Jump to content

Chrome trojan issue


Alanmads
 Share

Recommended Posts

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2

Run by Tech at 11:52:47 on 2012-09-02

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.458 [GMT 1:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\VMSnap3.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Program Files\Microsoft Security Client\msseces.exe

svchost.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\DiskManager\Updater.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.co.uk/

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = isa_websense:8080

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [VMSnap3] c:\windows\VMSnap3.exe

mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Chrome] c:\chrome\chrome.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110}

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F}

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277118227109

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{61C4B7FC-D390-4E0F-BCCC-89C0151ED7C3} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7E5FACE1-1C1B-49BA-AE2B-EC41084F3E67} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B9A4682F-FC9A-44FA-9EC3-4C73BE5B83A0} : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

Notify: klogon - c:\windows\system32\klogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-3-31 565552]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]

R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [2005-6-1 5314]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-21 20968]

R2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [2012-3-20 609792]

R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [2005-6-1 7610]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]

R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2012-7-23 32896]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]

R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2012-4-25 637952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-29 136176]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-11-22 1691480]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-6-19 12400]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-29 136176]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-9-1 35144]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-11-25 606056]

S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-6-19 155320]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2011-12-23 475136]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [2011-12-23 1474560]

.

=============== Created Last 30 ================

.

2012-09-02 07:27:37 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2b778643-5855-49d8-84cb-a7a1a225d9f4}\mpengine.dll

2012-09-01 08:13:58 -------- d-----w- c:\program files\CCleaner

2012-09-01 07:15:44 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-08-31 18:02:14 7022536 ------w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-08-30 21:48:49 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-30 21:48:40 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

==================== Find3M ====================

.

2012-08-30 21:48:20 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-30 21:48:20 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-05 11:27:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-05 11:27:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-14 13:38:14 112640 ----a-w- c:\windows\system32\ff_vfw.dll

2012-07-08 15:42:03 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2012-07-08 15:42:03 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-07-08 15:42:03 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-03 12:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec

2012-06-19 13:45:03 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2012-06-06 19:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

.

============= FINISH: 11:53:47.17 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 21/06/2010 10:21:02

System Uptime: 02/09/2012 11:23:50 (0 hours ago)

.

Motherboard: Intel Corporation | | D945GCCR

Processor: Intel® Celeron® D CPU 3.20GHz | LGA 775 | 3191/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 77 GiB total, 29.62 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP512: 04/06/2012 09:45:27 - Software Distribution Service 3.0

RP513: 06/06/2012 14:25:50 - Software Distribution Service 3.0

RP514: 06/06/2012 14:31:01 - Software Distribution Service 3.0

RP515: 07/06/2012 14:34:57 - System Checkpoint

RP516: 08/06/2012 09:44:09 - Software Distribution Service 3.0

RP517: 09/06/2012 12:14:01 - Software Distribution Service 3.0

RP518: 10/06/2012 12:41:33 - Software Distribution Service 3.0

RP519: 11/06/2012 16:19:12 - Software Distribution Service 3.0

RP520: 12/06/2012 16:45:43 - System Checkpoint

RP521: 13/06/2012 07:15:58 - Software Distribution Service 3.0

RP522: 13/06/2012 23:26:49 - Software Distribution Service 3.0

RP523: 14/06/2012 08:35:47 - Software Distribution Service 3.0

RP524: 15/06/2012 09:45:12 - System Checkpoint

RP525: 15/06/2012 11:34:31 - Software Distribution Service 3.0

RP526: 16/06/2012 11:37:29 - Software Distribution Service 3.0

RP527: 17/06/2012 17:13:46 - Software Distribution Service 3.0

RP528: 18/06/2012 17:51:42 - System Checkpoint

RP529: 19/06/2012 09:04:37 - Software Distribution Service 3.0

RP530: 19/06/2012 14:39:07 - Sony PC Companion

RP531: 19/06/2012 14:44:55 - Uninstalled Sony Ericsson Drivers

RP532: 19/06/2012 14:45:02 - Installed Sony Ericsson Drivers

RP533: 19/06/2012 14:52:36 - Installed Windows XP Wdf01007.

RP534: 19/06/2012 15:02:00 - Sony PC Companion

RP535: 20/06/2012 13:19:22 - Software Distribution Service 3.0

RP536: 21/06/2012 16:10:48 - Software Distribution Service 3.0

RP537: 22/06/2012 21:48:19 - Software Distribution Service 3.0

RP538: 23/06/2012 21:47:31 - Software Distribution Service 3.0

RP539: 24/06/2012 02:29:29 - Software Distribution Service 3.0

RP540: 24/06/2012 21:47:43 - Software Distribution Service 3.0

RP541: 25/06/2012 22:19:34 - System Checkpoint

RP542: 26/06/2012 13:11:55 - Software Distribution Service 3.0

RP543: 27/06/2012 13:10:46 - Software Distribution Service 3.0

RP544: 28/06/2012 14:01:01 - System Checkpoint

RP545: 28/06/2012 20:44:53 - Software Distribution Service 3.0

RP546: 30/06/2012 13:48:06 - Software Distribution Service 3.0

RP547: 01/07/2012 16:36:24 - Software Distribution Service 3.0

RP548: 02/07/2012 18:19:30 - Software Distribution Service 3.0

RP549: 03/07/2012 10:31:11 - Sony PC Companion

RP550: 04/07/2012 09:03:22 - Software Distribution Service 3.0

RP551: 05/07/2012 09:48:10 - Software Distribution Service 3.0

RP552: 06/07/2012 10:35:49 - System Checkpoint

RP553: 07/07/2012 08:34:16 - Software Distribution Service 3.0

RP554: 08/07/2012 11:01:16 - Software Distribution Service 3.0

RP555: 08/07/2012 11:13:11 - Software Distribution Service 3.0

RP556: 08/07/2012 16:41:49 - Uninstalled Sony Ericsson Drivers

RP557: 08/07/2012 16:42:02 - Installed Sony Ericsson Drivers

RP558: 08/07/2012 16:45:43 - Installed Windows XP Wdf01009.

RP559: 09/07/2012 16:59:42 - System Checkpoint

RP560: 10/07/2012 08:39:00 - Software Distribution Service 3.0

RP561: 11/07/2012 08:40:02 - System Checkpoint

RP562: 12/07/2012 14:05:43 - Software Distribution Service 3.0

RP563: 12/07/2012 14:45:25 - Software Distribution Service 3.0

RP564: 13/07/2012 14:29:21 - Software Distribution Service 3.0

RP565: 13/07/2012 21:17:10 - Software Distribution Service 3.0

RP566: 14/07/2012 21:19:19 - System Checkpoint

RP567: 15/07/2012 01:10:00 - Software Distribution Service 3.0

RP568: 16/07/2012 03:13:51 - System Checkpoint

RP569: 16/07/2012 08:46:41 - Software Distribution Service 3.0

RP570: 17/07/2012 08:47:08 - System Checkpoint

RP571: 17/07/2012 08:48:20 - Software Distribution Service 3.0

RP572: 18/07/2012 10:45:40 - Software Distribution Service 3.0

RP573: 19/07/2012 03:01:43 - Removed Nero 7 Ultra Edition

RP574: 19/07/2012 03:16:09 - Installed Nero 7 Ultra Edition

RP575: 19/07/2012 12:31:16 - Software Distribution Service 3.0

RP576: 19/07/2012 12:39:29 - Software Distribution Service 3.0

RP577: 19/07/2012 12:44:40 - Removed Nero 7 Ultra Edition

RP578: 19/07/2012 13:40:55 - Installed Nero 7 Ultra Edition

RP579: 19/07/2012 13:49:33 - Removed Nero 7 Ultra Edition

RP580: 19/07/2012 13:58:08 - Installed Nero 7 Ultra Edition

RP581: 20/07/2012 14:01:10 - System Checkpoint

RP582: 20/07/2012 20:22:00 - Software Distribution Service 3.0

RP583: 21/07/2012 22:39:51 - System Checkpoint

RP584: 22/07/2012 01:39:28 - Software Distribution Service 3.0

RP585: 22/07/2012 16:46:36 - Software Distribution Service 3.0

RP586: 23/07/2012 16:55:57 - System Checkpoint

RP587: 23/07/2012 20:15:17 - Software Distribution Service 3.0

RP588: 24/07/2012 22:50:04 - Software Distribution Service 3.0

RP589: 26/07/2012 07:39:27 - Software Distribution Service 3.0

RP590: 04/08/2012 09:25:47 - Software Distribution Service 3.0

RP591: 05/08/2012 12:35:59 - Software Distribution Service 3.0

RP592: 06/08/2012 17:27:05 - Software Distribution Service 3.0

RP593: 07/08/2012 18:14:35 - System Checkpoint

RP594: 08/08/2012 09:19:29 - Software Distribution Service 3.0

RP595: 09/08/2012 11:13:41 - System Checkpoint

RP596: 10/08/2012 08:36:27 - Software Distribution Service 3.0

RP597: 11/08/2012 11:51:54 - System Checkpoint

RP598: 11/08/2012 22:38:30 - Software Distribution Service 3.0

RP599: 13/08/2012 09:01:48 - Software Distribution Service 3.0

RP600: 29/08/2012 09:54:02 - Software Distribution Service 3.0

RP601: 29/08/2012 23:22:19 - Software Distribution Service 3.0

RP602: 30/08/2012 12:46:53 - Software Distribution Service 3.0

RP603: 30/08/2012 22:47:45 - Removed Java 7 Update 5

RP604: 30/08/2012 22:47:59 - Installed Java 7 Update 7

RP605: 31/08/2012 19:02:07 - Software Distribution Service 3.0

RP606: 01/09/2012 19:21:28 - System Checkpoint

RP607: 02/09/2012 08:27:26 - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Community Help

Adobe Download Assistant

Adobe Download Manager

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Photoshop CS5.1

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

Any Video Converter Ultimate 4.3.9

Any Video Converter Ultimate Crack version 4.3.9

Apple Application Support

Apple Software Update

µTorrent

Belkin F6D4050 Enhanced Wireless USB Adapter

Belkin Wireless USB Adapter Setup

Bonjour

Camera Support Core Library

Camera Window DS

Camera Window DVC

Camera Window MC

Canon Camera Support Core Library

Canon Camera WIA Driver

Canon Camera Window DS for ZoomBrowser EX

Canon Camera Window DVC for ZoomBrowser EX

Canon Camera Window for ZoomBrowser EX

Canon EOS Kiss_N REBEL_XT 350D WIA Driver

Canon Internet Library for ZoomBrowser EX

Canon PhotoRecord

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities Digital Photo Professional 1.6.1

Canon Utilities EOS Capture 1.3

Canon Utilities PhotoStitch 3.1

Canon ZoomBrowser EX

CCleaner

ConvertXtoDVD 4.1.19.365

CPUID CPU-Z 1.54

EOS Capture 1.3

ffdshow v1.2.4475 [2012-07-12]

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976002-v5)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Intel® Network Connections 15.1.29.0

Internet Explorer (Enable DEP)

Internet Library

Java 7 Update 7

Java Auto Updater

K-Lite Mega Codec Pack 8.9.5

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Fix it Center

Microsoft IntelliType Pro 8.2

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.5

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MSN

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Ultra Edition

neroxml

PDF Settings CS5

Perseus 1.7.1 LT Konus

PhotoStitch

PxMergeModule

QuickTime

RAW Image Task 2.0

Realtek High Definition Audio Driver

Registry Mechanic 9.0.0.114

RemoteCapture Task 1.1

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Skype Click to Call

Skype™ 5.8

Sony Ericsson Update Engine

Sony PC Companion 2.10.079

SUPERAntiSpyware

swMSM

System Requirements Lab for Intel

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VIMICRO USB PC Camera (ZC0301PLH)

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

WinRAR archiver

ZC0301PLH_Driver_Setup

.

