Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Unfound Rootkit - still problems

Started by Horaldo , Apr 20 2011 10:57 AM

  • This topic is locked This topic is locked

#46
Essexboy
Posted 30 April 2011 - 06:14 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\users\Chris\AppData\Local\Temp\gsplittm.sys

Driver::
gsplittm

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"=-


3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListit log.

  • 0

Advertisements

#47
Horaldo
Posted 30 April 2011 - 07:03 AM

Horaldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Here is the OLT log

OTL logfile created on: 30/04/2011 13:58:18 - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.25 Gb Total Space | 92.36 Gb Free Space | 31.71% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.42 Gb Free Space | 96.60% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/24 21:58:36 | 000,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/03 22:26:00 | 002,711,854 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)


========== Driver Services (SafeList) ==========

DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 14:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/05/14 23:05:27 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/11 22:04:06 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/02/22 12:40:38 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2008/01/19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/03/27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/12/06 12:41:16 | 000,044,416 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agrsm.sys -- (AgereSoftModem)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/02/07 12:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/08/30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58202

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58202


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/27 17:27:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/24 21:58:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 21:58:50 | 000,000,000 | ---D | M]

[2011/04/20 22:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\[email protected]
[2011/04/29 22:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/19 22:30:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/27 17:27:14 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2008/08/19 16:42:47 | 000,000,000 | ---D | M] (Veoh Browser Plug-in) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOH\PLUGINS\NOREG\VIDEOFINDER4
[2008/12/04 19:10:59 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2009/09/02 01:58:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/20 13:29:14 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2011/04/30 12:14:16 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - Startup: C:\Users\Carolanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} http://www.netmarble...b/NMJTransX.cab (NMJTransX Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.salisb...sCamControl.cab (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 13:45:54 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/30 13:45:54 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2011/04/30 13:34:58 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/04/30 13:34:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/29 11:32:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\ImgBurn
[2011/04/29 08:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/04/29 08:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/04/28 18:02:42 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2011/04/25 09:07:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/19 21:02:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/18 19:14:43 | 000,100,480 | ---- | C] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 19:08:12 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\TDSSKiller.exe
[2011/04/18 18:16:34 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/17 22:22:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/17 22:22:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/17 22:22:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/17 22:22:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/17 22:18:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/17 22:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tizer™ Rootkit Razor
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Tizer™ Rootkit Razor
[2011/04/17 20:31:46 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:44 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/17 18:33:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Deployment
[2011/04/17 18:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2011/04/17 18:02:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/17 17:56:23 | 006,449,984 | ---- | C] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/17 16:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/17 16:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/16 15:55:36 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/04/16 12:25:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 12:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/15 23:34:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2011/04/09 10:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/09 10:23:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DivX
[2011/04/05 20:00:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/05 20:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/05 20:00:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/05 19:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/05 19:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/05 19:04:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Threat Expert
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/04/05 18:29:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apps(32)
[2011/04/05 18:22:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Temp(39)
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2011/04/05 18:13:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Google
[2011/04/05 00:03:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/04/04 23:56:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe(41)
[2010/08/07 15:44:48 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\REX Shared Library.dll
[2009/05/04 16:15:24 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\Rewire.dll
[2007/03/12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005/11/23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 13:53:51 | 000,607,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/30 13:53:51 | 000,107,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/30 13:49:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/30 13:49:26 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/04/30 12:50:32 | 004,333,650 | R--- | M] () -- C:\Users\Chris\Desktop\ComboFix.exe
[2011/04/30 12:39:36 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/30 12:14:16 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/04/30 11:36:53 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/29 21:06:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 21:06:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 20:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/29 19:31:02 | 238,836,168 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/28 18:04:28 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2011/04/28 18:02:44 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2011/04/25 23:23:26 | 000,001,207 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGG.rtf
[2011/04/25 09:18:29 | 000,002,316 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\37E0.2D4
[2011/04/21 20:12:07 | 000,002,523 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/21 19:22:37 | 000,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Local\{082ED083-878B-420D-A558-5A4D0560DC79}
