NO errors
ComboFix 14-05-07.03 - Miriam Moody 05/09/2014 11:51:57.3.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1013.433 [GMT -4:00]
Running from: c:\documents and settings\Miriam Moody\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Miriam Moody\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((( Files Created from 2014-04-09 to 2014-05-09 )))))))))))))))))))))))))))))))
.
.
2014-05-08 23:43 . 2014-05-08 23:43 -------- d-----w- c:\documents and settings\Administrator
2014-05-08 03:20 . 2014-05-08 03:20 -------- d-----w- c:\program files\Speccy
2014-05-08 02:45 . 2014-05-08 02:45 -------- d-----w- c:\documents and settings\Jerry
2014-05-08 01:40 . 2014-05-08 02:05 181064 ----a-w- c:\windows\PSEXESVC.EXE
2014-05-08 01:19 . 2014-05-08 01:19 -------- d-----w- c:\program files\Tweaking.com
2014-05-06 20:21 . 2014-05-06 20:34 -------- d-----w- C:\06aa9c2b292a4c23214602f75af6d2
2014-05-05 02:11 . 2014-05-05 11:20 -------- d-----w- C:\FRST
2014-05-05 01:53 . 2014-05-05 01:53 -------- d-----w- c:\windows\ERUNT
2014-05-05 01:41 . 2010-08-30 12:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-05 01:39 . 2014-05-05 01:42 -------- d-----w- C:\AdwCleaner
2014-05-02 15:06 . 2014-05-05 01:44 -------- d-----w- c:\documents and settings\All Users\Application Data\systemk
2014-05-01 12:57 . 2014-05-01 12:57 -------- d-----w- c:\windows\system32\NtmsData
2014-04-30 13:43 . 2014-04-30 13:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Auslogics
2014-04-30 13:43 . 2014-04-30 13:43 -------- d-----w- c:\program files\Auslogics
2014-04-26 18:02 . 2014-04-29 17:38 -------- d-----w- c:\documents and settings\Miriam Moody\usb_driver
2014-04-26 18:02 . 2014-04-29 17:38 851176 ----a-w- c:\windows\system32\WinUSBCoInstaller2.dll
2014-04-25 17:22 . 2014-04-25 17:22 -------- d-----w- c:\documents and settings\Miriam Moody\Local Settings\Application Data\VS Revo Group
2014-04-25 17:22 . 2014-04-25 17:22 -------- d-----w- c:\documents and settings\All Users\Application Data\VS Revo Group
2014-04-25 17:22 . 2009-12-30 14:20 27064 ----a-w- c:\windows\system32\drivers\revoflt.sys
2014-04-25 17:22 . 2014-04-25 17:22 -------- d-----w- c:\program files\VS Revo Group
2014-04-15 13:08 . 2014-04-15 13:08 -------- d-----w- c:\documents and settings\Miriam Moody\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-29 17:38 . 2010-10-15 17:30 1461992 ----a-w- c:\windows\system32\WdfCoInstaller01009.dll
2014-02-14 02:36 . 2013-11-28 21:45 67824 ----a-w- c:\windows\system32\drivers\aswmonflt.sys
2014-02-14 02:35 . 2013-11-28 21:45 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-14 02:35 . 2013-11-28 21:45 57672 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2014-02-14 02:35 . 2013-11-28 21:45 410784 ----a-w- c:\windows\system32\drivers\aswSP.sys
2014-02-14 02:35 . 2013-11-28 21:45 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-14 02:35 . 2013-11-28 21:45 54832 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2014-02-14 02:35 . 2013-11-28 21:45 270240 ----a-w- c:\windows\system32\aswBoot.exe
2014-02-14 02:35 . 2013-11-28 21:45 43152 ----a-w- c:\windows\avastSS.scr
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of %user%\library ----
.
.
---- Directory of c:\program files\Common ----
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-28 21:45 321752 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-06-17 141336]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-06-17 141336]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-10-13 186904]
"AzMixerSel"="c:\program files\Realtek\Audio\Drivers\AzMixerSel.exe" [2009-12-11 59936]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PLFSetL"="c:\windows\PLFSetL.exe" [2010-02-12 99712]
"snp2uvc"="c:\windows\system32\csnp2uvc.dll" [2010-02-12 202112]
"snuvcdsm"="c:\windows\snuvcdsm.exe" [2010-02-12 30080]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-02-05 1692968]
"RTHDCPL"="RTHDCPL.EXE" [2010-03-12 19521056]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-28 3568312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2010-7-22 704032]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\Common Files\\HP\\Digital Imaging\\Bin\\hpqPhotoCrm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqsudi.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpsapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxs08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqfxt08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqpse.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwucli.exe"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Documents and Settings\\Miriam Moody\\Application Data\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [11/28/2013 5:45 PM 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [11/28/2013 5:45 PM 180248]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [11/28/2013 5:45 PM 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/28/2013 5:45 PM 410784]
R1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\drivers\mwlPSDFilter.sys [7/22/2010 5:04 AM 17840]
R1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\drivers\mwlPSDNserv.sys [7/22/2010 5:04 AM 15280]
R1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\drivers\mwlPSDVDisk.sys [7/22/2010 5:04 AM 58800]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswmonflt.sys [11/28/2013 5:45 PM 67824]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [7/19/2010 4:11 AM 321104]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [7/22/2010 5:12 AM 260640]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [7/22/2010 4:56 AM 243232]
R3 L1c;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [7/22/2010 3:38 AM 61552]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/22/2010 4:30 AM 1691480]
S3 EUCR;EUCR;c:\windows\system32\drivers\EUCR6SK.sys [7/22/2010 4:31 AM 82384]
S3 ExpressInvoiceService;Express Invoice;c:\program files\NCH Software\ExpressInvoice\expressinvoice.exe [11/1/2013 4:34 PM 1987588]
S3 MWLService;MyWinLocker Service;c:\program files\EgisTec MyWinLocker\x86\MWLService.exe [5/26/2010 10:41 PM 305520]
S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [4/25/2014 1:22 PM 27064]
S4 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [6/28/2013 6:48 PM 14624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-02 12:50 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-05-09 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-11-28 02:35]
.
2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 03:35]
.
2014-05-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-12-28 03:35]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aod255&r=0xph1210k545l0414wu45w4882u238
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
TCP: DhcpNameServer = 205.152.132.23 205.152.37.23
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-05-09 12:02
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(604)
c:\windows\system32\igfxdev.dll
.
- - - - - - - > 'explorer.exe'(1504)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2014-05-09 12:05:22
ComboFix-quarantined-files.txt 2014-05-09 16:05
ComboFix2.txt 2014-05-09 15:10
ComboFix3.txt 2014-05-09 12:24
.
Pre-Run: 116,144,173,056 bytes free
Post-Run: 116,138,053,632 bytes free
.
- - End Of File - - 6D3FD5B4DDC8CCD27AE92368A5740EE9
A36C5E4F47E84449FF07ED3517B43A31
Sign In
Create Account