==== Event Viewer Messages From Past Week ========

.

31/08/2012 19:33:13, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 9444527C0329 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

31/08/2012 08:02:48, error: Service Control Manager [7000] - The Kaspersky Anti-Virus Service service failed to start due to the following error: The system cannot find the path specified.

01/09/2012 08:14:54, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm KLIF MpFilter SASDIFSV SASKUTIL

01/09/2012 08:14:37, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

01/09/2012 08:14:11, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MatSvc with arguments "" in order to run the server: {109DB0ED-7C89-416B-AC66-6D0323941464}

01/09/2012 08:14:03, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MatSvc with arguments "" in order to run the server: {8843B4A2-A3CB-4CB9-9CCE-F443F641009F}

01/09/2012 08:13:43, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

.

==== End Of File ===========================

Link to post
Share on other sites

Hello Alanmads! My name is Maniac and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.

Could you please explain your problem?

Step 1

Please uninstall this application: µTorrent

http://forums.malwarebytes.org/index.php?showtopic=97700

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh DDS log

Link to post
Share on other sites

utorrent has now been removed as advised.

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.02.02

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

:: TECH0001 [administrator]

02/09/2012 12:32:56

mbam-log-2012-09-02 (12-32-56).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 211896

Time elapsed: 12 minute(s), 23 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 1

HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Chrome (Trojan.Agent) -> Data: C:\chrome\chrome.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\chrome\chrome.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

.

DDS (Ver_2011-08-26.01) - NTFSx86

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.7.2

Run by Tech at 13:06:16 on 2012-09-02

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.471 [GMT 1:00]

.

AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

.

============== Running Processes ===============

.

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

c:\Program Files\Microsoft Security Client\MsMpEng.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\VMSnap3.exe

C:\DiskManager\Updater.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\Microsoft Security Client\msseces.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Java\jre7\bin\jqs.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

.

============== Pseudo HJT Report ===============

.

uSearch Page = hxxp://www.google.com

uStart Page = hxxp://www.google.co.uk/

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = isa_websense:8080

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

mSearchAssistant = hxxp://www.google.com/ie

BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll

BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll

TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File

TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: {EEE6C35B-6118-11DC-9C72-001320C79847} - No File

TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

mRun: [VMSnap3] c:\windows\VMSnap3.exe

mRun: [PAC7302_Monitor] c:\windows\pixart\pac7302\Monitor.exe

mRun: [RTHDCPL] RTHDCPL.EXE

mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [Chrome] c:\chrome\chrome.exe

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683}

IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110}

IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F}

DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/sites/production/ieawsdc32.cab

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1277118227109

DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} - hxxp://www.superadblocker.com/activex/sabspx.cab

DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{61C4B7FC-D390-4E0F-BCCC-89C0151ED7C3} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{7E5FACE1-1C1B-49BA-AE2B-EC41084F3E67} : DhcpNameServer = 192.168.1.1

TCP: Interfaces\{B9A4682F-FC9A-44FA-9EC3-4C73BE5B83A0} : DhcpNameServer = 192.168.1.1

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL

Notify: igfxcui - igfxdev.dll

Notify: klogon - c:\windows\system32\klogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 KL1;kl1;c:\windows\system32\drivers\kl1.sys [2011-3-4 133208]

R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 171064]

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2011-3-4 11352]

R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2012-3-31 565552]

R1 MpKsle2f7849b;MpKsle2f7849b;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2b778643-5855-49d8-84cb-a7a1a225d9f4}\MpKsle2f7849b.sys [2012-9-2 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]

R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2011-8-12 116608]

R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [2005-6-1 5314]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [2010-6-21 20968]

R2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [2012-3-20 609792]

R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [2005-6-1 7610]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]

R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2012-7-23 32896]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [2011-3-10 34608]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-11-2 19472]

R3 rt2870;Ralink 802.11n USB Wireless LAN Card Driver;c:\windows\system32\drivers\rt2870.sys [2012-4-25 637952]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-8-29 136176]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-11-22 1691480]

S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [2012-6-19 12400]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-8-29 136176]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\microsoft fix it center\Matsvc.exe [2011-6-13 267568]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [2012-9-1 35144]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\system32\svchost.exe -k nosGetPlusHelper [2008-4-14 14336]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [2010-11-25 606056]

S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-6-19 155320]

S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]

S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [2011-12-23 475136]

S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2008-4-14 14336]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]

S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [2011-12-23 1474560]

.

=============== Created Last 30 ================

.

2012-09-02 12:01:48 29904 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2b778643-5855-49d8-84cb-a7a1a225d9f4}\MpKsle2f7849b.sys

2012-09-02 07:27:37 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2b778643-5855-49d8-84cb-a7a1a225d9f4}\mpengine.dll

2012-09-01 08:13:58 -------- d-----w- c:\program files\CCleaner

2012-09-01 07:15:44 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-08-31 18:02:14 7022536 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll

2012-08-30 21:48:49 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-30 21:48:40 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

.

==================== Find3M ====================

.

2012-08-30 21:48:20 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-30 21:48:20 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-05 11:27:24 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-08-05 11:27:24 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-07-14 13:38:14 112640 ----a-w- c:\windows\system32\ff_vfw.dll

2012-07-08 15:42:03 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2012-07-08 15:42:03 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-07-08 15:42:03 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys

2012-07-06 13:58:51 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05:18 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40:15 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-03 12:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-02 17:49:33 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49:32 43520 ------w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49:32 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05:43 385024 ------w- c:\windows\system32\html.iec

2012-06-19 13:45:03 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2012-06-06 19:59:42 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50:25 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50:25 1172480 ----a-w- c:\windows\system32\msxml3.dll

.

============= FINISH: 13:07:16.81 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2011-08-26.01)

.

Microsoft Windows XP Professional

Boot Device: \Device\HarddiskVolume1

Install Date: 21/06/2010 10:21:02

System Uptime: 02/09/2012 13:00:58 (0 hours ago)

.

Motherboard: Intel Corporation | | D945GCCR

Processor: Intel® Celeron® D CPU 3.20GHz | LGA 775 | 3192/133mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 77 GiB total, 29.621 GiB free.

D: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP512: 04/06/2012 09:45:27 - Software Distribution Service 3.0

RP513: 06/06/2012 14:25:50 - Software Distribution Service 3.0

RP514: 06/06/2012 14:31:01 - Software Distribution Service 3.0

RP515: 07/06/2012 14:34:57 - System Checkpoint

RP516: 08/06/2012 09:44:09 - Software Distribution Service 3.0

RP517: 09/06/2012 12:14:01 - Software Distribution Service 3.0

RP518: 10/06/2012 12:41:33 - Software Distribution Service 3.0

RP519: 11/06/2012 16:19:12 - Software Distribution Service 3.0

RP520: 12/06/2012 16:45:43 - System Checkpoint

RP521: 13/06/2012 07:15:58 - Software Distribution Service 3.0

RP522: 13/06/2012 23:26:49 - Software Distribution Service 3.0

RP523: 14/06/2012 08:35:47 - Software Distribution Service 3.0

RP524: 15/06/2012 09:45:12 - System Checkpoint

RP525: 15/06/2012 11:34:31 - Software Distribution Service 3.0

RP526: 16/06/2012 11:37:29 - Software Distribution Service 3.0

RP527: 17/06/2012 17:13:46 - Software Distribution Service 3.0

RP528: 18/06/2012 17:51:42 - System Checkpoint

RP529: 19/06/2012 09:04:37 - Software Distribution Service 3.0

RP530: 19/06/2012 14:39:07 - Sony PC Companion

RP531: 19/06/2012 14:44:55 - Uninstalled Sony Ericsson Drivers

RP532: 19/06/2012 14:45:02 - Installed Sony Ericsson Drivers

RP533: 19/06/2012 14:52:36 - Installed Windows XP Wdf01007.

RP534: 19/06/2012 15:02:00 - Sony PC Companion

RP535: 20/06/2012 13:19:22 - Software Distribution Service 3.0

RP536: 21/06/2012 16:10:48 - Software Distribution Service 3.0

RP537: 22/06/2012 21:48:19 - Software Distribution Service 3.0

RP538: 23/06/2012 21:47:31 - Software Distribution Service 3.0

RP539: 24/06/2012 02:29:29 - Software Distribution Service 3.0

RP540: 24/06/2012 21:47:43 - Software Distribution Service 3.0

RP541: 25/06/2012 22:19:34 - System Checkpoint

RP542: 26/06/2012 13:11:55 - Software Distribution Service 3.0

RP543: 27/06/2012 13:10:46 - Software Distribution Service 3.0

RP544: 28/06/2012 14:01:01 - System Checkpoint

RP545: 28/06/2012 20:44:53 - Software Distribution Service 3.0

RP546: 30/06/2012 13:48:06 - Software Distribution Service 3.0

RP547: 01/07/2012 16:36:24 - Software Distribution Service 3.0

RP548: 02/07/2012 18:19:30 - Software Distribution Service 3.0

RP549: 03/07/2012 10:31:11 - Sony PC Companion

RP550: 04/07/2012 09:03:22 - Software Distribution Service 3.0

RP551: 05/07/2012 09:48:10 - Software Distribution Service 3.0

RP552: 06/07/2012 10:35:49 - System Checkpoint

RP553: 07/07/2012 08:34:16 - Software Distribution Service 3.0

RP554: 08/07/2012 11:01:16 - Software Distribution Service 3.0

RP555: 08/07/2012 11:13:11 - Software Distribution Service 3.0

RP556: 08/07/2012 16:41:49 - Uninstalled Sony Ericsson Drivers

RP557: 08/07/2012 16:42:02 - Installed Sony Ericsson Drivers

RP558: 08/07/2012 16:45:43 - Installed Windows XP Wdf01009.