[2011/04/19 23:16:01 | 001,544,204 | ---- | M] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:08:53 | 000,629,057 | ---- | M] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | M] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | M] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 21:30:14 | 000,089,422 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/19 20:18:11 | 000,387,584 | ---- | M] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:02:36 | 000,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/18 19:24:12 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/18 19:14:43 | 000,100,480 | ---- | M] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 18:10:57 | 000,000,552 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 20:56:36 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | M] () -- C:\Windows\wininit.ini
[2011/04/17 20:31:46 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:45 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 18:02:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:56:48 | 006,449,984 | ---- | M] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 16:02:13 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:26:17 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/16 15:26:17 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/16 15:25:58 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:25:48 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 09:34:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/16 09:34:37 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/16 09:00:12 | 001,263,721 | ---- | M] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/10 23:38:26 | 000,025,088 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 06:14:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/08 06:14:00 | 000,004,755 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2011/04/05 20:00:54 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/30 12:50:03 | 004,333,650 | R--- | C] () -- C:\Users\Chris\Desktop\ComboFix.exe
[2011/04/29 21:10:47 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/04/29 08:11:07 | 000,001,667 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/04/28 18:04:28 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2011/04/28 18:03:42 | 000,301,568 | ---- | C] () -- C:\Users\Chris\Desktop\gmer.exe
[2011/04/25 09:14:46 | 000,002,316 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\37E0.2D4
[2011/04/22 09:45:08 | 238,836,168 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/21 19:22:37 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{082ED083-878B-420D-A558-5A4D0560DC79}
[2011/04/19 23:16:01 | 001,544,204 | ---- | C] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:08:53 | 000,629,057 | ---- | C] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | C] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | C] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 20:18:11 | 000,387,584 | ---- | C] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:02:08 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/18 18:10:57 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 22:22:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/17 22:22:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/17 22:22:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/17 22:22:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/17 22:22:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/17 20:56:36 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/17 18:56:51 | 000,089,422 | ---- | C] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/17 18:41:44 | 000,002,523 | ---- | C] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/17 17:57:30 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/17 16:02:13 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:25:58 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:09:33 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/16 09:00:00 | 001,263,721 | ---- | C] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/05 20:00:54 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/07 21:56:28 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/02/07 20:43:58 | 000,000,665 | ---- | C] () -- C:\Windows\eReg.dat
[2010/10/19 08:38:43 | 000,246,784 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2010/07/09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/11/10 23:13:54 | 000,139,152 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\PnkBstrK.sys
[2009/11/10 23:13:54 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/10 23:13:36 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/11/10 23:13:32 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/11/10 23:13:31 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/10/08 17:38:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/08 17:38:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/08 17:38:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/05 11:32:58 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/20 18:01:17 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/07/03 16:50:48 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/04/10 11:26:55 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/03/18 19:47:04 | 000,000,000 | ---- | C] () -- C:\Windows\MSDraw.ini
[2009/03/07 19:45:54 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2009/03/05 21:30:02 | 003,423,744 | ---- | C] () -- C:\Windows\System32\libfilefmt-1.1.0.dll
[2009/03/05 21:30:02 | 000,020,480 | ---- | C] () -- C:\Windows\System32\libavi-dd-1.2.0.dll
[2008/11/03 19:15:09 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2008/11/03 19:04:29 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/11/03 19:04:29 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/11/03 19:04:29 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/11/03 19:04:29 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/11/03 19:04:29 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/11/03 19:04:29 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/11/03 19:04:29 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/11/03 19:04:29 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/11/03 19:04:29 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/11/03 19:04:29 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/11/03 19:04:29 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/11/03 19:04:29 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008/11/03 19:04:29 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008/11/03 19:04:29 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/11/03 19:04:29 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/10/15 22:10:17 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\C2912C281D.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/05 17:18:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/07/08 15:34:42 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/06/16 16:59:32 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008/06/16 16:59:32 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/05/14 23:44:30 | 000,000,911 | ---- | C] () -- C:\Windows\STA2.ini
[2008/04/26 08:17:56 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/04/26 08:17:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/11 10:20:20 | 000,025,088 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/07 10:35:52 | 000,229,376 | ---- | C] () -- C:\Windows\System32\CPGameLauncher.exe
[2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,392,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,607,600 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,107,478 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 09:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004/02/27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[1996/02/23 22:34:48 | 000,014,629 | ---- | C] () -- C:\Windows\System32\Declw.dll
[1996/02/22 20:09:20 | 000,032,256 | ---- | C] () -- C:\Windows\System32\Decln.dll

