel 2010-01-29 15:26:37 0 d-----w- c:\program files\MSXML 4.0 ==================== Find3M ==================== 2010-02-24 09:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-01-22 13:50:26 77347 ----a-w- c:\windows\hpqins05.dat 2010-01-13 13:14:07 164746 ----a-w- c:\windows\hpoins21.dat 2010-01-10 13:20:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2010-01-10 13:20:34 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2010-01-10 13:12:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2010-01-10 13:12:36 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-01-07 16:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 16:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-31 12:07:06 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-29 21:51:43 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-17 17:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll ============= FINISH: 13:51:05.70 =============== 10:14:08 (null) MESSAGE Protection started successfully 10:15:44 Dad MESSAGE IP Protection started successfully 10:55:01 Dad IP-BLOCK 209.249.222.42 10:55:03 Dad IP-BLOCK 209.249.222.42 10:55:04 Dad IP-BLOCK 98.124.198.1 10:55:06 Dad IP-BLOCK 209.249.222.42 10:55:07 Dad IP-BLOCK 98.124.198.1 10:55:27 Dad IP-BLOCK 66.179.234.169 10:55:30 Dad IP-BLOCK 66.179.234.169 10:58:31 Dad IP-BLOCK 95.154.209.177 10:58:34 Dad IP-BLOCK 95.154.209.177 12:06:30 (null) MESSAGE Protection started successfully 12:08:22 Dad MESSAGE IP Protection started successfully 12:57:54 Dad IP-BLOCK 209.249.222.42 13:00:18 Dad MESSAGE IP Protection stopped 13:00:23 Dad MESSAGE IP Protection started successfully 13:08:37 Dad IP-BLOCK 67.215.241.141 13:08:40 Dad IP-BLOCK 67.215.241.141 13:08:46 Dad IP-BLOCK 67.215.241.141 13:09:18 Dad IP-BLOCK 67.215.241.141 13:09:21 Dad IP-BLOCK 67.215.241.141 13:09:27 Dad IP-BLOCK 67.215.241.141 13:09:48 Dad IP-BLOCK 67.215.241.141 13:09:51 Dad IP-BLOCK 67.215.241.141 13:09:54 Dad IP-BLOCK 67.215.241.141 13:09:57 Dad IP-BLOCK 67.215.241.141 13:09:57 Dad IP-BLOCK 67.215.241.141 13:10:03 Dad IP-BLOCK 67.215.241.141 13:10:15 Dad IP-BLOCK 67.215.241.141 13:10:18 Dad IP-BLOCK 67.215.241.141 13:10:24 Dad IP-BLOCK 67.215.241.141 13:10:42 Dad IP-BLOCK 67.215.241.141 13:10:45 Dad IP-BLOCK 67.215.241.141 13:10:51 Dad IP-BLOCK 67.215.241.141 13:10:51 Dad IP-BLOCK 67.215.241.141 13:10:54 Dad IP-BLOCK 67.215.241.141 13:11:00 Dad IP-BLOCK 67.215.241.141 13:11:12 Dad IP-BLOCK 67.215.241.141 13:11:15 Dad IP-BLOCK 67.215.241.141 13:11:19 Dad IP-BLOCK 67.215.241.141 13:11:21 Dad IP-BLOCK 67.215.241.141 13:11:22 Dad IP-BLOCK 67.215.241.141 13:11:28 Dad IP-BLOCK 67.215.241.141 13:11:54 Dad IP-BLOCK 67.215.241.141 13:11:57 Dad IP-BLOCK 67.215.241.141 13:12:02 Dad MESSAGE Added 67.215.241.141 to ignore list 13:12:02 Dad MESSAGE IP Protection stopped 13:12:06 Dad MESSAGE IP Protection started successfully DDS (Ver_09-12-01.01) - NTFSx86 Run by Dad at 13:50:34.43 on 28/02/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_18 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1024.399 [GMT 0:00] AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Windows Defender\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs svchost.exe svchost.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Windows Defender\MSASCui.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\HP\HP Software Update\HPWuSchd2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\WINDOWS\system32\mworld.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\WINDOWS\system32\svchost.exe -k hpdevmgmt C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\WINDOWS\System32\svchost.exe -k HPZ12 C:\WINDOWS\System32\svchost.exe -k HPZ12 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\system32\svchost.exe -k HPService C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Loaris Trojan Remover\ltr.exe C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE C:\Program Files\Avira\AntiVir Desktop\GUARDGUI.