RP559: 09/07/2012 16:59:42 - System Checkpoint

RP560: 10/07/2012 08:39:00 - Software Distribution Service 3.0

RP561: 11/07/2012 08:40:02 - System Checkpoint

RP562: 12/07/2012 14:05:43 - Software Distribution Service 3.0

RP563: 12/07/2012 14:45:25 - Software Distribution Service 3.0

RP564: 13/07/2012 14:29:21 - Software Distribution Service 3.0

RP565: 13/07/2012 21:17:10 - Software Distribution Service 3.0

RP566: 14/07/2012 21:19:19 - System Checkpoint

RP567: 15/07/2012 01:10:00 - Software Distribution Service 3.0

RP568: 16/07/2012 03:13:51 - System Checkpoint

RP569: 16/07/2012 08:46:41 - Software Distribution Service 3.0

RP570: 17/07/2012 08:47:08 - System Checkpoint

RP571: 17/07/2012 08:48:20 - Software Distribution Service 3.0

RP572: 18/07/2012 10:45:40 - Software Distribution Service 3.0

RP573: 19/07/2012 03:01:43 - Removed Nero 7 Ultra Edition

RP574: 19/07/2012 03:16:09 - Installed Nero 7 Ultra Edition

RP575: 19/07/2012 12:31:16 - Software Distribution Service 3.0

RP576: 19/07/2012 12:39:29 - Software Distribution Service 3.0

RP577: 19/07/2012 12:44:40 - Removed Nero 7 Ultra Edition

RP578: 19/07/2012 13:40:55 - Installed Nero 7 Ultra Edition

RP579: 19/07/2012 13:49:33 - Removed Nero 7 Ultra Edition

RP580: 19/07/2012 13:58:08 - Installed Nero 7 Ultra Edition

RP581: 20/07/2012 14:01:10 - System Checkpoint

RP582: 20/07/2012 20:22:00 - Software Distribution Service 3.0

RP583: 21/07/2012 22:39:51 - System Checkpoint

RP584: 22/07/2012 01:39:28 - Software Distribution Service 3.0

RP585: 22/07/2012 16:46:36 - Software Distribution Service 3.0

RP586: 23/07/2012 16:55:57 - System Checkpoint

RP587: 23/07/2012 20:15:17 - Software Distribution Service 3.0

RP588: 24/07/2012 22:50:04 - Software Distribution Service 3.0

RP589: 26/07/2012 07:39:27 - Software Distribution Service 3.0

RP590: 04/08/2012 09:25:47 - Software Distribution Service 3.0

RP591: 05/08/2012 12:35:59 - Software Distribution Service 3.0

RP592: 06/08/2012 17:27:05 - Software Distribution Service 3.0

RP593: 07/08/2012 18:14:35 - System Checkpoint

RP594: 08/08/2012 09:19:29 - Software Distribution Service 3.0

RP595: 09/08/2012 11:13:41 - System Checkpoint

RP596: 10/08/2012 08:36:27 - Software Distribution Service 3.0

RP597: 11/08/2012 11:51:54 - System Checkpoint

RP598: 11/08/2012 22:38:30 - Software Distribution Service 3.0

RP599: 13/08/2012 09:01:48 - Software Distribution Service 3.0

RP600: 29/08/2012 09:54:02 - Software Distribution Service 3.0

RP601: 29/08/2012 23:22:19 - Software Distribution Service 3.0

RP602: 30/08/2012 12:46:53 - Software Distribution Service 3.0

RP603: 30/08/2012 22:47:45 - Removed Java 7 Update 5

RP604: 30/08/2012 22:47:59 - Installed Java 7 Update 7

RP605: 31/08/2012 19:02:07 - Software Distribution Service 3.0

RP606: 01/09/2012 19:21:28 - System Checkpoint

RP607: 02/09/2012 08:27:26 - Software Distribution Service 3.0

.

==== Installed Programs ======================

.

Acrobat.com

Adobe AIR

Adobe Community Help

Adobe Download Assistant

Adobe Download Manager

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX

Adobe Photoshop CS5.1

Adobe Reader X (10.1.3)

Adobe Shockwave Player 11.6

Any Video Converter Ultimate 4.3.9

Any Video Converter Ultimate Crack version 4.3.9

Apple Application Support

Apple Software Update

Belkin F6D4050 Enhanced Wireless USB Adapter

Belkin Wireless USB Adapter Setup

Bonjour

Camera Support Core Library

Camera Window DS

Camera Window DVC

Camera Window MC

Canon Camera Support Core Library

Canon Camera WIA Driver

Canon Camera Window DS for ZoomBrowser EX

Canon Camera Window DVC for ZoomBrowser EX

Canon Camera Window for ZoomBrowser EX

Canon EOS Kiss_N REBEL_XT 350D WIA Driver

Canon Internet Library for ZoomBrowser EX

Canon PhotoRecord

Canon RAW Image Task for ZoomBrowser EX

Canon RemoteCapture Task for ZoomBrowser EX

Canon Utilities Digital Photo Professional 1.6.1

Canon Utilities EOS Capture 1.3

Canon Utilities PhotoStitch 3.1

Canon ZoomBrowser EX

CCleaner

ConvertXtoDVD 4.1.19.365

CPUID CPU-Z 1.54

EOS Capture 1.3

ffdshow v1.2.4475 [2012-07-12]

Google Toolbar for Internet Explorer

Google Update Helper

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)

Hotfix for Windows Media Format 11 SDK (KB929399)

Hotfix for Windows Media Player 11 (KB939683)

Hotfix for Windows XP (KB2158563)

Hotfix for Windows XP (KB2443685)

Hotfix for Windows XP (KB2570791)

Hotfix for Windows XP (KB2633952)

Hotfix for Windows XP (KB915800-v4)

Hotfix for Windows XP (KB952287)

Hotfix for Windows XP (KB954550-v5)

Hotfix for Windows XP (KB954708)

Hotfix for Windows XP (KB961118)

Hotfix for Windows XP (KB976002-v5)

Hotfix for Windows XP (KB981793)

Intel® Graphics Media Accelerator Driver

Intel® Network Connections 15.1.29.0

Internet Explorer (Enable DEP)

Internet Library

Java 7 Update 7

Java Auto Updater

K-Lite Mega Codec Pack 8.9.5

Malwarebytes Anti-Malware version 1.62.0.1300

Microsoft .NET Framework 1.1

Microsoft .NET Framework 1.1 Security Update (KB2656353)

Microsoft .NET Framework 1.1 Security Update (KB2656370)

Microsoft .NET Framework 2.0 Service Pack 2

Microsoft .NET Framework 3.0 Service Pack 2

Microsoft .NET Framework 3.5 SP1

Microsoft .NET Framework 4 Client Profile

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft Compression Client Pack 1.0 for Windows XP

Microsoft Fix it Center

Microsoft IntelliType Pro 8.2

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

Microsoft Kernel-Mode Driver Framework Feature Pack 1.9

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office Live Add-in 1.5

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Security Client

Microsoft Security Essentials

Microsoft Silverlight

Microsoft Software Update for Web Folders (English) 12

Microsoft User-Mode Driver Framework Feature Pack 1.0

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft_VC80_ATL_x86

Microsoft_VC80_CRT_x86

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFCLOC_x86

Microsoft_VC90_ATL_x86

Microsoft_VC90_CRT_x86

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFCLOC_x86

MSN

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Ultra Edition

neroxml

PDF Settings CS5

Perseus 1.7.1 LT Konus

PhotoStitch

PxMergeModule

QuickTime

RAW Image Task 2.0

Realtek High Definition Audio Driver

Registry Mechanic 9.0.0.114

RemoteCapture Task 1.1

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)

Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition

Security Update for Microsoft Windows (KB2564958)

Security Update for Windows Internet Explorer 8 (KB2510531)

Security Update for Windows Internet Explorer 8 (KB2544521)

Security Update for Windows Internet Explorer 8 (KB2618444)

Security Update for Windows Internet Explorer 8 (KB2647516)

Security Update for Windows Internet Explorer 8 (KB2675157)

Security Update for Windows Internet Explorer 8 (KB2699988)

Security Update for Windows Internet Explorer 8 (KB2722913)

Security Update for Windows Internet Explorer 8 (KB982381)

Security Update for Windows Media Player (KB2378111)

Security Update for Windows Media Player (KB952069)

Security Update for Windows Media Player (KB954155)

Security Update for Windows Media Player (KB973540)

Security Update for Windows Media Player (KB975558)

Security Update for Windows Media Player (KB978695)

Security Update for Windows Media Player (KB979402)

Security Update for Windows Media Player 11 (KB954154)

Security Update for Windows Search 4 - KB963093

Security Update for Windows XP (KB2079403)

Security Update for Windows XP (KB2115168)

Security Update for Windows XP (KB2121546)

Security Update for Windows XP (KB2160329)

Security Update for Windows XP (KB2229593)

Security Update for Windows XP (KB2259922)

Security Update for Windows XP (KB2279986)

Security Update for Windows XP (KB2286198)

Security Update for Windows XP (KB2296011)

Security Update for Windows XP (KB2347290)

Security Update for Windows XP (KB2360937)

Security Update for Windows XP (KB2387149)

Security Update for Windows XP (KB2393802)

Security Update for Windows XP (KB2412687)

Security Update for Windows XP (KB2419632)

Security Update for Windows XP (KB2423089)

Security Update for Windows XP (KB2440591)

Security Update for Windows XP (KB2443105)

Security Update for Windows XP (KB2476490)

Security Update for Windows XP (KB2478960)

Security Update for Windows XP (KB2478971)

Security Update for Windows XP (KB2479943)

Security Update for Windows XP (KB2481109)

Security Update for Windows XP (KB2483185)

Security Update for Windows XP (KB2485663)

Security Update for Windows XP (KB2503665)

Security Update for Windows XP (KB2506212)

Security Update for Windows XP (KB2507618)

Security Update for Windows XP (KB2507938)

Security Update for Windows XP (KB2508272)

Security Update for Windows XP (KB2508429)

Security Update for Windows XP (KB2509553)

Security Update for Windows XP (KB2524375)

Security Update for Windows XP (KB2535512)

Security Update for Windows XP (KB2536276-v2)

Security Update for Windows XP (KB2536276)

Security Update for Windows XP (KB2544893-v2)

Security Update for Windows XP (KB2544893)

Security Update for Windows XP (KB2555917)

Security Update for Windows XP (KB2562937)

Security Update for Windows XP (KB2566454)

Security Update for Windows XP (KB2567053)

Security Update for Windows XP (KB2567680)

Security Update for Windows XP (KB2570222)

Security Update for Windows XP (KB2570947)

Security Update for Windows XP (KB2584146)

Security Update for Windows XP (KB2585542)

Security Update for Windows XP (KB2592799)

Security Update for Windows XP (KB2598479)

Security Update for Windows XP (KB2603381)

Security Update for Windows XP (KB2618451)

Security Update for Windows XP (KB2619339)

Security Update for Windows XP (KB2620712)

Security Update for Windows XP (KB2621440)

Security Update for Windows XP (KB2624667)

Security Update for Windows XP (KB2631813)

Security Update for Windows XP (KB2633171)

Security Update for Windows XP (KB2639417)

Security Update for Windows XP (KB2641653)

Security Update for Windows XP (KB2646524)

Security Update for Windows XP (KB2647518)

Security Update for Windows XP (KB2653956)

Security Update for Windows XP (KB2655992)

Security Update for Windows XP (KB2659262)

Security Update for Windows XP (KB2660465)

Security Update for Windows XP (KB2661637)

Security Update for Windows XP (KB2676562)

Security Update for Windows XP (KB2685939)

Security Update for Windows XP (KB2686509)

Security Update for Windows XP (KB2691442)

Security Update for Windows XP (KB2695962)

Security Update for Windows XP (KB2698365)

Security Update for Windows XP (KB2705219)

Security Update for Windows XP (KB2707511)

Security Update for Windows XP (KB2709162)