========== LOP Check ==========

[2011/03/20 18:35:25 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\FrostWire
[2008/11/22 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\LimeWire
[2010/06/16 18:16:04 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\Template
[2010/02/18 21:10:04 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\Trusteer
[2011/01/20 19:29:42 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\uTorrent
[2011/04/17 18:02:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acreon
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CrystalApp
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DNA
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FreeAudioPack
[2011/04/07 19:02:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FrostWire
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FVDIEPlugin
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
[2011/04/29 19:20:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ImgBurn
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PlaneShift
[2011/04/29 09:17:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2011/04/29 21:06:54 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >



I dragged that txt file into ComboFix twice. I'm afraid I'm not sure if it worked as it should, while the scan was more than half way done I left it and came back to a rebooted computer. The custom txt file is gone from my desktop. In C/ComboFix the combofix.txt file says

ComboFix 11-04-29.03 - Chris 30/04/2011 13:38:51.5.4 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.44.1033.18.2046.1621 [GMT 1:00]
Running from: C:\Users\Chris\Desktop\ComboFix.exe
Command switches used :: C:\Users\Chris\Desktop\CFScript.txt
* Created a new restore point

FILE ::
"c:\users\Chris\AppData\Local\Temp\gsplittm.sys"


Overlay aborted ... Please run ComboFix once more
  • 0

#48
Essexboy
Posted 30 April 2011 - 07:10 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you retry the CF script run again please
  • 0

#49
Horaldo
Posted 30 April 2011 - 07:31 AM

Horaldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Much the same happened. It got to about section 60 and then shut down. It wasn't a blue screen however, I got the "Windows is now shutting down" page.
  • 0

#50
Essexboy
Posted 30 April 2011 - 07:37 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets try it with OTL

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL


    :Services
    gsplittm

    :Files
    ipconfig /flushdns /c
    c:\users\Chris\AppData\Local\Temp\gsplittm.sys

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

#51
Horaldo
Posted 30 April 2011 - 07:43 AM

Horaldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
OTL logfile created on: 30/04/2011 14:40:14 - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Chris\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 82.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 291.25 Gb Total Space | 91.44 Gb Free Space | 31.40% Space Free | Partition Type: NTFS
Drive S: | 1.46 Gb Total Space | 1.42 Gb Free Space | 96.60% Space Free | Partition Type: NTFS

Computer Name: CHRIS-PC | User Name: Chris | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008/01/19 08:33:11 | 000,498,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\HelpPane.exe


========== Modules (SafeList) ==========

MOD - [2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (AMService)
SRV - [2011/04/07 21:54:52 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/02/23 15:04:19 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Stopped] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/07/16 17:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2009/05/03 22:26:00 | 002,711,854 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\System32\GameMon.des -- (npggsvc)


========== Driver Services (SafeList) ==========

DRV - [2011/04/08 06:14:00 | 010,690,024 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2011/02/23 14:56:55 | 000,371,544 | ---- | M] (AVAST Software) [File_System | System | Stopped] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/02/23 14:56:45 | 000,301,528 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/02/23 14:55:49 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/02/23 14:55:10 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/02/23 14:55:03 | 000,053,592 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2011/02/23 14:54:55 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys -- (WsAudio_DeviceS(5)) WsAudio_DeviceS(5)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys -- (WsAudio_DeviceS(4)) WsAudio_DeviceS(4)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys -- (WsAudio_DeviceS(3)) WsAudio_DeviceS(3)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys -- (WsAudio_DeviceS(2)) WsAudio_DeviceS(2)
DRV - [2010/09/14 15:38:58 | 000,025,704 | ---- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys -- (WsAudio_DeviceS(1)) WsAudio_DeviceS(1)
DRV - [2010/05/10 19:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 19:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2009/07/22 20:13:20 | 000,028,592 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2008/05/14 23:05:27 | 000,717,296 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/04/11 22:04:06 | 000,017,480 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/02/22 12:40:38 | 000,028,672 | ---- | M] (http://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2008/01/19 06:55:21 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\irsir.sys -- (irsir)
DRV - [2008/01/14 11:06:32 | 000,021,632 | ---- | M] (ManyCam LLC.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ManyCam.sys -- (ManyCam)
DRV - [2007/03/27 18:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3) USB PC Camera (SNPSTD3)
DRV - [2006/12/06 12:41:16 | 000,044,416 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2006/11/02 08:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\agrsm.sys -- (AgereSoftModem)
DRV - [2006/11/02 08:30:56 | 000,044,544 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtlh86.sys -- (RTL8169)
DRV - [2006/11/02 08:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) Intel®
DRV - [2006/02/07 12:52:58 | 000,006,912 | ---- | M] (JMicron ) [Kernel | Boot | Running] -- C:\Windows\system32\DRIVERS\JGOGO.sys -- (JGOGO)
DRV - [2005/08/30 17:59:00 | 000,094,000 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV - [2005/08/30 17:58:56 | 000,008,304 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV - [2005/08/30 17:57:18 | 000,058,320 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58202