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Dad\Desktop\New Folder\dds.scr ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.co.uk/ uSearch Page = hxxp://www.google.com uSearch Bar = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/keyword/%s mSearchAssistant = hxxp://www.google.com/ie BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll BHO: FlashGet GetFlash Class: {f156768e-81ef-470c-9057-481ba8380dba} - c:\program files\flashget\getflash.dll TB: {E0E899AB-F487-11D5-8D29-0050BA6940E3} - No File TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll TB: {472734EA-242A-422B-ADF8-83D1E48CC825} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe uRun: [Jet Detection] c:\program files\creative\sbaudigy\program\ADGJDet.exe mRun: [updReg] c:\windows\Updreg.exe mRun: [Windows Defender] "c:\program files\windows defender\MSASCui.exe" -hide mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE StartupFolder: c:\docume~1\dad\startm~1\programs\startup\mworld.lnk - c:\windows\system32\mworld.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm IE: &Google Search - c:\program files\google\GoogleToolbar1.dll/cmsearch.html IE: Backward &Links - c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html IE: Cac&hed Snapshot of Page - c:\program files\google\GoogleToolbar1.dll/cmcache.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: Si&milar Pages - c:\program files\google\GoogleToolbar1.dll/cmsimilar.html IE: Translate into English - c:\program files\google\GoogleToolbar1.dll/cmtrans.html IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL Trusted Zone: kuaiche.com\software DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1262124431718 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1262126829187 DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} - hxxp://gfx2.hotmail.com/mail/w4/pr01/photouploadcontrol/MSNPUpld.cab SEH: Microsoft AntiMalware ShellExecuteHook: {091eb208-39dd-417d-a5dd-7e2c2d8fb9cb} - c:\progra~1\window~4\MpShHook.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\dad\applic~1\mozilla\firefox\profiles\xn3zco3y.default\ FF - component: c:\documents and settings\dad\application data\mozilla\firefox\profiles\xn3zco3y.default\extensions\{db9127a2-3381-41ec-82b3-1b6ed4c6f29a}\components\FlashgetXpi.dll FF - component: c:\program files\nokia\nokia pc suite 7\bkmrksync\components\BkMrkExt.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.2.183.17\npGoogleOneClick8.dll FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); ============= SERVICES / DRIVERS =============== R1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-12-30 11608] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-12-30 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-12-30 185089] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-12-30 56816] R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2009-12-30 236368] R2 WinDefend;Windows Defender;c:\program files\windows defender\MsMpEng.exe [2006-11-3 13592] R3 emu10kx;Creative EMU10K1/EMU10K2 Audio Driver (WDM);c:\windows\system32\drivers\e10kx2k.sys [2009-12-29 1758336] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2009-12-30 19160] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-5 135664] S3 USBVSP;USBVSP;c:\windows\system32\drivers\usbvsp.sys [2010-1-10 89728] S3 WT6563F;PS3 ISP Update;c:\windows\system32\drivers\WT6563F.sys [2010-1-22 13120] =============== Created Last 30 ================ 2010-02-28 13:48:20 0 ----a-w- c:\documents and settings\dad\defogger_reenable 2010-02-28 11:47:35 0 d-----w- C:\ComboFix 2010-02-27 12:22:29 0 d-----w- c:\docume~1\dad\applic~1\Spyware Terminator 2010-02-27 12:07:18 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys 2010-02-27 12:07:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Spyware Terminator 2010-02-27 12:07:04 0 d-----w- c:\program files\Spyware Terminator 2010-02-26 18:52:44 0 d-----w- c:\program files\Trend Micro 2010-02-26 18:33:41 0 