Security Update for Windows XP (KB2712808)

Security Update for Windows XP (KB2718523)

Security Update for Windows XP (KB2719985)

Security Update for Windows XP (KB2723135)

Security Update for Windows XP (KB2731847)

Security Update for Windows XP (KB923561)

Security Update for Windows XP (KB923789)

Security Update for Windows XP (KB941569)

Security Update for Windows XP (KB946648)

Security Update for Windows XP (KB950760)

Security Update for Windows XP (KB950762)

Security Update for Windows XP (KB950974)

Security Update for Windows XP (KB951376-v2)

Security Update for Windows XP (KB951748)

Security Update for Windows XP (KB952004)

Security Update for Windows XP (KB952954)

Security Update for Windows XP (KB954459)

Security Update for Windows XP (KB955069)

Security Update for Windows XP (KB956572)

Security Update for Windows XP (KB956744)

Security Update for Windows XP (KB956802)

Security Update for Windows XP (KB956803)

Security Update for Windows XP (KB956844)

Security Update for Windows XP (KB958644)

Security Update for Windows XP (KB958869)

Security Update for Windows XP (KB959426)

Security Update for Windows XP (KB960225)

Security Update for Windows XP (KB960803)

Security Update for Windows XP (KB960859)

Security Update for Windows XP (KB961501)

Security Update for Windows XP (KB969059)

Security Update for Windows XP (KB970238)

Security Update for Windows XP (KB970430)

Security Update for Windows XP (KB971468)

Security Update for Windows XP (KB971657)

Security Update for Windows XP (KB971961)

Security Update for Windows XP (KB972270)

Security Update for Windows XP (KB973507)

Security Update for Windows XP (KB973869)

Security Update for Windows XP (KB973904)

Security Update for Windows XP (KB974112)

Security Update for Windows XP (KB974318)

Security Update for Windows XP (KB974392)

Security Update for Windows XP (KB974571)

Security Update for Windows XP (KB975025)

Security Update for Windows XP (KB975467)

Security Update for Windows XP (KB975560)

Security Update for Windows XP (KB975561)

Security Update for Windows XP (KB975562)

Security Update for Windows XP (KB975713)

Security Update for Windows XP (KB977816)

Security Update for Windows XP (KB977914)

Security Update for Windows XP (KB978037)

Security Update for Windows XP (KB978338)

Security Update for Windows XP (KB978542)

Security Update for Windows XP (KB978601)

Security Update for Windows XP (KB978706)

Security Update for Windows XP (KB979309)

Security Update for Windows XP (KB979482)

Security Update for Windows XP (KB979559)

Security Update for Windows XP (KB979683)

Security Update for Windows XP (KB979687)

Security Update for Windows XP (KB980195)

Security Update for Windows XP (KB980218)

Security Update for Windows XP (KB980232)

Security Update for Windows XP (KB980436)

Security Update for Windows XP (KB981322)

Security Update for Windows XP (KB981349)

Security Update for Windows XP (KB981852)

Security Update for Windows XP (KB981957)

Security Update for Windows XP (KB981997)

Security Update for Windows XP (KB982132)

Security Update for Windows XP (KB982214)

Security Update for Windows XP (KB982381)

Security Update for Windows XP (KB982665)

Skype Click to Call

Skype™ 5.8

Sony Ericsson Update Engine

Sony PC Companion 2.10.079

SUPERAntiSpyware

swMSM

System Requirements Lab for Intel

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687400) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Update for Microsoft Windows (KB971513)

Update for Windows Internet Explorer 8 (KB2598845)

Update for Windows XP (KB2141007)

Update for Windows XP (KB2345886)

Update for Windows XP (KB2467659)

Update for Windows XP (KB2492386)

Update for Windows XP (KB2541763)

Update for Windows XP (KB2607712)

Update for Windows XP (KB2616676-v2)

Update for Windows XP (KB2641690)

Update for Windows XP (KB2718704)

Update for Windows XP (KB898461)

Update for Windows XP (KB951978)

Update for Windows XP (KB955759)

Update for Windows XP (KB961503)

Update for Windows XP (KB967715)

Update for Windows XP (KB968389)

Update for Windows XP (KB971029)

Update for Windows XP (KB971737)

Update for Windows XP (KB973687)

Update for Windows XP (KB973815)

VIMICRO USB PC Camera (ZC0301PLH)

WebFldrs XP

Windows Genuine Advantage Notifications (KB905474)

Windows Genuine Advantage Validation Tool (KB892130)

Windows Internet Explorer 8

Windows Management Framework Core

Windows Media Format 11 runtime

Windows Media Player 11

WinRAR archiver

ZC0301PLH_Driver_Setup

.

==== Event Viewer Messages From Past Week ========

.

31/08/2012 19:33:13, error: Dhcp [1002] - The IP address lease 192.168.1.2 for the Network Card with network address 9444527C0329 has been denied by the DHCP server 192.168.1.1 (The DHCP Server sent a DHCPNACK message).

29/08/2012 09:41:58, error: Service Control Manager [7000] - The Kaspersky Anti-Virus Service service failed to start due to the following error: The system cannot find the path specified.

01/09/2012 08:14:54, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: Fips intelppm KLIF MpFilter SASDIFSV SASKUTIL

01/09/2012 08:14:37, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service StiSvc with arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

01/09/2012 08:14:11, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MatSvc with arguments "" in order to run the server: {109DB0ED-7C89-416B-AC66-6D0323941464}

01/09/2012 08:14:03, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service MatSvc with arguments "" in order to run the server: {8843B4A2-A3CB-4CB9-9CCE-F443F641009F}

01/09/2012 08:13:43, error: DCOM [10005] - DCOM got error "%1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

.

==== End Of File ===========================

Link to post
Share on other sites

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please post the C:\ComboFix.txt in your next reply for further review.

Note: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.

Link to post
Share on other sites

Hi Maniac. Thanks for your assistance so far.

Here is the log report

ComboFix 12-08-31.08 - Tech 02/09/2012 13:59:56.1.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.539 [GMT 1:00]

Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\windows\system32\SET39.tmp

c:\windows\system32\SET3D.tmp

c:\windows\system32\SET45.tmp

c:\windows\system32\SET75.tmp

c:\windows\system32\SET79.tmp

c:\windows\system32\SET81.tmp

c:\windows\system32\URTTemp

c:\windows\system32\URTTemp\regtlib.exe

.

.

((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))

.

.

2012-09-02 12:23 . 2012-09-02 12:29 -------- d-----w- c:\program files\DownloadManager

2012-09-02 12:23 . 2012-09-02 12:23 -------- d-----w- c:\documents and settings\Tech\Local Settings\Application Data\Giant Savings

2012-09-02 12:22 . 2012-09-02 12:23 -------- d-----w- c:\program files\Giant Savings

2012-09-02 12:01 . 2012-09-02 12:01 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B778643-5855-49D8-84CB-A7A1A225D9F4}\MpKsle2f7849b.sys

2012-09-02 07:27 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B778643-5855-49D8-84CB-A7A1A225D9F4}\mpengine.dll

2012-09-01 08:13 . 2012-09-01 08:14 -------- d-----w- c:\program files\CCleaner

2012-09-01 07:15 . 2012-09-01 07:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-08-31 18:02 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-30 21:49 . 2012-08-30 21:49 -------- d-----w- c:\program files\Common Files\Java

2012-08-30 21:48 . 2012-08-30 21:48 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-30 21:48 . 2012-08-30 21:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-08-06 17:48 . 2012-08-06 17:54 -------- d-----w- c:\program files\Gabest

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-30 21:48 . 2012-06-19 13:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-30 21:48 . 2012-06-19 13:44 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-05 11:27 . 2012-04-03 20:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-05 11:27 . 2011-08-08 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-14 13:38 . 2012-07-10 20:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll

2012-07-08 15:42 . 2012-07-08 15:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-07-08 15:42 . 2012-06-19 13:45 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2012-07-08 15:42 . 2012-06-19 13:45 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys

2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2010-06-21 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-03 12:46 . 2012-04-22 08:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec

2012-06-19 13:45 . 2012-06-19 13:45 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-03 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Chrome"="c:\chrome\chrome.exe" [2012-09-02 1004]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Tech^Start Menu^Programs^Startup^TalkTalk Setup CD Reporting Tool.exe]

backup=c:\windows\pss\TalkTalk Setup CD Reporting Tool.exeStartup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]

2006-07-18 16:15 49152 ----a-w- c:\windows\VMSnap3.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\PerseusLT\\psupdate.exe"=

"c:\\Program Files\\PeerBlock\\peerblock.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

.

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352]

R1 MpKsle2f7849b;MpKsle2f7849b;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B778643-5855-49D8-84CB-A7A1A225D9F4}\MpKsle2f7849b.sys [02/09/2012 13:01 29904]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]

R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [01/06/2005 14:07 5314]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21/06/2010 10:31 20968]

R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [01/06/2005 14:07 7610]

R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [23/07/2012 13:47 32896]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]

S2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [20/03/2012 08:41 609792]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]

S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13:33 3064000]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 08:50 158856]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/11/2011 15:06 1691480]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19/06/2012 14:45 12400]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/09/2012 08:15 35144]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 13:00 14336]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/11/2011 10:30 47360]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/11/2010 07:59 606056]

S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19/06/2012 14:38 155320]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]

S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [23/12/2011 12:58 475136]

S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [23/12/2011 12:58 1474560]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - MPKSLE2F7849B

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-TECH0001-Tech.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-29 08:46]

.

2012-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]

.

2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]

.

2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]

.

2012-09-02 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyServer = isa_websense:8080

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: DhcpNameServer = 192.168.1.1

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

Toolbar-Locked - (no file)

WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)

SafeBoot-mbamchameleon

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-09-02 14:08

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1404)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

Completion time: 2012-09-02 14:12:56

ComboFix-quarantined-files.txt 2012-09-02 13:12

.

Pre-Run: 31,633,731,584 bytes free

Post-Run: 31,875,334,144 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

.