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58202


IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://google.co.uk/
IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.co.uk"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [email protected]:20110101
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.4
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/03/27 17:27:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/24 21:58:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/24 21:58:50 | 000,000,000 | ---D | M]

[2011/04/20 22:32:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Extensions
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\txixir02.default\extensions\[email protected]
[2011/04/29 22:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/19 22:30:20 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2011/03/27 17:27:14 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2008/08/19 16:42:47 | 000,000,000 | ---D | M] (Veoh Browser Plug-in) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOH\PLUGINS\NOREG\VIDEOFINDER4
[2008/12/04 19:10:59 | 000,000,000 | ---D | M] (Veoh Web Player Video Finder) -- C:\PROGRAM FILES\VEOH NETWORKS\VEOHWEBPLAYER\FFVIDEOFINDER
[2009/09/02 01:58:39 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2010/11/12 19:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/20 13:29:14 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll

O1 HOSTS File: ([2011/04/30 14:37:48 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Web Player Video Finder) - {0FBB9689-D3D7-4f7a-A2E2-585B10099BFC} - C:\Program Files\Veoh Networks\VeohWebPlayer\VeohIEToolbar.dll (Veoh Networks Inc)
O3 - HKLM\..\Toolbar: (Veoh Video Compass) - {52836EB0-631A-47B1-94A6-61F9D9112DAE} - C:\Program Files\Veoh Networks\Veoh Video Compass\SearchRecsPlugin.dll (Veoh Networks)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll ()
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\JM\JMInsIDE.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - Startup: C:\Users\Carolanne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - Reg Error: Value error. File not found
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - Reg Error: Value error. File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} http://www.nvidia.co.../sysreqlab3.cab (System Requirements Lab Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} http://messenger.zon...kr.cab56986.cab (Checkers Class)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {40F576AD-8680-4F9E-9490-99D069CD665F} http://srtest-cdn.sy...eqlabdetect.cab (Reg Error: Key error.)
O16 - DPF: {4A85DBE0-BFB2-4119-8401-186A7C6EB653} http://messenger.zon...S.cab109791.cab ()
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} http://messenger.zon...wn.cab56986.cab (Solitaire Showdown Class)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zon...1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6FC19219-C47E-4880-9A79-D218A1C374F9} http://www.netmarble...b/NMJTransX.cab (NMJTransX Control)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebo...oUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} http://webcam.salisb...sCamControl.cab (CamImage Class)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://messenger.zon...ro.cab56649.cab (MSN Games - Installer)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zon...nt.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx1.hotmail....NPUplden-gb.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} http://messenger.zon...er.cab56986.cab (Minesweeper Flags Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O24 - Desktop BackupWallPaper: C:\Users\Chris\AppData\Roaming\Microsoft\Windows Photo Gallery\Windows Photo Gallery Wallpaper.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-2291423683-1319649724-4169294494-1000\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/30 14:25:21 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2011/04/30 14:25:21 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\temp
[2011/04/30 14:14:53 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/04/30 14:14:33 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2011/04/29 11:32:00 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\ImgBurn
[2011/04/29 08:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/04/29 08:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn
[2011/04/28 18:02:42 | 000,566,272 | ---- | C] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2011/04/25 09:07:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/19 21:02:41 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/18 19:14:43 | 000,100,480 | ---- | C] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 19:08:12 | 001,377,112 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Chris\Desktop\TDSSKiller.exe