d-----w- c:\program files\common files\PC Tools 2010-02-26 18:23:49 0 d-----w- c:\docume~1\dad\applic~1\EMCO 2010-02-26 18:23:43 0 d-----w- c:\program files\EMCO 2010-02-26 18:18:45 0 d-----w- c:\program files\FileASSASSIN 2010-02-26 15:53:00 106496 ----a-w- c:\windows\system32\mworld.exe 2010-02-26 14:18:27 0 d-----w- c:\program files\Spybot - Search & Destroy 2010-02-26 14:18:27 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy 2010-02-25 14:38:16 87608 ----a-w- c:\docume~1\dad\applic~1\inst.exe 2010-02-25 14:38:16 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys 2010-02-25 14:38:16 47360 ----a-w- c:\docume~1\dad\applic~1\pcouffin.sys 2010-02-25 14:38:03 65602 ----a-w- c:\windows\system32\cook3260.dll 2010-02-25 14:38:03 626688 ----a-w- c:\windows\system32\vp7vfw.dll 2010-02-25 14:38:03 217127 ----a-w- c:\windows\system32\drv43260.dll 2010-02-25 14:38:03 208935 ----a-w- c:\windows\system32\drv33260.dll 2010-02-25 14:38:03 176165 ----a-w- c:\windows\system32\drv23260.dll 2010-02-25 14:38:03 102439 ----a-w- c:\windows\system32\sipr3260.dll 2010-02-25 14:38:02 1184984 ----a-w- c:\windows\system32\wvc1dmod.dll 2010-02-25 14:37:59 0 d-----w- c:\program files\VSO 2010-02-22 08:13:14 0 d-----w- c:\windows\system32\XPSViewer 2010-02-22 08:12:25 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-02-22 08:12:25 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-02-22 08:12:25 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll 2010-02-22 08:12:25 575488 ------w- c:\windows\system32\xpsshhdr.dll 2010-02-22 08:12:25 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll 2010-02-22 08:12:25 1676288 ------w- c:\windows\system32\xpssvcs.dll 2010-02-22 08:12:25 117760 ------w- c:\windows\system32\prntvpt.dll 2010-02-22 08:12:24 0 d-----w- C:\6c21a8fde76fc8286fb1756905 2010-02-21 13:11:50 0 d-----w- c:\program files\Vstplugins 2010-02-21 13:11:34 0 d-----w- c:\program files\Sony 2010-02-21 12:01:39 0 d-----w- c:\program files\Sony Setup 2010-02-14 19:21:25 0 d-----w- c:\program files\MP3 Splitter & Joiner 2010-02-05 14:43:23 0 d--h--w- c:\windows\PIF 2010-02-05 12:59:15 0 d-sh--w- c:\documents and settings\dad\IECompatCache 2010-01-31 19:04:49 17768 ----a-w- c:\windows\FontData.fdb 2010-01-31 19:00:22 0 d-----w- c:\program files\common files\Protexis 2010-01-31 18:57:30 0 d-----w- c:\program files\common files\Corel 2010-01-31 18:56:47 0 d-----w- c:\program files\Corel 2010-01-31 18:42:08 8 --sh--r- c:\docume~1\alluse~1\applic~1\B8330414B2.sys 2010-01-31 18:42:08 2828 --sha-w- c:\docume~1\alluse~1\applic~1\KGyGaAvL.sys 2010-01-31 18:40:52 0 d-----w- c:\docume~1\alluse~1\applic~1\Corel 2010-01-29 15:26:37 0 d-----w- c:\program files\MSXML 4.0 ==================== Find3M ==================== 2010-02-24 09:16:06 181632 ------w- c:\windows\system32\MpSigStub.exe 2010-01-22 13:50:26 77347 ----a-w- c:\windows\hpqins05.dat 2010-01-13 13:14:07 164746 ----a-w- c:\windows\hpoins21.dat 2010-01-10 13:20:35 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01007.Wdf 2010-01-10 13:20:34 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf 2010-01-10 13:12:38 0 ---ha-w- c:\windows\system32\drivers\Msft_Kernel_ccdcmb_01005.Wdf 2010-01-10 13:12:36 0 ---ha-w- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf 2010-01-07 16:07:14 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 16:07:04 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2009-12-31 12:07:06 56816 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2009-12-29 21:51:43 21640 ----a-w- c:\windows\system32\emptyregdb.dat 2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll 2009-12-17 17:14:00 411368 ----a-w- c:\windows\system32\deploytk.dll ============= FINISH: 13:51:05.70 =============== I hope this is what you need to help me, if not please let me know and i will sort it, Thankyou in advance for any help ou can give me. Colin. protection_log_2010_02_28.txt ark.zip Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.