- - End Of File - - 92FE6B25CB1195553351990D57AE72CC

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

Folder::
c:\chrome

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chrome"=-

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 12-08-31.08 - Tech 02/09/2012 14:32:23.2.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.518 [GMT 1:00]

Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Tech\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\chrome

c:\chrome\chrome.exe

c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\381814F6F5270FFBB27E244D6138BC023AF911D5.heu

c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\381814F6F5270FFBB27E244D6138BC023AF911D5.swz

c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\440AE73B017A477382DEFF7C0DBE4896FED21079.heu

c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\440AE73B017A477382DEFF7C0DBE4896FED21079.swz

c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\6344DCC80A9A6A3676DCEA0C92C8C45EFD2F3220.heu

c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\6344DCC80A9A6A3676DCEA0C92C8C45EFD2F3220.swz

c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\6DDB94AE3365798230849FA0F931AC132FE417D1.heu

c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\6DDB94AE3365798230849FA0F931AC132FE417D1.swz

c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\7421C71F94DB4F028E7528B2D278F3FE4DC21273.heu

c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\7421C71F94DB4F028E7528B2D278F3FE4DC21273.swz

c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\871F12AF0853C06E4EB80A1CCAB295CEADBB817A.heu

c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\871F12AF0853C06E4EB80A1CCAB295CEADBB817A.swz

c:\chrome\chrome\%AppData%\Adobe\Flash Player\AssetCache\YWXABER4\cacheSize.txt

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\ad1a.tankionline.com\AlternativaLoader.swf\name.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\ad1a.tankionline.com\localstorage.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\cdn.zopim.com\5y5vLwQkxYuPygDoX6oaMED1d1gu6U2ISession_SO.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\cdn.zopim.com\5y5vLwQkxYuPygDoX6oaMED1d1gu6U2IVolatile_SO.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\cdn.zopim.com\swf\ZClientController.swf\ZopConfig.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\heias.com\x\heias_sc.swf\heias.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\i0.poll.fm\swf\storage.swf\SwfStore.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\img.mail.ru\r\video2\player_v2.swf\MailRu.UniversalVideoPlayer.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\kiks.yandex.ru\fuid01.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\lookup.bluecava.com\machine_data.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\mpsnare.iesnare.com\stm.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\ph-static.phncdn.com\flash\pornhubSkin.swf\pornhub_opts.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\player.onescreen.net\1.8\s\MediaPlayer.swf\OsMediaPlayerId.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\podsos.com\newplayer\player.swf\hexaplayerVolumeCookie.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\podsos.com\player-3.swf\hexaplayerVolumeCookie.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\rutube.ru\analytics.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\rutube.ru\player.swf\rutube.cookies.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\s.ytimg.com\soundData.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\s.ytimg.com\videostats.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\st.pc.adonweb.ru\params.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\static.99widgets.com\polls\swf\poll.swf\xml.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\static.awempire.com\flash\custom-freechat\freechat182.swf\jasmin_versio.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\static.awempire.com\flash\custom-freechat\freechat182.swf\jasminmember01.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.mixcloud.com\media\swf\player\apiplayer.152.swf\_MixcloudVolumeProxySO.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.mixcloud.com\media\swf\player\apiplayer.152.swf\mccp_lso_hf74jsla02jcdb.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.mixcloud.com\media\swf\player\apiplayer.152.swf\mccp_lso_sfg87h299fh2.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.mixcloud.com\media\swf\player\apiplayer.153.swf\_MixcloudVolumeProxySO.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.mixcloud.com\media\swf\player\apiplayer.153.swf\mccp_lso_hf74jsla02jcdb.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.mixcloud.com\media\swf\player\apiplayer.153.swf\mccp_lso_sfg87h299fh2.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.needlive.com\swf\connectiontest3.swf\userData.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.needlive.com\swf\receiver_o.swf\userData.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.needlive.com\swf\receiver_o.swf\videoVolume.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.overkings.ru\swf\overkings209.swf\overkings_flash_enter.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\#SharedObjects\F28MPJEZ\www.xvideos.com\sitevideos\flv_player_site_v4.swf\hexaplayerVolumeCookie.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ad1a.tankionline.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.btrll.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn.zopim.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#counter.rambler.ru\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#embed.redtube.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#heias.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#i0.poll.fm\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#img.mail.ru\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#kiks.yandex.ru\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#km-static.phncdn.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#lookup.bluecava.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mpsnare.iesnare.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#naruto-best.clan.su\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pejnya.ru\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ph-static.phncdn.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.longtailvideo.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#player.onescreen.net\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#podsos.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#releases.flowplayer.org\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#rutube.ru\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#skype.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#st.pc.adonweb.ru\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#stat.ed.cupidplc.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#stat.upforitnetworks.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.99widgets.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.awempire.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#teenredtube.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.dojki.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.localpages.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.mixcloud.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.needlive.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.overkings.ru\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.xvideos.com\settings.sol

c:\chrome\chrome\%AppData%\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol

c:\chrome\chrome\%Cookies%\index.dat

c:\chrome\chrome\%Cookies%\P9EOFGNY.txt

c:\chrome\chrome\%drive_C%\chrome\auth.txt

c:\chrome\chrome\%drive_C%\chrome\block.txt

c:\chrome\chrome\%drive_C%\chrome\crashes.txt

c:\chrome\chrome\%drive_C%\chrome\f\1\AccessibleMarshal.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\chrome.manifest

c:\chrome\chrome\%drive_C%\chrome\f\1\components\binary.manifest

c:\chrome\chrome\%drive_C%\chrome\f\1\D3DCompiler_43.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\d3dx9_43.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\dependentlibs.list

c:\chrome\chrome\%drive_C%\chrome\f\1\freebl3.chk

c:\chrome\chrome\%drive_C%\chrome\f\1\freebl3.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\gkmedias.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\IA2Marshal.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\js.exe

c:\chrome\chrome\%drive_C%\chrome\f\1\libEGL.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\libGLESv2.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\Microsoft.VC80.CRT.manifest

c:\chrome\chrome\%drive_C%\chrome\f\1\mozalloc.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\mozglue.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\mozjs.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\mozsqlite3.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\msvcm80.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\msvcp80.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\msvcr80.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\nspr4.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\nss3.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\nssckbi.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\nssdbm3.chk

c:\chrome\chrome\%drive_C%\chrome\f\1\nssdbm3.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\nssutil3.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\omni.ja

c:\chrome\chrome\%drive_C%\chrome\f\1\platform.ini

c:\chrome\chrome\%drive_C%\chrome\f\1\plc4.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\plds4.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\plugin-container.exe

c:\chrome\chrome\%drive_C%\chrome\f\1\plugins\NPSWF32_11_2_202_228.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\precomplete

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\_CACHE_001_

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\_CACHE_002_

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\_CACHE_003_

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\_CACHE_MAP_

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\05\9AB7Cd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\0F\EE80Bd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\50\40621d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\62\B0DD9d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\6C\E3F75d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\72\7ED1Fd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\91\B4012d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\98\42836d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\A4\01682d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\AA\5F158d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\AC\EB34Dd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\B7\E045Fd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\BC\DB355d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\CD\58728d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\CF\C8192d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\D0\2AA9Cd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\0\E9\0114Dd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\03\C007Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\0B\C0863d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\10\CA96Dd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\24\A5788d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\36\E6070d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\49\18E9Ad01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\51\429FDd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\54\ADAA3d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\64\2F23Bd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\6B\A7DC6d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\76\23902d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\95\46BC0d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\97\21402d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\A3\46408d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\BD\0703Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\C2\1AC61d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\D2\9E2DBd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\E7\57FDDd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\1\F1\1B32Fd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\02\A88ABd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\0B\0D2A6d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\0F\82860d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\11\947A0d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\23\07955d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\3D\79D64d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\54\ACBD1d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\58\A5A6Bd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\63\5154Dd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\6B\70EF4d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\75\74FC3d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\80\72D9Fd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\92\990ACd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\A9\64144d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\BA\ACC13d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\BB\98AF1d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\BD\13DBEd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\CB\AC242d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\CD\6E5BCd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\D9\183B6d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\E6\9226Fd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\E7\10FE0d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\F2\F42BBd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\F4\D33BDd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\2\FE\1C0CDd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\05\EDEBBd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\05\FBC96d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\23\8CC9Ad01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\3A\E4D70d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\40\069DCd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\59\C798Fd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\5B\60A5Ad01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\71\6E100d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\7A\F8DA2d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\85\5E422d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\8A\190EDd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\8B\40ADEd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\92\86547d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\95\442FDd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\A0\49D48d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\AA\B9C10d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\B0\CEEA9d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\BB\6357Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\BB\BD24Cd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\C0\92879d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\C1\C0D9Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\C9\18DD5d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\D4\D7996d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\DF\BC095d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\E7\D5C87d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\3\F2\38283d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\0E\C3288d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\26\D3BB0d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\2B\C90FCd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\31\D8E87d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\31\F864Fd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\3B\0E3EAd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\3B\F009Fd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\45\B274Bd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\55\0654Fd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\71\BE3DFd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\77\32931d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\81\5CF75d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\8C\9E75Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\99\96CEBd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\B5\208EBd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\BE\3D83Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\D4\E3CA3d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\E2\0EE6Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\E3\52857d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\F0\77C6Cd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\4\F1\AB2FBd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\0A\83323d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\23\89716d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\37\260CAd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\3A\CEB7Fd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\3B\311BAd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\48\5D6EEd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\60\C8C7Dd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\6F\B43A5d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\73\6A268d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\8B\55D88d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\8D\B1ADCd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\93\A2A78d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\97\FED51d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\9B\23280d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\A0\212BDd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\C3\DF813d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\D1\D42E2d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\DD\3E51Fd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\DD\B7367d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\F0\7A8CAd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\F5\CE856d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\5\F8\0C3E8d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\02\2E471d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\03\EAF78d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\11\41D8Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\11\67C0Ad01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\18\3AE89d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\37\E38F4d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\4E\1F45Dd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\65\2ADF2d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\7D\CC057d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\7E\5F0A7d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\83\2AA6Fd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\8C\7D71Ad01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\9C\97DD2d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\AA\C176Cd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\AC\E06E8d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\BE\975A2d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\C9\46FDDd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\CA\1B683d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\D5\20A62d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\D9\4AFBBd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\D9\C97F7d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\DB\1CC10d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\6\F8\B9237d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\01\9EF40d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\0E\D6711d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\19\C1440d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\1B\9B0E0d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\21\36045d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\2C\B8DADd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\33\6018Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\36\D84D4d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\47\5989Cd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\56\71230d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\5F\580F5d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\72\FA02Cd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\84\63D2Cd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\8C\596C1d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\8E\3B8A9d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\8F\CBC57d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\97\71E5Ad01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\A2\39943d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\A5\47FC3d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\AA\3A4C7d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\CA\4E961d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\CE\5F3AAd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\CE\D7924d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\E0\674C1d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\E7\0AABBd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\E7\A00D4d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\E8\10A65d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\FA\450C0d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\7\FB\FD1BFd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\13\34B1Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\14\00D5Fd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\19\75A89d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\21\48F82d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\23\E4005d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\24\B8197d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\28\AC786d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\2C\E3578d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\44\881AAd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\56\0A380d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\56\AF4DDd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\66\61940d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\7F\CAFA7d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\8A\08642d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\93\40A95d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\B4\480B7d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\D2\B2A81d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\D9\1AA91d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\E5\6DD8Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\E9\01595d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\8\F0\6AD7Bd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\05\6E60Dd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\18\74451d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\21\98251d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\2E\A3FFBd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\30\81BCEd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\51\5A555d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\52\A9710d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\58\AD33Cd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\64\438F9d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\65\D9102d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\67\C1BC6d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\68\5D564d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\7E\6E934d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\87\957D0d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\93\95B2Fd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\9D\14B8Bd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\BA\5AED3d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\D6\8ED45d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\DF\36F74d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\E2\C9653d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\ED\8530Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\9\F9\47669d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\13\83560d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\22\A5245d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\3A\1D28Dd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\42\E0273d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\56\153ACd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\6B\D4DB4d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\88\0EBC6d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\A8\292F9d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\AA\A6A02d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\BE\12669d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\C3\47252d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\E8\46101d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\FD\30964d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\A\FE\8713Ad01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\12\4B040d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\1B\477B3d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\1C\6B830d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\27\E4463d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\3A\94772d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\3C\0E2FBd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\47\126A1d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\4F\A06BDd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\52\155E5d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\69\93F9Fd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\69\A5601d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\69\C4690d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\6D\E8C22d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\8F\1CD1Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\93\A4604d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\99\D3C23d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\A6\AD8AEd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\A9\EA889d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\AC\EEEE4d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\B4\BEB08d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\B8\F2552d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\BA\5EB97d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\BA\B9B53d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\BA\DE1D2d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\C9\66CB2d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\F9\E1B77d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\B\FA\FFFA7d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\02\B5D3Cd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\05\571DAd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\0D\9E535d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\0F\F003Cd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\24\BD2FCd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\41\12E8Cd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\49\7A582d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\5B\619D8d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\5F\92C8Ad01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\65\A3821d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\67\5D578d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\80\AB5A0d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\90\FD185d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\A5\00082d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\BD\8935Bd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\CF\30206d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\EE\F1936d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\F4\7E4F0d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\C\FC\06C46d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\05\394CCd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\12\86BF3d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\16\47BACd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\25\3CBC2d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\2C\22162d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\3A\204E6d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\4C\AB290d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\4F\E2A9Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\58\9C02Bd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\59\67C13d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\59\976C3d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\5C\9C56Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\63\E8E49d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\69\CC665d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\88\2EA76d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\8F\A2D4Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\9C\B212Fd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\A4\42E2Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\B2\39973d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\BD\9D628d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\BF\C106Fd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\C3\8CEC2d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\D3\66B75d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\E5\4D0FBd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\EC\F8C27d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\D\F7\A3325d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\00\C246Ad01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\02\58A4Dd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\0C\6E4E0d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\3E\D91EAd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\40\AC61Ad01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\53\7BB08d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\60\38733d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\6B\054C0d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\76\BCA54d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\79\573B2d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\8F\9A0FAd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\CC\C1B2Bd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\CC\CDBB8d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\D4\29A99d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\D7\67B3Cd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\ED\D369Bd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\F3\AB438d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\E\FD\F95A6d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\1B\00870d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\1F\069A4d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\1F\EA163d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\23\7ACCBd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\55\3D2FEd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\68\719EFd01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\98\E0BB5d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\99\C7161d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\A1\2C41Ed01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\CD\64400d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\D0\7A3F9d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\Cache\F\EA\CE710d01