[2011/04/18 18:16:34 | 000,057,960 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/17 22:22:33 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2011/04/17 22:22:33 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2011/04/17 22:22:33 | 000,031,232 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2011/04/17 22:22:26 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011/04/17 22:18:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/17 22:02:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tizer™ Rootkit Razor
[2011/04/17 20:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Tizer™ Rootkit Razor
[2011/04/17 20:31:46 | 001,137,360 | ---- | C] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:44 | 000,190,032 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | C] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2011/04/17 18:41:44 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011/04/17 18:33:51 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Deployment
[2011/04/17 18:19:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Sunbelt
[2011/04/17 18:02:53 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:57:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Hitman Pro
[2011/04/17 17:56:23 | 006,449,984 | ---- | C] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\SUPERAntiSpyware.com
[2011/04/17 16:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011/04/17 16:02:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011/04/17 16:02:12 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/04/16 15:55:36 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2011/04/16 12:25:38 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 12:23:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/15 23:34:45 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\WinRAR
[2011/04/09 10:38:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011/04/09 10:23:39 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\DivX
[2011/04/05 20:00:54 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2011/04/05 20:00:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/05 20:00:51 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2011/04/05 19:38:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011/04/05 19:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/04/05 19:04:31 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Threat Expert
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\PC Tools Security
[2011/04/05 18:42:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2011/04/05 18:29:38 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Apps(32)
[2011/04/05 18:22:04 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Macromedia
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Temp(39)
[2011/04/05 18:19:37 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Adobe
[2011/04/05 18:13:43 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Local\Google
[2011/04/05 00:03:08 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Malwarebytes
[2011/04/04 23:56:20 | 000,000,000 | ---D | C] -- C:\Users\Chris\AppData\Roaming\Adobe(41)
[2010/08/07 15:44:48 | 000,233,472 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\REX Shared Library.dll
[2009/05/04 16:15:24 | 000,225,280 | ---- | C] (Propellerhead Software AB) -- C:\Users\Chris\AppData\Roaming\Rewire.dll
[2007/03/12 11:41:52 | 000,061,440 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2005/11/23 12:55:32 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/30 14:39:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011/04/30 14:39:07 | 268,435,456 | -HS- | M] () -- C:\Windows\System32\temppf.sys
[2011/04/30 14:37:48 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2011/04/30 14:31:13 | 000,607,600 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2011/04/30 14:31:13 | 000,107,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2011/04/30 12:50:32 | 004,333,650 | R--- | M] () -- C:\Users\Chris\Desktop\ComboFix.exe
[2011/04/30 12:39:36 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/30 11:36:53 | 000,000,680 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/29 21:06:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 21:06:54 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2011/04/29 20:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/29 19:31:02 | 238,836,168 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011/04/28 18:04:28 | 000,000,512 | ---- | M] () -- C:\Users\Chris\Desktop\MBR.dat
[2011/04/28 18:02:44 | 000,566,272 | ---- | M] (AVAST Software) -- C:\Users\Chris\Desktop\aswMBR.exe
[2011/04/25 23:23:26 | 000,001,207 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGG.rtf
[2011/04/25 09:18:29 | 000,002,316 | ---- | M] () -- C:\Users\Chris\AppData\Roaming\37E0.2D4
[2011/04/21 20:12:07 | 000,002,523 | ---- | M] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/21 19:22:37 | 000,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Local\{082ED083-878B-420D-A558-5A4D0560DC79}
[2011/04/19 23:16:01 | 001,544,204 | ---- | M] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:08:53 | 000,629,057 | ---- | M] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | M] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | M] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 21:30:14 | 000,089,422 | ---- | M] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/19 21:02:49 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\OTL.exe