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\cert8.db

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\chromeappsstore.sqlite

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\cookies.sqlite-shm

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\cookies.sqlite-wal

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\cookies.sqlite

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\key3.db

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\permissions.sqlite

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\places.sqlite-shm

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\places.sqlite-wal

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\places.sqlite

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\pluginreg.dat

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\secmod.db

c:\chrome\chrome\%drive_C%\chrome\f\1\profile\webappsstore.sqlite

c:\chrome\chrome\%drive_C%\chrome\f\1\redit.exe

c:\chrome\chrome\%drive_C%\chrome\f\1\smime3.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\softokn3.chk

c:\chrome\chrome\%drive_C%\chrome\f\1\softokn3.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\ssl3.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\xpcom.dll

c:\chrome\chrome\%drive_C%\chrome\f\1\xpcshell.exe

c:\chrome\chrome\%drive_C%\chrome\f\1\xul.dll

c:\chrome\chrome\%drive_C%\chrome\f\jet.exe

c:\chrome\chrome\%drive_C%\chrome\f\sfa.bin

c:\chrome\chrome\%drive_C%\chrome\f\sfa.txt

c:\chrome\chrome\%drive_C%\chrome\f\sfc.txt

c:\chrome\chrome\%drive_C%\chrome\f\upcache

c:\chrome\chrome\%drive_C%\chrome\lastowner.txt

c:\chrome\chrome\%drive_C%\chrome\lastsid.txt

c:\chrome\chrome\%drive_C%\chrome\log.txt

c:\chrome\chrome\%drive_C%\chrome\prevsid.txt

c:\chrome\chrome\%drive_C%\chrome\prtest.exe

c:\chrome\chrome\%drive_C%\chrome\SafeSurf ABUSE README.txt

c:\chrome\chrome\%drive_C%\chrome\safesurf.port

c:\chrome\chrome\%drive_C%\chrome\sfa.bin

c:\chrome\chrome\%drive_C%\chrome\skybound.gecko.dll

c:\chrome\chrome\%drive_C%\chrome\surfguard.exe

c:\chrome\chrome\%drive_C%\SafeSurf ABUSE README.txt

c:\chrome\chrome\%History%\History.IE5\index.dat

c:\chrome\chrome\%Internet Cache%\Content.IE5\1FCRQW10\bg[1].png

c:\chrome\chrome\%Internet Cache%\Content.IE5\1FCRQW10\desktop.ini

c:\chrome\chrome\%Internet Cache%\Content.IE5\desktop.ini

c:\chrome\chrome\%Internet Cache%\Content.IE5\GSTFSDE7\bg[1].png

c:\chrome\chrome\%Internet Cache%\Content.IE5\GSTFSDE7\blogs[1].jpg

c:\chrome\chrome\%Internet Cache%\Content.IE5\GSTFSDE7\counter_yadro_ru[1].txt

c:\chrome\chrome\%Internet Cache%\Content.IE5\GSTFSDE7\desktop.ini

c:\chrome\chrome\%Internet Cache%\Content.IE5\index.dat

c:\chrome\chrome\%Internet Cache%\Content.IE5\Q7L628OV\blogs[1].jpg

c:\chrome\chrome\%Internet Cache%\Content.IE5\Q7L628OV\counter_yadro_ru[1].txt

c:\chrome\chrome\%Internet Cache%\Content.IE5\Q7L628OV\desktop.ini

c:\chrome\chrome\%Internet Cache%\desktop.ini

c:\chrome\chrome\%Local AppData%\GDIPFONTCACHEV1.DAT

c:\chrome\chrome\%Local AppData%\Microsoft\Internet Explorer\MSIMGSIZ.DAT

c:\chrome\chrome\%Personal%\SafeSurf ABUSE README.txt

c:\chrome\chrome\%Profile%\IETldCache\index.dat

c:\chrome\chrome\%SystemRoot%\Debug\UserMode\userenv.log

c:\chrome\chrome\%SystemRoot%\h323log.txt

c:\chrome\chrome\%SystemRoot%\tracing\BAP.LOG

c:\chrome\chrome\%SystemRoot%\tracing\conftsp.LOG

c:\chrome\chrome\%SystemRoot%\tracing\conftsp.OLD

c:\chrome\chrome\%SystemRoot%\tracing\KMDDSP.LOG

c:\chrome\chrome\%SystemRoot%\tracing\KMDDSP.OLD

c:\chrome\chrome\%SystemRoot%\tracing\NDPTSP.LOG

c:\chrome\chrome\%SystemRoot%\tracing\NDPTSP.OLD

c:\chrome\chrome\%SystemRoot%\tracing\PPP.LOG

c:\chrome\chrome\%SystemRoot%\tracing\RASAPI32.LOG

c:\chrome\chrome\%SystemRoot%\tracing\RASBACP.LOG

c:\chrome\chrome\%SystemRoot%\tracing\RASCCP.LOG

c:\chrome\chrome\%SystemRoot%\tracing\RASEAP.LOG

c:\chrome\chrome\%SystemRoot%\tracing\RASIPCP.LOG

c:\chrome\chrome\%SystemRoot%\tracing\RASIPHLP.LOG

c:\chrome\chrome\%SystemRoot%\tracing\RASMAN.LOG

c:\chrome\chrome\%SystemRoot%\tracing\RASPAP.LOG

c:\chrome\chrome\%SystemRoot%\tracing\RASQEC.LOG

c:\chrome\chrome\%SystemRoot%\tracing\RASSPAP.LOG

c:\chrome\chrome\%SystemRoot%\tracing\RASTAPI.LOG

c:\chrome\chrome\%SystemRoot%\tracing\tapi32.LOG

c:\chrome\chrome\%SystemRoot%\tracing\tapisrv.LOG

c:\chrome\chrome\%SystemRoot%\tracing\tapisrv.OLD

c:\chrome\chrome\%Temp%\Cookies\IKO0EK2W.txt

c:\chrome\chrome\%Temp%\Cookies\index.dat

c:\chrome\chrome\%Temp%\History\History.IE5\desktop.ini

c:\chrome\chrome\%Temp%\History\History.IE5\index.dat

c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\desktop.ini

c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\GDFZ3Y3P\blogs[1].jpg

c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\GDFZ3Y3P\desktop.ini

c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\HFNH5ADQ\counter_yadro_ru[1].txt

c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\HFNH5ADQ\desktop.ini

c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\index.dat

c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\K04Y1W61\bg[1].png

c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\K04Y1W61\desktop.ini

c:\chrome\chrome\%Temp%\Temporary Internet Files\Content.IE5\U6IW3SG2\desktop.ini

c:\chrome\chrome\Registry.rw.tvr

c:\chrome\chrome\Registry.rw.tvr.lck

c:\chrome\chrome\Registry.rw.tvr.transact

c:\chrome\chrome\Registry.tlog

c:\chrome\chrome\Registry.tlog.cache

.

.

((((((((((((((((((((((((( Files Created from 2012-08-02 to 2012-09-02 )))))))))))))))))))))))))))))))

.

.

2012-09-02 12:23 . 2012-09-02 12:29 -------- d-----w- c:\program files\DownloadManager

2012-09-02 12:23 . 2012-09-02 12:23 -------- d-----w- c:\documents and settings\Tech\Local Settings\Application Data\Giant Savings

2012-09-02 12:22 . 2012-09-02 12:23 -------- d-----w- c:\program files\Giant Savings

2012-09-02 07:27 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2B778643-5855-49D8-84CB-A7A1A225D9F4}\mpengine.dll

2012-09-01 08:13 . 2012-09-01 08:14 -------- d-----w- c:\program files\CCleaner

2012-09-01 07:15 . 2012-09-01 07:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-08-31 18:02 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-08-30 21:49 . 2012-08-30 21:49 -------- d-----w- c:\program files\Common Files\Java

2012-08-30 21:48 . 2012-08-30 21:48 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-30 21:48 . 2012-08-30 21:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-08-06 17:48 . 2012-08-06 17:54 -------- d-----w- c:\program files\Gabest

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-30 21:48 . 2012-06-19 13:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-30 21:48 . 2012-06-19 13:44 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-05 11:27 . 2012-04-03 20:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-05 11:27 . 2011-08-08 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-14 13:38 . 2012-07-10 20:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll

2012-07-08 15:42 . 2012-07-08 15:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-07-08 15:42 . 2012-06-19 13:45 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2012-07-08 15:42 . 2012-06-19 13:45 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys

2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2010-06-21 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-03 12:46 . 2012-04-22 08:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec

2012-06-19 13:45 . 2012-06-19 13:45 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-03 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Chrome"="c:\chrome\chrome.exe" [2012-09-02 1004]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Tech^Start Menu^Programs^Startup^TalkTalk Setup CD Reporting Tool.exe]

backup=c:\windows\pss\TalkTalk Setup CD Reporting Tool.exeStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]

2006-07-18 16:15 49152 ----a-w- c:\windows\VMSnap3.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\PerseusLT\\psupdate.exe"=

"c:\\Program Files\\PeerBlock\\peerblock.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

.

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]

R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [01/06/2005 14:07 5314]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21/06/2010 10:31 20968]

R2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [20/03/2012 08:41 609792]

R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [01/06/2005 14:07 7610]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13:33 3064000]

R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [23/07/2012 13:47 32896]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 08:50 158856]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/11/2011 15:06 1691480]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19/06/2012 14:45 12400]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/09/2012 08:15 35144]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 13:00 14336]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/11/2011 10:30 47360]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/11/2010 07:59 606056]

S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19/06/2012 14:38 155320]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]

S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [23/12/2011 12:58 475136]

S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [23/12/2011 12:58 1474560]

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-TECH0001-Tech.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-29 08:46]

.

2012-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]

.

2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]

.

2012-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]

.

2012-09-02 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyServer = isa_websense:8080

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

TCP: DhcpNameServer = 192.168.1.1

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-09-02 14:46

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1404)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(2672)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\system32\IoctlSvc.exe

c:\windows\RTHDCPL.EXE

c:\windows\system32\igfxsrvc.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2012-09-02 14:51:21 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-02 13:51

ComboFix2.txt 2012-09-02 13:12

.

Pre-Run: 31,873,196,032 bytes free

Post-Run: 31,809,617,920 bytes free

.

- - End Of File - - 58FFF44D45852063069F5B43EE73A733

Link to post
Share on other sites

Hi there.

I requested some assistance earlier with the removal of a stubborn Trojan (Chrome.exe).

Somebody called Maniac has been helping me on here however the person has just dissaperared and i am left part way through the fix.

Can anyone else help me please so i can finish what we started earlier today?

Kind regards

Alanmads

Link to post
Share on other sites

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1

Download Mirror #2


  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    :filefind
    *svchost.exe*


  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

Link to post
Share on other sites

SystemLook 30.07.11 by jpshortstuff

Log created at 13:02 on 03/09/2012 by Tech

Administrator - Elevation successful

========== filefind ==========

Searching for "*svchost.exe*"

C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe --a---- 217672 bytes [08:51 22/04/2012] [12:46 03/07/2012] 8A7F34F0BBD076EC3815680A7309114F

C:\WINDOWS\erdnt\cache\svchost.exe --a---- 14336 bytes [13:10 02/09/2012] [12:00 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe --a---- 132096 bytes [18:16 29/07/2008] [18:16 29/07/2008] D34612C5D02D026535B3095D620626AE

C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config --a--c- 1951 bytes [15:49 09/05/2008] [15:49 09/05/2008] 757BC33428B870035A16FD96B9DDB7FA

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe --a---- 124240 bytes [12:16 18/03/2010] [12:16 18/03/2010] D22CD77D4F0D63D1169BB35911BFF12D

C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe.config --a---- 2262 bytes [02:23 31/08/2009] [02:23 31/08/2009] A9E7E2A3A82362D180CEA7EA1EDFA81A

C:\WINDOWS\system32\svchost.exe --a---- 14336 bytes [12:00 14/04/2008] [12:00 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18

C:\WINDOWS\system32\dllcache\svchost.exe --a--c- 14336 bytes [12:00 14/04/2008] [12:00 14/04/2008] 27C6D03BCDB8CFEB96B716F3D8BE3E18

-= EOF =-

Link to post
Share on other sites

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KillAll::

FCopy::
C:\WINDOWS\erdnt\cache\svchost.exe | C:\WINDOWS\system32\svchost.exe

Folder::
c:\chrome

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Chrome"=-

JavaClearCache::

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Link to post
Share on other sites

ComboFix 12-08-31.08 - Tech 03/09/2012 13:24:41.3.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.558 [GMT 1:00]

Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe

Command switches used :: c:\documents and settings\Tech\Desktop\CFScript.txt

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\chrome

c:\chrome\chrome.exe

.

.

--------------- FCopy ---------------

.

c:\windows\erdnt\cache\svchost.exe --> c:\windows\system32\svchost.exe

.

((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))

.

.

2012-09-03 10:49 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{F6CA06AE-5E59-4F99-815F-52892E83000A}\mpengine.dll

2012-09-02 14:28 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-02 12:23 . 2012-09-02 12:29 -------- d-----w- c:\program files\DownloadManager

2012-09-02 12:23 . 2012-09-02 12:23 -------- d-----w- c:\documents and settings\Tech\Local Settings\Application Data\Giant Savings

2012-09-02 12:22 . 2012-09-02 12:23 -------- d-----w- c:\program files\Giant Savings

2012-09-01 08:13 . 2012-09-01 08:14 -------- d-----w- c:\program files\CCleaner

2012-09-01 07:15 . 2012-09-01 07:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-08-30 21:49 . 2012-08-30 21:49 -------- d-----w- c:\program files\Common Files\Java

2012-08-30 21:48 . 2012-08-30 21:48 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-30 21:48 . 2012-08-30 21:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-08-06 17:48 . 2012-08-06 17:54 -------- d-----w- c:\program files\Gabest

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-30 21:48 . 2012-06-19 13:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-30 21:48 . 2012-06-19 13:44 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-05 11:27 . 2012-04-03 20:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-05 11:27 . 2011-08-08 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-14 13:38 . 2012-07-10 20:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll

2012-07-08 15:42 . 2012-07-08 15:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-07-08 15:42 . 2012-06-19 13:45 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2012-07-08 15:42 . 2012-06-19 13:45 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys

2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2010-06-21 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-03 12:46 . 2012-04-22 08:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec

2012-06-19 13:45 . 2012-06-19 13:45 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

2012-06-05 15:50 . 2008-04-14 12:00 1372672 ----a-w- c:\windows\system32\msxml6.dll

2012-06-05 15:50 . 2008-04-14 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-03 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Chrome"="c:\chrome\chrome.exe" [2012-09-03 0]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Tech^Start Menu^Programs^Startup^TalkTalk Setup CD Reporting Tool.exe]

backup=c:\windows\pss\TalkTalk Setup CD Reporting Tool.exeStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]

2006-07-18 16:15 49152 ----a-w- c:\windows\VMSnap3.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\PerseusLT\\psupdate.exe"=

"c:\\Program Files\\PeerBlock\\peerblock.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

.

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]

R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [01/06/2005 14:07 5314]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21/06/2010 10:31 20968]

R2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [20/03/2012 08:41 609792]

R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [01/06/2005 14:07 7610]

R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13:33 3064000]

R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [23/07/2012 13:47 32896]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 08:50 158856]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/11/2011 15:06 1691480]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19/06/2012 14:45 12400]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/09/2012 08:15 35144]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 13:00 14336]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/11/2011 10:30 47360]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/11/2010 07:59 606056]

S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19/06/2012 14:38 155320]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]

S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [23/12/2011 12:58 475136]

S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [23/12/2011 12:58 1474560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-TECH0001-Tech.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-29 08:46]

.

2012-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]

.

2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]

.

2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]

.

2012-09-03 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyServer = isa_websense:8080

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-09-03 13:34

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1100)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(2704)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Microsoft Security Client\MsMpEng.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\program files\Java\jre7\bin\jqs.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\windows\system32\IoctlSvc.exe

c:\windows\system32\igfxsrvc.exe

c:\windows\RTHDCPL.EXE

.

**************************************************************************

.

Completion time: 2012-09-03 13:39:02 - machine was rebooted

ComboFix-quarantined-files.txt 2012-09-03 12:38

ComboFix2.txt 2012-09-02 13:51

ComboFix3.txt 2012-09-02 13:12

.

Pre-Run: 26,280,767,488 bytes free

Post-Run: 26,292,514,816 bytes free

.

- - End Of File - - 7FF492F1D3D4A53F37F566EA6D4F11ED

Link to post
Share on other sites

Step 1

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Perform Quick Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

Step 2

Download aswMBR.exe to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan

aswMBR2-1.gif

On completion of the scan click save log, save it to your desktop and post in your next reply

aswMBR2.png

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • aswMBR log

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.62.0.1300

www.malwarebytes.org

Database version: v2012.09.03.05

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

Tech :: TECH0001 [administrator]

03/09/2012 13:48:21

mbam-log-2012-09-03 (13-48-21).txt

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 208310

Time elapsed: 4 minute(s), 39 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 6

HKCR\CrossriderApp0004479.BHO (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0004479.FBApi (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0004479.FBApi.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0004479.Sandbox (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCR\CrossriderApp0004479.Sandbox.1 (PUP.CrossFire.Gen) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Quarantined and deleted successfully.

Registry Values Detected: 2

HKCU\Software\InstalledBrowserExtensions\215 Apps|4479 (PUP.CrossFire.SA) -> Data: Giant Savings -> Quarantined and deleted successfully.

HKLM\Software\Microsoft\Windows\CurrentVersion\Run|Chrome (Trojan.Agent) -> Data: C:\chrome\chrome.exe -> Quarantined and deleted successfully.

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 1

C:\chrome\chrome.exe (Trojan.Agent) -> Quarantined and deleted successfully.

(end)

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-03 13:57:38

-----------------------------

13:57:38.687 OS Version: Windows 5.1.2600 Service Pack 3

13:57:38.687 Number of processors: 1 586 0x605

13:57:38.687 ComputerName: TECH0001 UserName: Tech

13:57:39.859 Initialize success

13:59:47.312 AVAST engine defs: 12090300

14:00:16.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5

14:00:16.640 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OAB3A Size: 78533MB BusType: 3

14:00:16.656 Disk 0 MBR read successfully

14:00:16.656 Disk 0 MBR scan

14:00:16.718 Disk 0 Windows XP default MBR code

14:00:16.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78528 MB offset 63

14:00:16.734 Disk 0 scanning sectors +160826715

14:00:16.796 Disk 0 scanning C:\WINDOWS\system32\drivers

14:00:27.140 Service scanning

14:00:52.593 Modules scanning

14:01:00.671 Disk 0 trace - called modules:

14:01:00.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

14:01:00.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f1bab8]

14:01:01.187 3 CLASSPNP.SYS[f76befd7] -> nt!IofCallDriver -> \Device\0000006f[0x86f53a00]

14:01:01.187 5 ACPI.sys[f7545620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x86fabb00]

14:01:02.046 AVAST engine scan C:\WINDOWS

14:01:11.750 AVAST engine scan C:\WINDOWS\system32

14:03:48.812 AVAST engine scan C:\WINDOWS\system32\drivers

14:04:02.156 AVAST engine scan C:\Documents and Settings\Tech

14:07:31.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tech\Desktop\MBR.dat"

14:07:31.968 The log file has been saved successfully to "C:\Documents and Settings\Tech\Desktop\aswMBR.txt"

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-09-03 13:57:38

-----------------------------

13:57:38.687 OS Version: Windows 5.1.2600 Service Pack 3

13:57:38.687 Number of processors: 1 586 0x605

13:57:38.687 ComputerName: TECH0001 UserName: Tech

13:57:39.859 Initialize success

13:59:47.312 AVAST engine defs: 12090300

14:00:16.640 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-5

14:00:16.640 Disk 0 Vendor: Hitachi_HDS721680PLA380 P21OAB3A Size: 78533MB BusType: 3