[2011/04/19 20:18:11 | 000,387,584 | ---- | M] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:02:36 | 000,000,000 | ---- | M] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/18 19:24:12 | 000,016,968 | ---- | M] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/18 19:14:43 | 000,100,480 | ---- | M] (GMER) -- C:\fwtoqpod.sys
[2011/04/18 18:10:57 | 000,000,552 | ---- | M] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 20:56:36 | 000,000,965 | ---- | M] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | M] () -- C:\Windows\wininit.ini
[2011/04/17 20:31:46 | 001,137,360 | ---- | M] (F-Secure Corporation) -- C:\Users\Chris\Desktop\fsbl.exe
[2011/04/17 19:58:45 | 000,190,032 | ---- | M] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2011/04/17 19:49:28 | 000,056,400 | ---- | M] (trend_company_name) -- C:\Windows\System32\drivers\tmrkb.sys
[2011/04/17 18:02:53 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2011/04/17 17:56:48 | 006,449,984 | ---- | M] (SurfRight B.V.) -- C:\Users\Chris\Desktop\HitmanPro35.exe
[2011/04/17 16:02:13 | 000,001,805 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:26:17 | 000,008,798 | ---- | M] () -- C:\Windows\System32\icrav03.rat
[2011/04/16 15:26:17 | 000,001,988 | ---- | M] () -- C:\Windows\System32\ticrf.rat
[2011/04/16 15:25:58 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:25:48 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Users\Chris\Desktop\TFC.exe
[2011/04/16 09:34:37 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2011/04/16 09:34:37 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011/04/16 09:00:12 | 001,263,721 | ---- | M] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/10 23:38:26 | 000,025,088 | ---- | M] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/08 06:14:00 | 000,057,960 | ---- | M] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2011/04/08 06:14:00 | 000,004,755 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2011/04/05 20:00:54 | 000,000,911 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2 C:\Users\Chris\AppData\Local\*.tmp files -> C:\Users\Chris\AppData\Local\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/30 12:50:03 | 004,333,650 | R--- | C] () -- C:\Users\Chris\Desktop\ComboFix.exe
[2011/04/29 21:10:47 | 268,435,456 | -HS- | C] () -- C:\Windows\System32\temppf.sys
[2011/04/29 08:11:07 | 000,001,667 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2011/04/28 18:04:28 | 000,000,512 | ---- | C] () -- C:\Users\Chris\Desktop\MBR.dat
[2011/04/28 18:03:42 | 000,301,568 | ---- | C] () -- C:\Users\Chris\Desktop\gmer.exe
[2011/04/25 09:14:46 | 000,002,316 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\37E0.2D4
[2011/04/22 09:45:08 | 238,836,168 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011/04/21 19:22:37 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{082ED083-878B-420D-A558-5A4D0560DC79}
[2011/04/19 23:16:01 | 001,544,204 | ---- | C] () -- C:\Users\Chris\Desktop\ProcessExplorer.zip
[2011/04/19 23:08:53 | 000,629,057 | ---- | C] () -- C:\Users\Chris\Desktop\RkU3.8.388.590.rar
[2011/04/19 22:48:16 | 000,147,456 | ---- | C] () -- C:\Users\Chris\Desktop\catchme.exe
[2011/04/19 22:47:57 | 000,089,088 | ---- | C] () -- C:\Users\Chris\Desktop\mbr.exe
[2011/04/19 20:18:11 | 000,387,584 | ---- | C] () -- C:\Users\Chris\Desktop\rescue2usb.exe
[2011/04/19 20:02:08 | 000,000,000 | ---- | C] () -- C:\Users\Chris\AppData\Local\{35E258CB-1735-45A6-89A0-1F6CFD23EB25}
[2011/04/18 18:10:57 | 000,000,552 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d8caps.dat
[2011/04/17 22:22:33 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2011/04/17 22:22:33 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2011/04/17 22:22:33 | 000,089,088 | ---- | C] () -- C:\Windows\MBR.exe
[2011/04/17 22:22:33 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2011/04/17 22:22:33 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2011/04/17 20:56:36 | 000,000,965 | ---- | C] () -- C:\Users\Public\Desktop\Tizer™ Rootkit Razor.lnk
[2011/04/17 20:51:38 | 000,000,050 | ---- | C] () -- C:\Windows\wininit.ini
[2011/04/17 18:56:51 | 000,089,422 | ---- | C] () -- C:\Users\Chris\Documents\GGGGGGGGGGG.ods
[2011/04/17 18:41:44 | 000,002,523 | ---- | C] () -- C:\Users\Chris\Desktop\HiJackThis.lnk
[2011/04/17 17:57:30 | 000,016,968 | ---- | C] () -- C:\Windows\System32\drivers\hitmanpro35.sys
[2011/04/17 16:02:13 | 000,001,805 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/04/16 15:25:58 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf
[2011/04/16 12:09:33 | 000,000,680 | ---- | C] () -- C:\Users\Chris\AppData\Local\d3d9caps.dat
[2011/04/16 09:00:00 | 001,263,721 | ---- | C] () -- C:\Users\Chris\Desktop\tdsskiller.zip
[2011/04/05 20:00:54 | 000,000,911 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/05 19:38:34 | 000,000,809 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011/02/07 21:56:28 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2011/02/07 20:43:58 | 000,000,665 | ---- | C] () -- C:\Windows\eReg.dat