14:00:16.656 Disk 0 MBR read successfully

14:00:16.656 Disk 0 MBR scan

14:00:16.718 Disk 0 Windows XP default MBR code

14:00:16.718 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 78528 MB offset 63

14:00:16.734 Disk 0 scanning sectors +160826715

14:00:16.796 Disk 0 scanning C:\WINDOWS\system32\drivers

14:00:27.140 Service scanning

14:00:52.593 Modules scanning

14:01:00.671 Disk 0 trace - called modules:

14:01:00.687 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS

14:01:00.687 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86f1bab8]

14:01:01.187 3 CLASSPNP.SYS[f76befd7] -> nt!IofCallDriver -> \Device\0000006f[0x86f53a00]

14:01:01.187 5 ACPI.sys[f7545620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-5[0x86fabb00]

14:01:02.046 AVAST engine scan C:\WINDOWS

14:01:11.750 AVAST engine scan C:\WINDOWS\system32

14:03:48.812 AVAST engine scan C:\WINDOWS\system32\drivers

14:04:02.156 AVAST engine scan C:\Documents and Settings\Tech

14:07:31.968 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tech\Desktop\MBR.dat"

14:07:31.968 The log file has been saved successfully to "C:\Documents and Settings\Tech\Desktop\aswMBR.txt"

14:08:09.218 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Tech\Desktop\MBR.dat"

14:08:09.218 The log file has been saved successfully to "C:\Documents and Settings\Tech\Desktop\aswMBR.txt"

Link to post
Share on other sites

Download AVPTool from Here to your desktop

Run the programme you have just downloaded to your desktop (it will be randomly named)

Click the cog in the upper right

AVPfront.gif

Select down to and including your main drive, once done select the Automatic scan tab and press Start Scan

avpsettings.gif

Allow AVP to delete all infections found

Once it has finished select report tab (last tab)

Select Detected threads report from the left and press Save button

Save it to your desktop and post it in your next reply.

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan

  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, you may close the window
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

Link to post
Share on other sites

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# IEXPLORE.EXE=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=49501e7ced10e34a9fc97eec1744b549

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2012-09-04 12:41:58

# local_time=2012-09-04 01:41:58 (+0000, GMT Daylight Time)

# country="United Kingdom"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=1280 16777215 100 0 0 0 0 0

# compatibility_mode=2560 16777215 100 0 0 0 0 0

# compatibility_mode=5891 16776533 42 92 537 14490210 0 0

# compatibility_mode=8192 67108863 100 0 196 196 0 0

# scanned=71074

# found=6

# cleaned=6

# scan_time=3258

C:\Program Files\Giant Savings\Giant Savings.dll Win32/Toolbar.CrossRider application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\chrome\chrome\%DRIVE~1\chrome\prtest.exe.vir a variant of Win32/Adware.SafeSurf.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Qoobox\Quarantine\C\chrome\chrome\%DRIVE~1\chrome\SURFGU~1.EXE.vir a variant of Win32/Adware.SafeSurf.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B2A1FAE3-805C-4CCE-9542-318AC7067479}\RP607\A0092080.exe a variant of Win32/Adware.SafeSurf.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B2A1FAE3-805C-4CCE-9542-318AC7067479}\RP607\A0092082.exe a variant of Win32/Adware.SafeSurf.AC application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\System Volume Information\_restore{B2A1FAE3-805C-4CCE-9542-318AC7067479}\RP608\A0092490.dll Win32/Toolbar.CrossRider application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

ComboFix 12-09-04.02 - Tech 04/09/2012 16:32:17.4.1 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.44.1033.18.1014.552 [GMT 1:00]

Running from: c:\documents and settings\Tech\Desktop\ComboFix.exe

AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}

AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

.

.

((((((((((((((((((((((((( Files Created from 2012-08-04 to 2012-09-04 )))))))))))))))))))))))))))))))

.

.

2012-09-04 15:26 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D8103920-E6DC-4CD4-AB79-A82F8A7FFB27}\mpengine.dll

2012-09-04 12:56 . 2012-08-22 23:15 7022536 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll

2012-09-04 11:44 . 2012-09-04 11:44 -------- d-----w- c:\program files\ESET

2012-09-04 11:14 . 2012-09-04 11:14 -------- d--h--w- c:\windows\PIF

2012-09-03 12:35 . 2012-09-03 12:56 -------- d-----w- C:\chrome

2012-09-02 12:23 . 2012-09-02 12:29 -------- d-----w- c:\program files\DownloadManager

2012-09-02 12:23 . 2012-09-02 12:23 -------- d-----w- c:\documents and settings\Tech\Local Settings\Application Data\Giant Savings

2012-09-02 12:22 . 2012-09-04 12:07 -------- d-----w- c:\program files\Giant Savings

2012-09-01 08:13 . 2012-09-01 08:14 -------- d-----w- c:\program files\CCleaner

2012-09-01 07:15 . 2012-09-01 07:15 35144 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-08-30 21:49 . 2012-08-30 21:49 -------- d-----w- c:\program files\Common Files\Java

2012-08-30 21:48 . 2012-08-30 21:48 143872 ----a-w- c:\windows\system32\javacpl.cpl

2012-08-30 21:48 . 2012-08-30 21:48 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-08-06 17:48 . 2012-08-06 17:54 -------- d-----w- c:\program files\Gabest

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-08-30 21:48 . 2012-06-19 13:44 821736 ----a-w- c:\windows\system32\npDeployJava1.dll

2012-08-30 21:48 . 2012-06-19 13:44 746984 ----a-w- c:\windows\system32\deployJava1.dll

2012-08-05 11:27 . 2012-04-03 20:15 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-05 11:27 . 2011-08-08 17:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-07-14 13:38 . 2012-07-10 20:01 112640 ----a-w- c:\windows\system32\ff_vfw.dll

2012-07-08 15:42 . 2012-07-08 15:42 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll

2012-07-08 15:42 . 2012-06-19 13:45 25200 ----a-w- c:\windows\system32\drivers\ggsemc.sys

2012-07-08 15:42 . 2012-06-19 13:45 12400 ----a-w- c:\windows\system32\drivers\ggflt.sys

2012-07-06 13:58 . 2008-04-14 12:00 78336 ----a-w- c:\windows\system32\browser.dll

2012-07-04 14:05 . 2010-06-21 09:15 139784 ----a-w- c:\windows\system32\drivers\rdpwd.sys

2012-07-03 13:40 . 2008-04-14 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys

2012-07-03 12:46 . 2012-04-22 08:51 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-02 17:49 . 2008-04-14 12:00 916992 ----a-w- c:\windows\system32\wininet.dll

2012-07-02 17:49 . 2008-04-14 12:00 43520 ------w- c:\windows\system32\licmgr10.dll

2012-07-02 17:49 . 2008-04-14 12:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2012-07-02 12:05 . 2008-04-14 12:00 385024 ------w- c:\windows\system32\html.iec

2012-06-19 13:45 . 2012-06-19 13:45 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll

2012-06-06 19:59 . 2012-06-06 19:59 1070152 ----a-w- c:\windows\system32\MSCOMCTL.OCX

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-03 39408]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]

"VMSnap3"="c:\windows\VMSnap3.exe" [2006-07-18 49152]

"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]

"RTHDCPL"="RTHDCPL.EXE" [2010-09-14 19576424]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2008-05-28 570664]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

"Chrome"="c:\chrome\chrome.exe" [2012-09-04 1004]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2011-07-27 434080]

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^Documents and Settings^Tech^Start Menu^Programs^Startup^TalkTalk Setup CD Reporting Tool.exe]

backup=c:\windows\pss\TalkTalk Setup CD Reporting Tool.exeStartup

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2011-10-24 14:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VMSnap3]

2006-07-18 16:15 49152 ----a-w- c:\windows\VMSnap3.exe

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\PerseusLT\\psupdate.exe"=

"c:\\Program Files\\PeerBlock\\peerblock.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\WINDOWS\\system32\\dxdiag.exe"=

"c:\\Program Files\\Sony Ericsson\\Update Engine\\Sony Ericsson Update Engine.exe"=

"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=

.

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [04/03/2011 13:23 11352]

R1 MpKsledc064fb;MpKsledc064fb;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92A3F554-1D98-41AA-AB95-6F6D317D56FA}\MpKsledc064fb.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{92A3F554-1D98-41AA-AB95-6F6D317D56FA}\MpKsledc064fb.sys [?]

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]

R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]

R2 ApogeeIO;Apogee Port I/O;c:\windows\system32\drivers\apogeeio.sys [01/06/2005 14:07 5314]

R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [21/06/2010 10:31 20968]

R2 MaxImIO;MaxIm Port I/O;c:\windows\system32\drivers\maximio.sys [01/06/2005 14:07 7610]

R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [23/07/2012 13:47 32896]

R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [10/03/2011 18:34 34608]

R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02/11/2009 20:27 19472]

S2 DiskManager;DiskManager;c:\diskmanager\Updater.exe [20/03/2012 08:41 609792]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]

S2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [13/08/2012 13:33 3064000]

S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [29/02/2012 08:50 158856]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [22/11/2011 15:06 1691480]

S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 12:58 11336]

S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [19/06/2012 14:45 12400]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [29/08/2011 14:00 136176]

S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [13/06/2011 22:09 267568]

S3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys [01/09/2012 08:15 35144]

S3 nosGetPlusHelper;getPlus® Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14/04/2008 13:00 14336]

S3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [11/11/2011 10:21 19056]

S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [12/11/2011 10:30 47360]

S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\drivers\RTL8192su.sys [25/11/2010 07:59 606056]

S3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [19/06/2012 14:38 155320]

S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 14:37 517096]

S3 vvftav303;vvftav303;c:\windows\system32\drivers\vvftav303.sys [23/12/2011 12:58 475136]

S3 ZSMC0303;VIMICRO USB PC Camera (ZC0301PLH);c:\windows\system32\drivers\usbVM303.sys [23/12/2011 12:58 1474560]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

getPlusHelper REG_MULTI_SZ getPlusHelper

nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper

.

Contents of the 'Scheduled Tasks' folder

.

2012-08-11 c:\windows\Tasks\AdobeAAMUpdater-1.0-TECH0001-Tech.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-02-29 08:46]

.

2012-09-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 17:57]

.

2012-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]

.

2012-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2011-08-29 13:00]

.

2012-09-04 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job

- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-03-26 16:03]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.co.uk/

uInternet Settings,ProxyServer = isa_websense:8080

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-09-04 16:41

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(1400)

c:\program files\SUPERAntiSpyware\SASWINLO.DLL

c:\windows\system32\WININET.dll

.

- - - - - - - > 'explorer.exe'(3048)

c:\windows\system32\WININET.dll

c:\windows\system32\ieframe.dll

c:\windows\system32\webcheck.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

Completion time: 2012-09-04 16:45:09

ComboFix-quarantined-files.txt 2012-09-04 15:45

ComboFix2.txt 2012-09-03 12:39

ComboFix3.txt 2012-09-02 13:51

ComboFix4.txt 2012-09-02 13:12

.

Pre-Run: 26,632,241,152 bytes free

Post-Run: 26,762,166,272 bytes free

.

- - End Of File - - 9F1E087B5E215D7E5658C90E34E8C6DE

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.