[2010/10/19 08:38:43 | 000,246,784 | ---- | C] () -- C:\Windows\System32\sqlite3.dll
[2010/07/09 20:04:40 | 000,041,872 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2009/11/10 23:13:54 | 000,139,152 | ---- | C] () -- C:\Users\Chris\AppData\Roaming\PnkBstrK.sys
[2009/11/10 23:13:54 | 000,137,544 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009/11/10 23:13:36 | 000,189,480 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2009/11/10 23:13:32 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2009/11/10 23:13:31 | 000,794,408 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2009/10/08 17:38:44 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/10/08 17:38:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2009/10/08 17:38:11 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2009/09/05 11:32:58 | 000,000,292 | ---- | C] () -- C:\Windows\vtmb.ini
[2009/08/03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2009/08/03 15:07:42 | 000,230,768 | ---- | C] () -- C:\Windows\System32\OGAEXEC.exe
[2009/07/20 18:01:17 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2009/07/03 16:50:48 | 000,002,560 | ---- | C] () -- C:\Windows\_MSRSTRT.EXE
[2009/04/10 11:26:55 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2009/03/18 19:47:04 | 000,000,000 | ---- | C] () -- C:\Windows\MSDraw.ini
[2009/03/07 19:45:54 | 000,000,248 | ---- | C] () -- C:\Windows\RomeTW.ini
[2009/03/05 21:30:02 | 003,423,744 | ---- | C] () -- C:\Windows\System32\libfilefmt-1.1.0.dll
[2009/03/05 21:30:02 | 000,020,480 | ---- | C] () -- C:\Windows\System32\libavi-dd-1.2.0.dll
[2008/11/03 19:15:09 | 000,000,025 | ---- | C] () -- C:\Windows\CDE DX8400DEFGIPS.ini
[2008/11/03 19:04:29 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2008/11/03 19:04:29 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2008/11/03 19:04:29 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2008/11/03 19:04:29 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2008/11/03 19:04:29 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2008/11/03 19:04:29 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2008/11/03 19:04:29 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2008/11/03 19:04:29 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2008/11/03 19:04:29 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2008/11/03 19:04:29 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2008/11/03 19:04:29 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2008/11/03 19:04:29 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2008/11/03 19:04:29 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2008/11/03 19:04:29 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2008/11/03 19:04:29 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2008/11/03 19:04:29 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2008/11/03 19:04:29 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2008/10/15 22:10:17 | 000,000,080 | RHS- | C] () -- C:\Windows\System32\C2912C281D.dll
[2008/10/07 10:13:22 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008/10/07 10:13:20 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008/08/05 17:18:30 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2008/07/08 15:34:42 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2008/06/16 16:59:32 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2008/06/16 16:59:32 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2008/05/14 23:44:30 | 000,000,911 | ---- | C] () -- C:\Windows\STA2.ini
[2008/04/26 08:17:56 | 000,765,952 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2008/04/26 08:17:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2008/04/11 10:20:20 | 000,025,088 | ---- | C] () -- C:\Users\Chris\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/07 10:35:52 | 000,229,376 | ---- | C] () -- C:\Windows\System32\CPGameLauncher.exe
[2007/04/17 15:34:40 | 000,135,716 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2006/11/02 13:57:28 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 13:47:37 | 000,392,808 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 11:33:01 | 000,607,600 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 11:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 11:33:01 | 000,107,478 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 11:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 11:25:21 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/02 11:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 09:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 09:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 08:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/09/19 09:07:28 | 000,827,392 | ---- | C] () -- C:\Windows\vsnpstd3.exe
[2004/02/27 16:36:18 | 000,015,498 | ---- | C] () -- C:\Windows\snpstd3.ini
[1996/02/23 22:34:48 | 000,014,629 | ---- | C] () -- C:\Windows\System32\Declw.dll
[1996/02/22 20:09:20 | 000,032,256 | ---- | C] () -- C:\Windows\System32\Decln.dll

========== LOP Check ==========

[2011/03/20 18:35:25 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\FrostWire
[2008/11/22 17:40:28 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\LimeWire
[2010/06/16 18:16:04 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\Template
[2010/02/18 21:10:04 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\Trusteer
[2011/01/20 19:29:42 | 000,000,000 | ---D | M] -- C:\Users\Carolanne\AppData\Roaming\uTorrent
[2011/04/17 18:02:53 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\Acreon
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\CrystalApp
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DAEMON Tools
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\DNA
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FreeAudioPack
[2011/04/07 19:02:54 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FrostWire
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\FVDIEPlugin
[2011/04/05 19:18:51 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\GetRightToGo
[2011/04/29 19:20:18 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\ImgBurn
[2011/04/05 19:18:52 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\PlaneShift
[2011/04/29 09:17:07 | 000,000,000 | ---D | M] -- C:\Users\Chris\AppData\Roaming\uTorrent
[2011/04/29 21:06:54 | 000,032,580 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 498 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:430C6D84
@Alternate Data Stream - 120 bytes -> C:\ProgramData\TEMP:CE2C623F
@Alternate Data Stream - 109 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >
  • 0

#52
Essexboy
Posted 30 April 2011 - 07:50 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
I think I will have to ask the techs about this one - as you should be able to change the virtual memory - have you tried it form both normal and safe modes ?
  • 0

#53
Horaldo
Posted 30 April 2011 - 07:57 AM

Horaldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
I've only tried it in safe mode as I'm blue screening fairly early in normal mode.

Not sure what it's due to, but my internet connection is at a cross (as if the device is not there). I'm still being greeted with system properties upon logging in anywhere. I've blue screened in normal mode doing nothing, going into Networking to fix connection and also trying to open firefox! So I think it's probably just blue screening anyway, no matter what I try to access.

I take it it's normal when changing the virtual memory for the dialogue box to come up with

"Another file exists with the file name "c/pagefile.sys". Do you wish to overwrite the existing file with a page file?"

I've been selecting yes.

Edited by Horaldo, 30 April 2011 - 07:57 AM.

  • 0

#54
Essexboy
Posted 30 April 2011 - 07:59 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That is correct - when in normal mode can you set the virtual memory within the system properties box before you do anything else

If not we may be looking at doing a reinstall
  • 0

#55
Horaldo
Posted 30 April 2011 - 08:33 AM

Horaldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Tried it 3 times with normal and twice with safe mode. I quickly changed it in normal mode fine, then went to shut down, but it would always blue screen me on the shut down. I do not get the blue screen in safe mode, however it reverts back!
  • 0

Advertisements

#56
Essexboy
Posted 30 April 2011 - 09:21 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK a couple of replies from the techs - so lets try them and see if they help

1. Can he try turning it off completely and restarting, does it stay off there as well?

2. After this get him to set a manual, with minimum and maximum both the same values - double the RAM (in your case 4096 in both boxes). This is my rule of thumb. A fixed size means no fragmenting can occur. Double the RAM means plenty enough space to do what it needs to do. I have no other proof than this is what I always set every computer on that I fix and they all seem to run good.

3. What drive are you putting the swap file on - it should be C
  • 0

#57
Horaldo
Posted 30 April 2011 - 09:28 AM

Horaldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Thank God there are more things to try!

A few dumb questions.

1. Can he try turning it off completely and restarting, does it stay off there as well?

Is this in reference to turning off the computer?

3. What drive are you putting the swap file on - it should be C

What is the swap file?
  • 0

#58
Essexboy
Posted 30 April 2011 - 09:35 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yes completely turn off the computer wait a few minutes and then restart it

OK if you need to ask about the drive then it should be in the correct place (this is just another name for the virtual memory )
  • 0

#59
Horaldo
Posted 30 April 2011 - 09:54 AM

Horaldo

    Member

  • Topic Starter
  • Member
  • PipPip
  • 43 posts
Right. In Safe Mode with Networking I changed the two values to 4096 and then shut down and left for 5 minutes. I then started in Safe Mode with Networking, but was greeted with the system properties dialogue box again, and the virtual memory is now back to 256 MB.
  • 0

#60
Essexboy
Posted 30 April 2011 - 10:02 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK back to the drawing board and have a chat with the techs
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP