Department of Justice Virus

[mgmg74a1]

I have attached the FRST.txt and Result.txt files. Looking for some help with next step.

 

[TwinHeadedEagle]

Hi, I don't see FRST.txt attached. If you're unsure how to attach it, just copy it's content here...

 

[mgmg74a1]

Hi, I don't see FRST.txt attached. If you're unsure how to attach it, just copy it's content here...

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by SYSTEM on REATOGO on 28-10-2013 23:01:27
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-01-11] (ATI Technologies, Inc.)
HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2004-04-26] (CyberLink Corp.)
HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [122939 2004-08-13] (Sonic Solutions)
HKLM\...\Run: [UpdateManager] - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [110592 2004-01-07] (Sonic Solutions)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [155648 2004-09-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [48752 2005-06-02] (Symantec Corporation)
HKLM\...\Run: [vptray] - C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe [85696 2005-06-23] (Symantec Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [77824 2005-08-16] (Apple Computer, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-08] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3578272 2011-10-05] (Safer-Networking Ltd.)
HKLM\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3025304 2011-10-05] (Safer-Networking Ltd.)
HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel(R) Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel(R) Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [DisplaySwitch] - C:\Documents and Settings\Administrator\Templates\sysdrivwin.exe [120320 2013-10-21] ()
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
Winlogon\Notify\wungche: C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll ()
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\Administrator\...\Run: [wungche] - rundll32 "C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll",wungche <===== ATTENTION
HKU\Administrator\...\Run: [Google Update] - [x]
HKU\Administrator\...\Run: [enlatig] - regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\enlatig.dat" <===== ATTENTION
HKU\Administrator\...\Run: [ykhtbzy] - regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\ykhtbzy.dat" <===== ATTENTION
HKU\CPrahl\...\Run: [SpeedswitchXP] - C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
HKU\CPrahl\...\Policies\system: [HideLegacyLogonScripts] 1
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
BootExecute: autocheck autochk * sdnclean.exe

========================== Services (Whitelisted) =================

S2 BAsfIpM; C:\WINDOWS\system32\basfipm.exe [77824 2004-04-01] (Broadcom Corp.)
S2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [185968 2005-06-02] (Symantec Corporation)
S2 ccProxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [239216 2005-06-02] (Symantec Corporation)
S3 ccPwdSvc; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [83568 2005-06-02] (Symantec Corporation)
S2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [161392 2005-06-02] (Symantec Corporation)
S2 DefWatch; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [19648 2005-06-23] (Symantec Corporation)
S2 ISSVC; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [79488 2005-06-23] (Symantec Corporation)
S2 NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [356352 2005-03-03] (Dell Inc.)
S2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.)
S2 Rpcnet; C:\Windows\SYSTEM32\Rpcnet.exe [58288 2012-10-19] (Absolute Software Corp.)
S2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel(R) Corporation)
S2 SavRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [124608 2005-06-23] (symantec)
S2 SDHookService; C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe [130976 2011-10-05] (Safer-Networking Ltd.)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [892336 2011-10-05] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [955816 2011-10-05] (Safer-Networking Ltd.)
S2 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206552 2005-04-22] (Symantec Corporation)
S3 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [992864 2005-03-30] (Symantec Corporation)
S2 Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [1715904 2005-06-23] (Symantec Corporation)
S2 SymSecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [198272 2005-06-23] (Symantec Corporation)
S2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel(R) Corporation)
S2 JavaQuickStarterService; "C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe" -service -config "C:\Program Files\Oracle\JavaFX 2.1 Runtime\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S3 Appdrv; C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys [16128 2004-06-30] (Dell Inc)
S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [156160 2006-05-10] (Broadcom Corporation)
S2 BASFND; C:\WINDOWS\system32\Drivers\BASFND.sys [6025 2003-04-24] (Broadcom Corporation)
S2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2004-08-13] (Sonic Solutions)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-11-10] (Symantec Corporation)
S3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [80384 2004-05-03] (Texas Instruments)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-10-21] ()
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-02-26] (HP)
S3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [200064 2004-06-17] (Conexant Systems, Inc.)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
S3 NAVENG; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120131.003\naveng.sys [86136 2011-12-14] (Symantec Corporation)
S3 NAVEX15; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120131.003\navex15.sys [1576312 2011-12-14] (Symantec Corporation)
S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16068 2000-10-15] (Printing Communications Assoc., Inc. (PCAUSA))
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
S1 SAVRT; C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys [324232 2005-02-04] (Symantec Corporation)
S1 SAVRTPEL; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys [53896 2005-02-04] (Symantec Corporation)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [372832 2005-03-30] (Symantec Corporation)
S1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
S1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
S3 STAC97; C:\Windows\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
S3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [11512 2005-04-22] (Symantec Corporation)
S3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [123488 2005-05-13] (Symantec Corporation)
S3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [173208 2005-04-22] (Symantec Corporation)
S3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [36984 2005-04-22] (Symantec Corporation)
S3 SYMIDSCO; C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20120126.001\symidsco.sys [270712 2010-09-15] (Symantec Corporation)
S3 SYMNDIS; C:\Windows\System32\Drivers\SYMNDIS.SYS [47192 2005-04-22] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [17976 2005-04-22] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [267192 2005-04-22] (Symantec Corporation)
S2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25723 2004-08-13] (Sonic Solutions)
S2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-08-13] (Sonic Solutions)
S2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-08-13] (Sonic Solutions)
S2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-08-13] (Sonic Solutions)
S2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86202 2004-08-13] (Sonic Solutions)
S2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [14715 2004-08-13] (Sonic Solutions)
S2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-08-13] (Sonic Solutions)
S2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-08-13] (Sonic Solutions)
S2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-08-13] (Sonic Solutions)
S1 vmm; C:\WINDOWS\system32\drivers\vmm.sys [147040 2003-10-22] (Microsoft Corporation)
S3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation)
S3 ATICDSDr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ATICDSDr.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 IntelIde; No ImagePath
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [x]
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; system32\drivers\UIUSys.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-28 23:01 - 2013-10-28 23:01 - 00000000 ____D C:\FRST
2013-10-28 17:22 - 2013-10-28 17:22 - 00000072 ____S C:\Kickstarter.exe
2013-10-28 15:18 - 2013-10-28 17:46 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-21 18:00 - 2013-10-21 18:00 - 00030976 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2013-10-21 18:00 - 2013-10-21 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-21 11:27 - 2013-10-21 11:27 - 00212992 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\ykhtbzy.dat
2013-10-21 11:27 - 2013-10-21 11:27 - 00212992 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\enlatig.dat
2013-10-21 11:27 - 2013-10-21 11:27 - 00023552 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll
2013-10-18 18:32 - 2013-10-18 18:32 - 12431360 _____ C:\Documents and Settings\Administrator\My Documents\Meineke Car Care Center of Seabrook NH (Backup Oct 18,2013 06 31 PM).QBB
2013-10-11 12:50 - 2013-10-11 12:50 - 00043008 _____ C:\Documents and Settings\Administrator\My Documents\Immunogen Stock Option.xls
2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$
2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$
2013-10-09 03:23 - 2013-10-09 03:24 - 00031299 _____ C:\Windows\KB2862335.log
2013-10-09 03:12 - 2013-10-09 03:12 - 00031662 _____ C:\Windows\KB2868038.log
2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2868038$
2013-10-09 03:10 - 2013-10-09 03:11 - 00032130 _____ C:\Windows\KB2879017-IE8.log
2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2883150$
2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$
2013-10-09 00:28 - 2013-10-09 03:24 - 00053202 _____ C:\Windows\KB2847311.log
2013-10-09 00:27 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbport.sys
2013-10-09 00:27 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbport.sys
2013-10-09 00:27 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys
2013-10-09 00:27 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irbus.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irbus.sys
2013-10-09 00:27 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys
2013-10-09 00:27 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys
2013-10-09 00:27 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys
2013-10-09 00:27 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys

==================== One Month Modified Files and Folders =======

2013-10-28 23:01 - 2013-10-28 23:01 - 00000000 ____D C:\FRST
2013-10-28 21:12 - 2002-08-29 08:00 - 00002206 _____ C:\Windows\System32\wpa.dbl
2013-10-28 21:11 - 2007-01-19 15:50 - 00017408 _____ C:\Windows\System32\rpcnetp.dll
2013-10-28 21:11 - 2005-07-07 11:29 - 00058288 _____ (Absolute Software Corp.) C:\Windows\System32\Rpcnet.dll
2013-10-28 21:11 - 2005-02-28 11:26 - 00000159 _____ C:\Windows\wiadebug.log
2013-10-28 21:11 - 2005-02-28 11:26 - 00000050 _____ C:\Windows\wiaservc.log
2013-10-28 21:09 - 2005-07-07 14:17 - 00017408 _____ C:\Windows\System32\Rpcnetp.exe
2013-10-28 17:46 - 2013-10-28 15:18 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-28 17:22 - 2013-10-28 17:22 - 00000072 ____S C:\Kickstarter.exe
2013-10-23 03:00 - 2005-02-28 19:15 - 01897539 _____ C:\Windows\WindowsUpdate.log
2013-10-22 22:15 - 2012-11-30 00:17 - 00032576 _____ C:\Windows\SchedLgU.Txt
2013-10-22 21:08 - 2005-03-01 08:37 - 00000000 __SHD C:\Windows\CSC
2013-10-21 18:00 - 2013-10-21 18:00 - 00030976 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2013-10-21 18:00 - 2013-10-21 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-21 17:13 - 2012-12-10 18:32 - 00218310 _____ C:\Windows\setupapi.log
2013-10-21 11:27 - 2013-10-21 11:27 - 00212992 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\ykhtbzy.dat
2013-10-21 11:27 - 2013-10-21 11:27 - 00212992 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\enlatig.dat
2013-10-21 11:27 - 2013-10-21 11:27 - 00023552 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll
2013-10-21 11:27 - 2013-09-17 14:19 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-10-21 11:27 - 2005-11-04 10:08 - 00000000 ____D C:\Program Files\Google
2013-10-21 11:20 - 2012-10-24 18:12 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Recipes
2013-10-20 20:11 - 2012-11-30 17:46 - 00000071 __RSH C:\Documents and Settings\All Users\Application Data\3002.xml
2013-10-18 18:32 - 2013-10-18 18:32 - 12431360 _____ C:\Documents and Settings\Administrator\My Documents\Meineke Car Care Center of Seabrook NH (Backup Oct 18,2013 06 31 PM).QBB
2013-10-16 12:16 - 2011-01-03 23:43 - 00000000 ____D C:\Meineke
2013-10-15 16:00 - 2011-03-24 11:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-14 03:04 - 2011-01-27 23:22 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-11 12:50 - 2013-10-11 12:50 - 00043008 _____ C:\Documents and Settings\Administrator\My Documents\Immunogen Stock Option.xls
2013-10-09 11:15 - 2012-08-30 08:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-10-09 11:15 - 2012-02-21 17:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-10-09 03:49 - 2005-02-28 11:23 - 00231984 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-09 03:48 - 2013-06-20 13:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-09 03:46 - 2005-02-28 19:23 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-10-09 03:28 - 2005-02-28 11:24 - 00589046 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$
2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$
2013-10-09 03:24 - 2013-10-09 03:23 - 00031299 _____ C:\Windows\KB2862335.log
2013-10-09 03:24 - 2013-10-09 00:28 - 00053202 _____ C:\Windows\KB2847311.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00323335 _____ C:\Windows\iis6.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00302961 _____ C:\Windows\FaxSetup.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00144844 _____ C:\Windows\ocgen.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00138230 _____ C:\Windows\tsoc.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00099944 _____ C:\Windows\comsetup.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00091158 _____ C:\Windows\msmqinst.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00060601 _____ C:\Windows\ntdtcsetup.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00053067 _____ C:\Windows\netfxocm.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00045857 _____ C:\Windows\updspapi.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00020825 _____ C:\Windows\MedCtrOC.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00016758 _____ C:\Windows\ocmsn.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00015239 _____ C:\Windows\tabletoc.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00015141 _____ C:\Windows\msgsocm.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00001374 _____ C:\Windows\imsins.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00001374 _____ C:\Windows\imsins.BAK
2013-10-09 03:19 - 2013-08-14 03:21 - 00000000 ____D C:\Windows\System32\MRT
2013-10-09 03:12 - 2013-10-09 03:12 - 00031662 _____ C:\Windows\KB2868038.log
2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2868038$
2013-10-09 03:12 - 2005-05-19 15:36 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-09 03:11 - 2013-10-09 03:10 - 00032130 _____ C:\Windows\KB2879017-IE8.log
2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2883150$
2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Files to move or delete:
====================
ZeroAccess:
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install
ZeroAccess:
C:\Program Files\Google\Desktop\Install


Some content of TEMP:
====================
C:\Documents and Settings\Administrator\Local Settings\Temp\dotnetfx.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nitro_pro8.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\vcredist_x86.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-10-22 21:27 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP603

RP: -> 2013-10-21 09:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP602

RP: -> 2013-10-20 08:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP601

RP: -> 2013-10-19 07:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP600

RP: -> 2013-10-18 06:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP599

RP: -> 2013-10-17 05:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP598

RP: -> 2013-10-16 04:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP597

RP: -> 2013-10-15 03:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP596

RP: -> 2013-10-14 03:00 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP595

RP: -> 2013-10-13 06:15 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP594

RP: -> 2013-10-12 05:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP593

RP: -> 2013-10-11 04:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP592

RP: -> 2013-10-10 03:53 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP591

RP: -> 2013-10-09 03:00 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP590

RP: -> 2013-10-09 02:18 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP589

RP: -> 2013-10-08 02:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP588

RP: -> 2013-10-07 01:25 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP587

RP: -> 2013-10-06 00:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP586

RP: -> 2013-10-04 23:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP585

RP: -> 2013-10-03 22:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP584

RP: -> 2013-10-02 21:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP583

RP: -> 2013-10-01 20:19 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP582

RP: -> 2013-09-30 20:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP581

RP: -> 2013-09-29 19:19 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP580

RP: -> 2013-09-28 19:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP579

RP: -> 2013-09-27 18:29 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP578

RP: -> 2013-09-26 18:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP577

RP: -> 2013-09-25 17:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP576

RP: -> 2013-09-24 16:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP575

RP: -> 2013-09-23 15:18 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP574

RP: -> 2013-09-22 14:51 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP573

RP: -> 2013-09-21 14:41 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP572

RP: -> 2013-09-20 14:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP571

RP: -> 2013-09-19 13:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP570

RP: -> 2013-09-18 12:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP569

RP: -> 2013-09-17 11:19 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP568

RP: -> 2013-09-16 11:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP567

RP: -> 2013-09-15 10:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP566

RP: -> 2013-09-14 09:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP565

RP: -> 2013-09-13 01:41 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP564

RP: -> 2013-09-12 00:29 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP563

RP: -> 2013-09-11 00:08 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP562

RP: -> 2013-09-10 20:32 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP561

RP: -> 2013-09-09 11:09 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP560

RP: -> 2013-09-08 09:58 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP559

RP: -> 2013-09-07 09:47 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP558

RP: -> 2013-09-06 07:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP557

RP: -> 2013-09-05 06:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP556

RP: -> 2013-09-04 05:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP555

RP: -> 2013-09-03 04:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP554

RP: -> 2013-09-02 03:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP553

RP: -> 2013-09-01 02:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP552

RP: -> 2013-08-31 01:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP551


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 2047.36 MB
Available physical RAM: 1760.87 MB
Total Pagefile: 1878 MB
Available Pagefile: 1804.08 MB
Total Virtual: 2047.88 MB
Available Virtual: 1993.16 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:55.88 GB) (Free:21.34 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HITMANPRO) (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 56 GB) (Disk ID: B4D8B4D8)
Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 966 MB) (Disk ID: 320327BE)
Partition 1: (Active) - (Size=965 MB) - (Type=0B)

==================== End Of Log ======

 

[TwinHeadedEagle]

On your clean PC, download the following file by right-clicking it and select save as

[attachment=6071]

and save it onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Attempt to boot normally.

 

[mgmg74a1]

On your clean PC, download the following file by right-clicking it and select save as



and save it onto your flash drive.

Then, boot to system recovery, plug in your flash drive, open FRST and click fix. Post the generated log.

Attempt to boot normally.

When you say boot to system recovery how do I do that in windows xp?

 

[mgmg74a1]

I'm not sure how to boot to system recovery in windows XP can you help?

 

[mgmg74a1]

Here is the log that was generated.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-10-2013
Ran by SYSTEM at 2013-10-29 23:20:19 Run:1
Running from D:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKU\Administrator\...\Run: [wungche] - rundll32 "C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll",wungche <===== ATTENTION
C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll
HKU\Administrator\...\Run: [enlatig] - regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\enlatig.dat" <===== ATTENTION
HKU\Administrator\...\Run: [ykhtbzy] - regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\ykhtbzy.dat" <===== ATTENTION
C:\Documents and Settings\All Users\Application Data\enlatig.dat
C:\Documents and Settings\All Users\Application Data\ykhtbzy.dat
C:\Documents and Settings\All Users\Application Data\*.dat
C:\Windows\assembly\GAC\Desktop.ini
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install
C:\Program Files\Google\Desktop\Install
HKU\Administrator\...\Run: [Google Update] - [x]
C:\Documents and Settings\Administrator\Local Settings\Temp
cmd: ipconfig /flushdns
*****************

HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\wungche => Value deleted successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll => Moved successfully.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\enlatig => Value deleted successfully.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\ykhtbzy => Value deleted successfully.
C:\Documents and Settings\All Users\Application Data\enlatig.dat => Moved successfully.
C:\Documents and Settings\All Users\Application Data\ykhtbzy.dat => Moved successfully.
"C:\Documents and Settings\All Users\Application Data\*.dat" => File/Directory not found.
C:\Windows\assembly\GAC\Desktop.ini => Moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install => Moved successfully.
C:\Program Files\Google\Desktop\Install => Moved successfully.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value not found.
C:\Documents and Settings\Administrator\Local Settings\Temp => Moved successfully.

========= ipconfig /flushdns =========



Windows IP Configuration



Could not flush the DNS Resolver Cache: Function failed during execution.




========= End of CMD: =========


==== End of Fixlog ====

 

[mgmg74a1]

I tried rebooting and the virus is still there

 

[TwinHeadedEagle]

Re-run FRST and post me the fresh scan...

 

[mgmg74a1]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by SYSTEM on REATOGO on 30-10-2013 11:20:17
Running from D:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet003
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-01-11] (ATI Technologies, Inc.)
HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2004-04-26] (CyberLink Corp.)
HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [122939 2004-08-13] (Sonic Solutions)
HKLM\...\Run: [UpdateManager] - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [110592 2004-01-07] (Sonic Solutions)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [155648 2004-09-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [48752 2005-06-02] (Symantec Corporation)
HKLM\...\Run: [vptray] - C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe [85696 2005-06-23] (Symantec Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [77824 2005-08-16] (Apple Computer, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-08] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3578272 2011-10-05] (Safer-Networking Ltd.)
HKLM\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3025304 2011-10-05] (Safer-Networking Ltd.)
HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel(R) Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel(R) Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM\...\Run: [DisplaySwitch] - C:\Documents and Settings\Administrator\Templates\sysdrivwin.exe [120320 2013-10-21] ()
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
Winlogon\Notify\wungche: C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll [X]
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKU\Administrator\...\Run: [Google Update] - [x]
HKU\CPrahl\...\Run: [SpeedswitchXP] - C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
HKU\CPrahl\...\Policies\system: [HideLegacyLogonScripts] 1
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
BootExecute: autocheck autochk * sdnclean.exe

========================== Services (Whitelisted) =================

S2 BAsfIpM; C:\WINDOWS\system32\basfipm.exe [77824 2004-04-01] (Broadcom Corp.)
S2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [185968 2005-06-02] (Symantec Corporation)
S2 ccProxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [239216 2005-06-02] (Symantec Corporation)
S3 ccPwdSvc; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [83568 2005-06-02] (Symantec Corporation)
S2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [161392 2005-06-02] (Symantec Corporation)
S2 DefWatch; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [19648 2005-06-23] (Symantec Corporation)
S2 ISSVC; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [79488 2005-06-23] (Symantec Corporation)
S2 NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [356352 2005-03-03] (Dell Inc.)
S2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.)
S2 Rpcnet; C:\Windows\SYSTEM32\Rpcnet.exe [58288 2012-10-19] (Absolute Software Corp.)
S2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel(R) Corporation)
S2 SavRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [124608 2005-06-23] (symantec)
S2 SDHookService; C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe [130976 2011-10-05] (Safer-Networking Ltd.)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [892336 2011-10-05] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [955816 2011-10-05] (Safer-Networking Ltd.)
S2 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206552 2005-04-22] (Symantec Corporation)
S3 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [992864 2005-03-30] (Symantec Corporation)
S2 Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [1715904 2005-06-23] (Symantec Corporation)
S2 SymSecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [198272 2005-06-23] (Symantec Corporation)
S2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel(R) Corporation)
S2 JavaQuickStarterService; "C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe" -service -config "C:\Program Files\Oracle\JavaFX 2.1 Runtime\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S3 Appdrv; C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys [16128 2004-06-30] (Dell Inc)
S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [156160 2006-05-10] (Broadcom Corporation)
S2 BASFND; C:\WINDOWS\system32\Drivers\BASFND.sys [6025 2003-04-24] (Broadcom Corporation)
S2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2004-08-13] (Sonic Solutions)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-11-10] (Symantec Corporation)
S3 EraserUtilDrvI13; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys [106104 2011-12-14] (Symantec Corporation)
S3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [80384 2004-05-03] (Texas Instruments)
S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-10-21] ()
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-02-26] (HP)
S3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [200064 2004-06-17] (Conexant Systems, Inc.)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
S3 NAVENG; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120131.003\naveng.sys [86136 2011-12-14] (Symantec Corporation)
S3 NAVEX15; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120131.003\navex15.sys [1576312 2011-12-14] (Symantec Corporation)
S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16068 2000-10-15] (Printing Communications Assoc., Inc. (PCAUSA))
S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
S1 SAVRT; C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys [324232 2005-02-04] (Symantec Corporation)
S1 SAVRTPEL; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys [53896 2005-02-04] (Symantec Corporation)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [372832 2005-03-30] (Symantec Corporation)
S1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
S1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
S3 STAC97; C:\Windows\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
S3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [11512 2005-04-22] (Symantec Corporation)
S3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [123488 2005-05-13] (Symantec Corporation)
S3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [173208 2005-04-22] (Symantec Corporation)
S3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [36984 2005-04-22] (Symantec Corporation)
S3 SYMIDSCO; C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20120126.001\symidsco.sys [270712 2010-09-15] (Symantec Corporation)
S3 SYMNDIS; C:\Windows\System32\Drivers\SYMNDIS.SYS [47192 2005-04-22] (Symantec Corporation)
S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [17976 2005-04-22] (Symantec Corporation)
S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [267192 2005-04-22] (Symantec Corporation)
S2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25723 2004-08-13] (Sonic Solutions)
S2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-08-13] (Sonic Solutions)
S2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-08-13] (Sonic Solutions)
S2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-08-13] (Sonic Solutions)
S2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86202 2004-08-13] (Sonic Solutions)
S2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [14715 2004-08-13] (Sonic Solutions)
S2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-08-13] (Sonic Solutions)
S2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-08-13] (Sonic Solutions)
S2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-08-13] (Sonic Solutions)
S1 vmm; C:\WINDOWS\system32\drivers\vmm.sys [147040 2003-10-22] (Microsoft Corporation)
S3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation)
S3 ATICDSDr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ATICDSDr.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 IntelIde; No ImagePath
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [x]
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; system32\drivers\UIUSys.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-28 23:01 - 2013-10-28 23:01 - 00000000 ____D C:\FRST
2013-10-28 17:22 - 2013-10-28 17:22 - 00000072 ____S C:\Kickstarter.exe
2013-10-28 15:18 - 2013-10-28 17:46 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-21 18:00 - 2013-10-21 18:00 - 00030976 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2013-10-21 18:00 - 2013-10-21 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-18 18:32 - 2013-10-18 18:32 - 12431360 _____ C:\Documents and Settings\Administrator\My Documents\Meineke Car Care Center of Seabrook NH (Backup Oct 18,2013 06 31 PM).QBB
2013-10-11 12:50 - 2013-10-11 12:50 - 00043008 _____ C:\Documents and Settings\Administrator\My Documents\Immunogen Stock Option.xls
2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$
2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$
2013-10-09 03:23 - 2013-10-09 03:24 - 00031299 _____ C:\Windows\KB2862335.log
2013-10-09 03:12 - 2013-10-09 03:12 - 00031662 _____ C:\Windows\KB2868038.log
2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2868038$
2013-10-09 03:10 - 2013-10-09 03:11 - 00032130 _____ C:\Windows\KB2879017-IE8.log
2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2883150$
2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$
2013-10-09 00:28 - 2013-10-09 03:24 - 00053202 _____ C:\Windows\KB2847311.log
2013-10-09 00:27 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbport.sys
2013-10-09 00:27 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbport.sys
2013-10-09 00:27 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys
2013-10-09 00:27 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irbus.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irbus.sys
2013-10-09 00:27 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys
2013-10-09 00:27 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys
2013-10-09 00:27 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys
2013-10-09 00:27 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys

==================== One Month Modified Files and Folders =======

2013-10-29 23:27 - 2002-08-29 08:00 - 00002206 _____ C:\Windows\System32\wpa.dbl
2013-10-29 23:26 - 2007-01-19 15:50 - 00017408 _____ C:\Windows\System32\rpcnetp.dll
2013-10-29 23:26 - 2005-07-07 11:29 - 00058288 _____ (Absolute Software Corp.) C:\Windows\System32\Rpcnet.dll
2013-10-29 23:26 - 2005-02-28 11:26 - 00000159 _____ C:\Windows\wiadebug.log
2013-10-29 23:26 - 2005-02-28 11:26 - 00000050 _____ C:\Windows\wiaservc.log
2013-10-29 23:25 - 2005-03-01 08:37 - 00000000 __SHD C:\Windows\CSC
2013-10-29 23:24 - 2005-07-07 14:17 - 00017408 _____ C:\Windows\System32\Rpcnetp.exe
2013-10-28 23:01 - 2013-10-28 23:01 - 00000000 ____D C:\FRST
2013-10-28 17:46 - 2013-10-28 15:18 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-28 17:22 - 2013-10-28 17:22 - 00000072 ____S C:\Kickstarter.exe
2013-10-23 03:00 - 2005-02-28 19:15 - 01902294 _____ C:\Windows\WindowsUpdate.log
2013-10-22 22:15 - 2012-11-30 00:17 - 00032576 _____ C:\Windows\SchedLgU.Txt
2013-10-21 18:00 - 2013-10-21 18:00 - 00030976 _____ C:\Windows\System32\Drivers\hitmanpro37.sys
2013-10-21 18:00 - 2013-10-21 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-21 17:13 - 2012-12-10 18:32 - 00218310 _____ C:\Windows\setupapi.log
2013-10-21 11:27 - 2013-09-17 14:19 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-10-21 11:27 - 2005-11-04 10:08 - 00000000 ____D C:\Program Files\Google
2013-10-21 11:20 - 2012-10-24 18:12 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Recipes
2013-10-20 20:11 - 2012-11-30 17:46 - 00000071 __RSH C:\Documents and Settings\All Users\Application Data\3002.xml
2013-10-18 18:32 - 2013-10-18 18:32 - 12431360 _____ C:\Documents and Settings\Administrator\My Documents\Meineke Car Care Center of Seabrook NH (Backup Oct 18,2013 06 31 PM).QBB
2013-10-16 12:16 - 2011-01-03 23:43 - 00000000 ____D C:\Meineke
2013-10-15 16:00 - 2011-03-24 11:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-14 03:04 - 2011-01-27 23:22 - 00000000 ____D C:\Windows\Microsoft.NET
2013-10-11 12:50 - 2013-10-11 12:50 - 00043008 _____ C:\Documents and Settings\Administrator\My Documents\Immunogen Stock Option.xls
2013-10-09 11:15 - 2012-08-30 08:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-10-09 11:15 - 2012-02-21 17:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-10-09 03:49 - 2005-02-28 11:23 - 00231984 _____ C:\Windows\System32\FNTCACHE.DAT
2013-10-09 03:48 - 2013-06-20 13:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-09 03:46 - 2005-02-28 19:23 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-10-09 03:28 - 2005-02-28 11:24 - 00589046 _____ C:\Windows\System32\PerfStringBackup.INI
2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$
2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$
2013-10-09 03:24 - 2013-10-09 03:23 - 00031299 _____ C:\Windows\KB2862335.log
2013-10-09 03:24 - 2013-10-09 00:28 - 00053202 _____ C:\Windows\KB2847311.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00323335 _____ C:\Windows\iis6.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00302961 _____ C:\Windows\FaxSetup.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00144844 _____ C:\Windows\ocgen.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00138230 _____ C:\Windows\tsoc.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00099944 _____ C:\Windows\comsetup.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00091158 _____ C:\Windows\msmqinst.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00060601 _____ C:\Windows\ntdtcsetup.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00053067 _____ C:\Windows\netfxocm.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00045857 _____ C:\Windows\updspapi.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00020825 _____ C:\Windows\MedCtrOC.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00016758 _____ C:\Windows\ocmsn.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00015239 _____ C:\Windows\tabletoc.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00015141 _____ C:\Windows\msgsocm.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00001374 _____ C:\Windows\imsins.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00001374 _____ C:\Windows\imsins.BAK
2013-10-09 03:19 - 2013-08-14 03:21 - 00000000 ____D C:\Windows\System32\MRT
2013-10-09 03:12 - 2013-10-09 03:12 - 00031662 _____ C:\Windows\KB2868038.log
2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2868038$
2013-10-09 03:12 - 2005-05-19 15:36 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-10-09 03:11 - 2013-10-09 03:10 - 00032130 _____ C:\Windows\KB2879017-IE8.log
2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2883150$
2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$

==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points (XP) =====================

RP: -> 2013-10-22 21:27 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP603

RP: -> 2013-10-21 09:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP602

RP: -> 2013-10-20 08:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP601

RP: -> 2013-10-19 07:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP600

RP: -> 2013-10-18 06:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP599

RP: -> 2013-10-17 05:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP598

RP: -> 2013-10-16 04:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP597

RP: -> 2013-10-15 03:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP596

RP: -> 2013-10-14 03:00 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP595

RP: -> 2013-10-13 06:15 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP594

RP: -> 2013-10-12 05:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP593

RP: -> 2013-10-11 04:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP592

RP: -> 2013-10-10 03:53 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP591

RP: -> 2013-10-09 03:00 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP590

RP: -> 2013-10-09 02:18 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP589

RP: -> 2013-10-08 02:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP588

RP: -> 2013-10-07 01:25 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP587

RP: -> 2013-10-06 00:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP586

RP: -> 2013-10-04 23:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP585

RP: -> 2013-10-03 22:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP584

RP: -> 2013-10-02 21:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP583

RP: -> 2013-10-01 20:19 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP582

RP: -> 2013-09-30 20:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP581

RP: -> 2013-09-29 19:19 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP580

RP: -> 2013-09-28 19:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP579

RP: -> 2013-09-27 18:29 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP578

RP: -> 2013-09-26 18:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP577

RP: -> 2013-09-25 17:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP576

RP: -> 2013-09-24 16:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP575

RP: -> 2013-09-23 15:18 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP574

RP: -> 2013-09-22 14:51 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP573

RP: -> 2013-09-21 14:41 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP572

RP: -> 2013-09-20 14:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP571

RP: -> 2013-09-19 13:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP570

RP: -> 2013-09-18 12:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP569

RP: -> 2013-09-17 11:19 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP568

RP: -> 2013-09-16 11:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP567

RP: -> 2013-09-15 10:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP566

RP: -> 2013-09-14 09:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP565

RP: -> 2013-09-13 01:41 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP564

RP: -> 2013-09-12 00:29 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP563

RP: -> 2013-09-11 00:08 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP562

RP: -> 2013-09-10 20:32 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP561

RP: -> 2013-09-09 11:09 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP560

RP: -> 2013-09-08 09:58 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP559

RP: -> 2013-09-07 09:47 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP558

RP: -> 2013-09-06 07:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP557

RP: -> 2013-09-05 06:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP556

RP: -> 2013-09-04 05:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP555

RP: -> 2013-09-03 04:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP554

RP: -> 2013-09-02 03:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP553

RP: -> 2013-09-01 02:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP552

RP: -> 2013-08-31 01:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP551


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 2047.36 MB
Available physical RAM: 1761.55 MB
Total Pagefile: 1878 MB
Available Pagefile: 1801.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1994.16 MB

==================== Drives ================================

Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS
Drive c: () (Fixed) (Total:55.88 GB) (Free:21.48 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (HITMANPRO) (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT32
Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 56 GB) (Disk ID: B4D8B4D8)
Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 966 MB) (Disk ID: 320327BE)
Partition 1: (Active) - (Size=965 MB) - (Type=0B)

==================== End Of Log ============================

 

[TwinHeadedEagle]

Hi,

Download this fixlist.txt, and execute it

[attachment=6086]

Are you now able to boot normally?

 

[mgmg74a1]

Yes, it seems to be working. Thank You!!

 

[TwinHeadedEagle]

Ok, now post the fresh scan from normal Windows, just to see if there is some remnants left...

 

[mgmg74a1]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 28-10-2013
Ran by SYSTEM at 2013-10-30 16:04:31 Run:2
Running from D:\
Boot Mode: Recovery

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [DisplaySwitch] - C:\Documents and Settings\Administrator\Templates\sysdrivwin.exe [120320 2013-10-21] ()
C:\Documents and Settings\Administrator\Templates\sysdrivwin.exe
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION
HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION
Winlogon\Notify\wungche: C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll [X]
C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll
HKU\Administrator\...\Run: [Google Update] - [x]

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\DisplaySwitch => Value deleted successfully.
C:\Documents and Settings\Administrator\Templates\sysdrivwin.exe => Moved successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM => Group Policy Restriction on software restored successfully.
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wungche => Key deleted successfully.
"C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll" => File/Directory not found.
HKU\Administrator\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value not found.

==== End of Fixlog ====

 

[TwinHeadedEagle]

No, that is the Fixlog, press Scan, and post the fresh report...

 

[mgmg74a1]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by Administrator (administrator) on CPRAHLD610XP on 30-10-2013 16:19:39
Running from D:\
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Symantec Corporation) C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Broadcom Corp.) C:\WINDOWS\system32\basfipm.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Oracle Corporation) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Dell Inc.) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Absolute Software Corp.) C:\WINDOWS\SYSTEM32\Rpcnet.exe
(symantec) C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\internet explorer\iexplore.exe
() C:\Program Files\Freecorder 6\TbHelper2.exe
(Intuit Inc.) C:\Program Files\Quicken\qw.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-01-11] (ATI Technologies, Inc.)
HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2004-04-26] (CyberLink Corp.)
HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [122939 2004-08-13] (Sonic Solutions)
HKLM\...\Run: [UpdateManager] - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [110592 2004-01-07] (Sonic Solutions)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [155648 2004-09-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [48752 2005-06-02] (Symantec Corporation)
HKLM\...\Run: [vptray] - C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe [85696 2005-06-23] (Symantec Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [77824 2005-08-16] (Apple Computer, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-08] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3578272 2011-10-05] (Safer-Networking Ltd.)
HKLM\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3025304 2011-10-05] (Safer-Networking Ltd.)
HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel(R) Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel(R) Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Freecorder 6\tbhelper.dll ()
SearchScopes: HKLM - {0A0BF877-1BFB-4B1F-BB65-ACCA3A0D89F4} URL = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {19FDEA85-EAB3-4E11-810F-E92FAA89F5BC} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {1D9EE092-03F7-4B79-8775-2515BE150853} URL = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {2D20C484-D09F-45BE-94B1-FEC626F24A87} URL = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {4FABB07C-2440-45C3-9F40-549BF7DFD198} URL = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {62C7F791-E378-4268-A8A7-AD35B7A909CE} URL = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {FBC6B876-59D0-4EFD-B787-233A38FF25D2} URL = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c
SearchScopes: HKCU - DefaultScope {D817F51A-797C-40CB-A78C-BF38458DFC1D} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {04BE0E81-D39F-472F-855F-88EC39D5FC86} URL = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {19FDEA85-EAB3-4E11-810F-E92FAA89F5BC} URL =
SearchScopes: HKCU - {4AFFD502-BBD4-489B-9DDE-174FF446F6FD} URL = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c
SearchScopes: HKCU - {684368DD-98CE-4847-9D95-B09C32169682} URL = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {6AAF9ADD-0E77-4F9C-9B47-6427BC486F5D} URL = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=1FE9CA4001CCFA1E13F3B230&install_time=2012-03-04T15:49:38Z&src_id=30304&camp_id=3533&tb_version=1.1.3001.0(B)
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3131886
SearchScopes: HKCU - {D18B4302-7AAF-4AD7-81CB-EA477C65AAB3} URL = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {D817F51A-797C-40CB-A78C-BF38458DFC1D} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {EBA0BC1C-72A2-4B0C-989D-47CB45F1446C} URL = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {EF9D57BA-E979-4202-A136-73F1A40337AE} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=A3EA745B-1B20-4C57-A243-B527E000673F&apn_sauid=F8D53695-1979-4292-9D79-D722470F1F8C
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: No Name - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: TBSB00808 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Freecorder 6\tbcore3.dll ()
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Freecorder 6 - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files\Freecorder 6\tbcore3.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Freecorder 6 - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files\Freecorder 6\tbcore3.dll ()
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab
DPF: {0FDE699D-DB36-11D3-9F88-0050046F7885} http://wfcdemo/admin/Download/selfBenefitEventPages.CAB
DPF: {1627BB68-415A-4329-A3A6-7C0B8D850F07} http://wfcdemo/admin/Download/PITSaveOptions.CAB
DPF: {1A757344-ABCF-11D2-9018-006008B02CCA} http://wfcdemo/admin/Download/SystemSettings.CAB
DPF: {2452EE65-F378-4202-AFCA-075D150A6C90} http://wfcdemo/admin/Download/ActionsEditor.CAB
DPF: {2D6F995F-ABD2-11D2-9018-006008B02CCA} http://wfcdemo/admin/Download/MenuTreeX.CAB
DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} http://download.infotriever.com/bin/ifhelper.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {5C62BA7F-2EC1-11D1-BE6B-00600831F894} http://aschmidt/admin/download/SVRREG.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120569570659
DPF: {681DE5FC-ABDC-11D2-9018-006008B02CCA} http://wfcdemo/admin/Download/Security.cab
DPF: {6F745ACF-CDB4-11D2-91D0-00600831F990} http://wfcdemo/admin/Download/HrPersonal.CAB
DPF: {7417038B-747A-11D4-9FB5-0050046F7885} http://wfcdemo/admin/Download/selfProfileSettings.CAB
DPF: {7c2c94f0-7991-42b4-8d5f-4cb15b490657}
DPF: {85FA5E07-AA7E-11D2-9B53-00600831F0E4} http://wfcdemo/admin/Download/HRMSCONTROLS111.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {b13d8b3e-04a8-406f-bd35-07530d4a62dc} http://testapp.kronos.com:8002/jinitiator/oajinit.exe
DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} http://kronosnow.kronos.com/main/Install/en/US/CentraDownloader.cab
DPF: {B3F8F451-788A-11D0-89D9-00A0C90C9B67} http://wfcdemo/admin/Download/mcsitree.cab
DPF: {BE87196E-AA7C-11D2-9B53-00600831F0E4} http://aschmidt/admin/Download/Support.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {C253F5F2-A4D0-11D2-9B53-00600831F0E4} http://wfcdemo/admin/Download/HRMSErrMessage.CAB
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://wtk-web/WFC/plugins/j2re-1_3_1_02-win.exe
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://time.kronos.com/wfcstatic/plugins/j2re-1_4_2_06-windows-i586-p.exe
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://time.kronos.com/wfcstatic/plugins/jre-1_5_0_01-windows-i586-p.exe
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 19 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 20 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 21 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 22 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\user.js
FF DefaultSearchEngine: Vgrabber1 Customized Web Search
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: ALOT Search
FF Homepage: hxxp://search.conduit.com/?CUI=UN15273160788479323&ctid=CT3131886&SearchSource=13
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3131886&SearchSource=2&CUI=UN15273160788479323&UM=false&q=
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\searchplugins\alot-search.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\searchplugins\conduit.xml
FF Extension: ALOT Appbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\Extensions\appbar@alot.com
FF Extension: Freecorder 6 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\Extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}
FF Extension: Vgrabber1 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\Extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

========================== Services (Whitelisted) =================

R2 BAsfIpM; C:\WINDOWS\system32\basfipm.exe [77824 2004-04-01] (Broadcom Corp.)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [185968 2005-06-02] (Symantec Corporation)
R2 ccProxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [239216 2005-06-02] (Symantec Corporation)
S3 ccPwdSvc; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [83568 2005-06-02] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [161392 2005-06-02] (Symantec Corporation)
R2 DefWatch; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [19648 2005-06-23] (Symantec Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-10-30] (SurfRight B.V.)
R2 ISSVC; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [79488 2005-06-23] (Symantec Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [356352 2005-03-03] (Dell Inc.)
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.)
R2 Rpcnet; C:\Windows\SYSTEM32\Rpcnet.exe [58288 2012-10-19] (Absolute Software Corp.)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel(R) Corporation)
R2 SavRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [124608 2005-06-23] (symantec)
R2 SDHookService; C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe [130976 2011-10-05] (Safer-Networking Ltd.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [892336 2011-10-05] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [955816 2011-10-05] (Safer-Networking Ltd.)
R2 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206552 2005-04-22] (Symantec Corporation)
S3 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [992864 2005-03-30] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [1715904 2005-06-23] (Symantec Corporation)
R2 SymSecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [198272 2005-06-23] (Symantec Corporation)
R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel(R) Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe" -service -config "C:\Program Files\Oracle\JavaFX 2.1 Runtime\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R3 Appdrv; C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys [16128 2004-06-30] (Dell Inc)
R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [156160 2006-05-10] (Broadcom Corporation)
R2 BASFND; C:\WINDOWS\system32\Drivers\BASFND.sys [6025 2003-04-24] (Broadcom Corporation)
R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2004-08-13] (Sonic Solutions)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-11-10] (Symantec Corporation)
U3 EraserUtilDrvI13; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys [106104 2011-12-14] (Symantec Corporation)
R3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [80384 2004-05-03] (Texas Instruments)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-02-26] (HP)
R3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [200064 2004-06-17] (Conexant Systems, Inc.)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 NAVENG; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120131.003\naveng.sys [86136 2011-12-14] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120131.003\navex15.sys [1576312 2011-12-14] (Symantec Corporation)
S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16068 2000-10-15] (Printing Communications Assoc., Inc. (PCAUSA))
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
R1 SAVRT; C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys [324232 2005-02-04] (Symantec Corporation)
R1 SAVRTPEL; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys [53896 2005-02-04] (Symantec Corporation)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [372832 2005-03-30] (Symantec Corporation)
R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
R3 STAC97; C:\Windows\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [11512 2005-04-22] (Symantec Corporation)
R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [123488 2005-05-13] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [173208 2005-04-22] (Symantec Corporation)
R3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [36984 2005-04-22] (Symantec Corporation)
R3 SYMIDSCO; C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20120126.001\symidsco.sys [270712 2010-09-15] (Symantec Corporation)
R3 SYMNDIS; C:\Windows\System32\Drivers\SYMNDIS.SYS [47192 2005-04-22] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [17976 2005-04-22] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [267192 2005-04-22] (Symantec Corporation)
R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25723 2004-08-13] (Sonic Solutions)
R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-08-13] (Sonic Solutions)
R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-08-13] (Sonic Solutions)
R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-08-13] (Sonic Solutions)
R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86202 2004-08-13] (Sonic Solutions)
R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [14715 2004-08-13] (Sonic Solutions)
R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-08-13] (Sonic Solutions)
R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-08-13] (Sonic Solutions)
R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-08-13] (Sonic Solutions)
R1 vmm; C:\WINDOWS\system32\drivers\vmm.sys [147040 2003-10-22] (Microsoft Corporation)
R3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation)
S3 ATICDSDr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ATICDSDr.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 IntelIde; No ImagePath
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; system32\drivers\UIUSys.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-30 17:00 - 2013-10-30 17:00 - 00001610 _____ C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2013-10-30 17:00 - 2013-10-30 17:00 - 00000000 ____D C:\Program Files\HitmanPro
2013-10-30 17:00 - 2013-10-30 17:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2013-10-30 16:52 - 2013-10-30 16:52 - 00090112 _____ C:\WINDOWS\Minidump\Mini103013-01.dmp
2013-10-28 23:01 - 2013-10-28 23:01 - 00000000 ____D C:\FRST
2013-10-28 17:22 - 2013-10-28 17:22 - 00000072 ____S C:\Kickstarter.exe
2013-10-28 15:18 - 2013-10-28 17:46 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-21 18:00 - 2013-10-30 17:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-18 18:32 - 2013-10-18 18:32 - 12431360 _____ C:\Documents and Settings\Administrator\My Documents\Meineke Car Care Center of Seabrook NH (Backup Oct 18,2013 06 31 PM).QBB
2013-10-11 12:50 - 2013-10-11 12:50 - 00043008 _____ C:\Documents and Settings\Administrator\My Documents\Immunogen Stock Option.xls
2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-09 03:23 - 2013-10-09 03:24 - 00031299 _____ C:\WINDOWS\KB2862335.log
2013-10-09 03:12 - 2013-10-09 03:12 - 00031662 _____ C:\WINDOWS\KB2868038.log
2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-09 03:10 - 2013-10-09 03:11 - 00032130 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-09 00:28 - 2013-10-09 03:24 - 00053202 _____ C:\WINDOWS\KB2847311.log
2013-10-09 00:27 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-09 00:27 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-09 00:27 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-09 00:27 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys

==================== One Month Modified Files and Folders =======

2013-10-30 17:09 - 2013-10-21 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-30 17:08 - 2005-02-28 19:15 - 01915897 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-30 17:00 - 2013-10-30 17:00 - 00001610 _____ C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2013-10-30 17:00 - 2013-10-30 17:00 - 00000000 ____D C:\Program Files\HitmanPro
2013-10-30 17:00 - 2013-10-30 17:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2013-10-30 16:55 - 2002-08-29 08:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-30 16:54 - 2007-01-19 15:50 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.dll
2013-10-30 16:54 - 2005-07-07 11:29 - 00058288 _____ (Absolute Software Corp.) C:\WINDOWS\system32\Rpcnet.dll
2013-10-30 16:54 - 2005-02-28 11:26 - 00000157 _____ C:\WINDOWS\wiadebug.log
2013-10-30 16:54 - 2005-02-28 11:26 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-30 16:53 - 2013-09-17 14:19 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-30 16:53 - 2012-02-02 12:03 - 00000326 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-10-30 16:53 - 2005-03-01 08:37 - 00000000 __SHD C:\WINDOWS\CSC
2013-10-30 16:53 - 2005-02-28 17:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-30 16:52 - 2013-10-30 16:52 - 00090112 _____ C:\WINDOWS\Minidump\Mini103013-01.dmp
2013-10-30 16:52 - 2012-02-16 04:33 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-30 16:52 - 2005-07-07 14:17 - 00017408 _____ C:\WINDOWS\system32\Rpcnetp.exe
2013-10-30 16:15 - 2012-08-30 08:03 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-30 15:36 - 2013-09-17 14:19 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-30 14:16 - 2012-11-30 17:46 - 00000071 __RSH C:\Documents and Settings\All Users\Application Data\3002.xml
2013-10-28 23:01 - 2013-10-28 23:01 - 00000000 ____D C:\FRST
2013-10-28 17:46 - 2013-10-28 15:18 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-28 17:22 - 2013-10-28 17:22 - 00000072 ____S C:\Kickstarter.exe
2013-10-22 22:15 - 2012-11-30 00:17 - 00032576 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-21 17:13 - 2012-12-10 18:32 - 00218310 _____ C:\WINDOWS\setupapi.log
2013-10-21 11:27 - 2013-09-17 14:19 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-10-21 11:27 - 2005-11-04 10:08 - 00000000 ____D C:\Program Files\Google
2013-10-21 11:20 - 2012-10-24 18:12 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Recipes
2013-10-18 18:32 - 2013-10-18 18:32 - 12431360 _____ C:\Documents and Settings\Administrator\My Documents\Meineke Car Care Center of Seabrook NH (Backup Oct 18,2013 06 31 PM).QBB
2013-10-17 10:30 - 2012-02-02 12:03 - 00000326 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-10-17 09:45 - 2012-02-16 15:01 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-10-16 12:16 - 2011-01-03 23:43 - 00000000 ____D C:\Meineke
2013-10-15 16:00 - 2011-03-24 11:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-14 03:04 - 2011-01-27 23:22 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-11 12:50 - 2013-10-11 12:50 - 00043008 _____ C:\Documents and Settings\Administrator\My Documents\Immunogen Stock Option.xls
2013-10-09 11:15 - 2012-08-30 08:02 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 11:15 - 2012-02-21 17:25 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-09 03:49 - 2005-02-28 11:23 - 00231984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-09 03:48 - 2013-06-20 13:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-09 03:46 - 2005-02-28 19:23 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-10-09 03:28 - 2005-02-28 11:24 - 00589046 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-09 03:24 - 2013-10-09 03:23 - 00031299 _____ C:\WINDOWS\KB2862335.log
2013-10-09 03:24 - 2013-10-09 00:28 - 00053202 _____ C:\WINDOWS\KB2847311.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00323335 _____ C:\WINDOWS\iis6.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00302961 _____ C:\WINDOWS\FaxSetup.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00144844 _____ C:\WINDOWS\ocgen.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00138230 _____ C:\WINDOWS\tsoc.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00099944 _____ C:\WINDOWS\comsetup.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00091158 _____ C:\WINDOWS\msmqinst.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00060601 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00053067 _____ C:\WINDOWS\netfxocm.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00045857 _____ C:\WINDOWS\updspapi.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00020825 _____ C:\WINDOWS\MedCtrOC.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00016758 _____ C:\WINDOWS\ocmsn.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00015239 _____ C:\WINDOWS\tabletoc.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00015141 _____ C:\WINDOWS\msgsocm.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00001374 _____ C:\WINDOWS\imsins.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-10-09 03:19 - 2013-08-14 03:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-09 03:12 - 2013-10-09 03:12 - 00031662 _____ C:\WINDOWS\KB2868038.log
2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-09 03:12 - 2005-05-19 15:36 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-09 03:11 - 2013-10-09 03:10 - 00032130 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-01 11:00 - 2012-02-02 12:03 - 00000334 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

[TwinHeadedEagle]

Hi,

Execute attached Fixlist

[attachment=6090]



Then



Please download Farbar Service Scanner and run it on the computer with the issue.

• Make sure the following options are checked:
  
  • Internet Services
  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender
• Press "Scan".
• It will create a log (FSS.txt) in the same directory the tool is run.
• Please copy and paste the log to your reply.

 

[mgmg74a1]

Farbar Service Scanner Version: 24-10-2013
Ran by Administrator (administrator) on 30-10-2013 at 17:06:54
Running from "C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\2GZQM9KR"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Attempt to access Google.com returned error: Google.com is offline
Attempt to access Yahoo.com returned error: Yahoo.com is offline


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Checking LEGACY_wscsvc: ATTENTION!=====> Unable to open LEGACY_wscsvc\0000 registry key. The key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) NetBT(6) PSched(7) SYMTDI(13) Tcpip(4) VPCNetS2(14)
0x0E00000005000000010000000200000003000000040000000D0000000600000007000000090000000A0000000B000000080000000C0000000E000000
IpSec Tag value is correct.

**** End of log ****

 

[TwinHeadedEagle]

Please download ESET Services Repair tool, available here, and save it to your Desktop. Right click on it and select Run As Administrator, follow the prompts. It should reboot when it finishes. If not reboot it yourself.
http://kb.eset.com/library/ESET/KB%20Team%20Only/Malware/ServicesRepair.exe
Post here fresh created logreports.

 

[mgmg74a1]

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013
Ran by Administrator (administrator) on CPRAHLD610XP on 30-10-2013 19:07:55
Running from D:\
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corp.) C:\WINDOWS\system32\basfipm.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Oracle Corporation) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
(Dell Inc.) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Absolute Software Corp.) C:\WINDOWS\SYSTEM32\Rpcnet.exe
(symantec) C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\WLKeeper.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe
(Sonic Solutions) C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe
(Symantec Corporation) C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-01-11] (ATI Technologies, Inc.)
HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2004-04-26] (CyberLink Corp.)
HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [122939 2004-08-13] (Sonic Solutions)
HKLM\...\Run: [UpdateManager] - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [110592 2004-01-07] (Sonic Solutions)
HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [155648 2004-09-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [48752 2005-06-02] (Symantec Corporation)
HKLM\...\Run: [vptray] - C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe [85696 2005-06-23] (Symantec Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [77824 2005-08-16] (Apple Computer, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)
HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-08] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3578272 2011-10-05] (Safer-Networking Ltd.)
HKLM\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3025304 2011-10-05] (Safer-Networking Ltd.)
HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel(R) Corporation)
HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel(R) Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\CPrahl\...\Run: [SpeedswitchXP] - C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe
HKU\CPrahl\...\Policies\system: [HideLegacyLogonScripts] 1
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk
ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk
ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
URLSearchHook: HKCU - ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Freecorder 6\tbhelper.dll ()
SearchScopes: HKLM - {0A0BF877-1BFB-4B1F-BB65-ACCA3A0D89F4} URL = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {19FDEA85-EAB3-4E11-810F-E92FAA89F5BC} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {1D9EE092-03F7-4B79-8775-2515BE150853} URL = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {2D20C484-D09F-45BE-94B1-FEC626F24A87} URL = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {4FABB07C-2440-45C3-9F40-549BF7DFD198} URL = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {62C7F791-E378-4268-A8A7-AD35B7A909CE} URL = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKLM - {FBC6B876-59D0-4EFD-B787-233A38FF25D2} URL = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c
SearchScopes: HKCU - DefaultScope {D817F51A-797C-40CB-A78C-BF38458DFC1D} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {04BE0E81-D39F-472F-855F-88EC39D5FC86} URL = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {19FDEA85-EAB3-4E11-810F-E92FAA89F5BC} URL =
SearchScopes: HKCU - {4AFFD502-BBD4-489B-9DDE-174FF446F6FD} URL = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c
SearchScopes: HKCU - {684368DD-98CE-4847-9D95-B09C32169682} URL = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {6AAF9ADD-0E77-4F9C-9B47-6427BC486F5D} URL = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=1FE9CA4001CCFA1E13F3B230&install_time=2012-03-04T15:49:38Z&src_id=30304&camp_id=3533&tb_version=1.1.3001.0(B)
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3131886
SearchScopes: HKCU - {D18B4302-7AAF-4AD7-81CB-EA477C65AAB3} URL = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {D817F51A-797C-40CB-A78C-BF38458DFC1D} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {EBA0BC1C-72A2-4B0C-989D-47CB45F1446C} URL = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c
SearchScopes: HKCU - {EF9D57BA-E979-4202-A136-73F1A40337AE} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=A3EA745B-1B20-4C57-A243-B527E000673F&apn_sauid=F8D53695-1979-4292-9D79-D722470F1F8C
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: No Name - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - No File
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO: TBSB00808 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Freecorder 6\tbcore3.dll ()
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Freecorder 6 - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files\Freecorder 6\tbcore3.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - Freecorder 6 - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files\Freecorder 6\tbcore3.dll ()
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab
DPF: {0FDE699D-DB36-11D3-9F88-0050046F7885} http://wfcdemo/admin/Download/selfBenefitEventPages.CAB
DPF: {1627BB68-415A-4329-A3A6-7C0B8D850F07} http://wfcdemo/admin/Download/PITSaveOptions.CAB
DPF: {1A757344-ABCF-11D2-9018-006008B02CCA} http://wfcdemo/admin/Download/SystemSettings.CAB
DPF: {2452EE65-F378-4202-AFCA-075D150A6C90} http://wfcdemo/admin/Download/ActionsEditor.CAB
DPF: {2D6F995F-ABD2-11D2-9018-006008B02CCA} http://wfcdemo/admin/Download/MenuTreeX.CAB
DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} http://download.infotriever.com/bin/ifhelper.cab
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab
DPF: {5C62BA7F-2EC1-11D1-BE6B-00600831F894} http://aschmidt/admin/download/SVRREG.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120569570659
DPF: {681DE5FC-ABDC-11D2-9018-006008B02CCA} http://wfcdemo/admin/Download/Security.cab
DPF: {6F745ACF-CDB4-11D2-91D0-00600831F990} http://wfcdemo/admin/Download/HrPersonal.CAB
DPF: {7417038B-747A-11D4-9FB5-0050046F7885} http://wfcdemo/admin/Download/selfProfileSettings.CAB
DPF: {7c2c94f0-7991-42b4-8d5f-4cb15b490657}
DPF: {85FA5E07-AA7E-11D2-9B53-00600831F0E4} http://wfcdemo/admin/Download/HRMSCONTROLS111.CAB
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab
DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: {b13d8b3e-04a8-406f-bd35-07530d4a62dc} http://testapp.kronos.com:8002/jinitiator/oajinit.exe
DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} http://kronosnow.kronos.com/main/Install/en/US/CentraDownloader.cab
DPF: {B3F8F451-788A-11D0-89D9-00A0C90C9B67} http://wfcdemo/admin/Download/mcsitree.cab
DPF: {BE87196E-AA7C-11D2-9B53-00600831F0E4} http://aschmidt/admin/Download/Support.CAB
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {C253F5F2-A4D0-11D2-9B53-00600831F0E4} http://wfcdemo/admin/Download/HRMSErrMessage.CAB
DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://wtk-web/WFC/plugins/j2re-1_3_1_02-win.exe
DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://time.kronos.com/wfcstatic/plugins/j2re-1_4_2_06-windows-i586-p.exe
DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://time.kronos.com/wfcstatic/plugins/jre-1_5_0_01-windows-i586-p.exe
DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default
FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\user.js
FF DefaultSearchEngine: Vgrabber1 Customized Web Search
FF SearchEngineOrder.1: Ask.com
FF SelectedSearchEngine: ALOT Search
FF Homepage: hxxp://search.conduit.com/?CUI=UN15273160788479323&ctid=CT3131886&SearchSource=13
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3131886&SearchSource=2&CUI=UN15273160788479323&UM=false&q=
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\searchplugins\alot-search.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\searchplugins\conduit.xml
FF Extension: ALOT Appbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\Extensions\appbar@alot.com
FF Extension: Freecorder 6 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\Extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}
FF Extension: Vgrabber1 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\Extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2

========================== Services (Whitelisted) =================

R2 BAsfIpM; C:\WINDOWS\system32\basfipm.exe [77824 2004-04-01] (Broadcom Corp.)
R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [185968 2005-06-02] (Symantec Corporation)
R2 ccProxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [239216 2005-06-02] (Symantec Corporation)
S3 ccPwdSvc; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [83568 2005-06-02] (Symantec Corporation)
R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [161392 2005-06-02] (Symantec Corporation)
R2 DefWatch; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [19648 2005-06-23] (Symantec Corporation)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-10-30] (SurfRight B.V.)
R2 ISSVC; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [79488 2005-06-23] (Symantec Corporation)
R2 NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [356352 2005-03-03] (Dell Inc.)
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.)
R2 Rpcnet; C:\Windows\SYSTEM32\Rpcnet.exe [58288 2012-10-19] (Absolute Software Corp.)
R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel(R) Corporation)
R2 SavRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [124608 2005-06-23] (symantec)
R2 SDHookService; C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe [130976 2011-10-05] (Safer-Networking Ltd.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [892336 2011-10-05] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [955816 2011-10-05] (Safer-Networking Ltd.)
R2 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206552 2005-04-22] (Symantec Corporation)
S3 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [992864 2005-03-30] (Symantec Corporation)
R2 Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [1715904 2005-06-23] (Symantec Corporation)
R2 SymSecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [198272 2005-06-23] (Symantec Corporation)
R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel(R) Corporation)
R2 JavaQuickStarterService; "C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe" -service -config "C:\Program Files\Oracle\JavaFX 2.1 Runtime\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

R3 Appdrv; C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys [16128 2004-06-30] (Dell Inc)
R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [156160 2006-05-10] (Broadcom Corporation)
R2 BASFND; C:\WINDOWS\system32\Drivers\BASFND.sys [6025 2003-04-24] (Broadcom Corporation)
R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2004-08-13] (Sonic Solutions)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-11-10] (Symantec Corporation)
U3 EraserUtilDrvI13; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys [106104 2011-12-14] (Symantec Corporation)
R3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [80384 2004-05-03] (Texas Instruments)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-02-26] (HP)
R3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [200064 2004-06-17] (Conexant Systems, Inc.)
S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)
R3 NAVENG; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120131.003\naveng.sys [86136 2011-12-14] (Symantec Corporation)
R3 NAVEX15; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120131.003\navex15.sys [1576312 2011-12-14] (Symantec Corporation)
S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16068 2000-10-15] (Printing Communications Assoc., Inc. (PCAUSA))
R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)
R1 SAVRT; C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys [324232 2005-02-04] (Symantec Corporation)
R1 SAVRTPEL; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys [53896 2005-02-04] (Symantec Corporation)
S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [372832 2005-03-30] (Symantec Corporation)
R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)
R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)
R3 STAC97; C:\Windows\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [11512 2005-04-22] (Symantec Corporation)
R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [123488 2005-05-13] (Symantec Corporation)
R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [173208 2005-04-22] (Symantec Corporation)
R3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [36984 2005-04-22] (Symantec Corporation)
R3 SYMIDSCO; C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20120126.001\symidsco.sys [270712 2010-09-15] (Symantec Corporation)
R3 SYMNDIS; C:\Windows\System32\Drivers\SYMNDIS.SYS [47192 2005-04-22] (Symantec Corporation)
R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [17976 2005-04-22] (Symantec Corporation)
R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [267192 2005-04-22] (Symantec Corporation)
R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25723 2004-08-13] (Sonic Solutions)
R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-08-13] (Sonic Solutions)
R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-08-13] (Sonic Solutions)
R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-08-13] (Sonic Solutions)
R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86202 2004-08-13] (Sonic Solutions)
R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [14715 2004-08-13] (Sonic Solutions)
R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-08-13] (Sonic Solutions)
R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-08-13] (Sonic Solutions)
R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-08-13] (Sonic Solutions)
R1 vmm; C:\WINDOWS\system32\drivers\vmm.sys [147040 2003-10-22] (Microsoft Corporation)
R3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation)
S3 ATICDSDr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ATICDSDr.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S4 IntelIde; No ImagePath
S3 PCDSRVC{E9D79540-57D5953E-06020200}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 UIUSys; system32\drivers\UIUSys.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-30 19:02 - 2013-10-30 19:02 - 00130968 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-10-30 18:55 - 2013-10-30 18:55 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\CC Support
2013-10-30 18:53 - 2013-10-30 18:53 - 04009167 _____ C:\Documents and Settings\Administrator\My Documents\ServicesRepair.exe
2013-10-30 17:06 - 2013-10-30 17:07 - 00002785 _____ C:\Documents and Settings\Administrator\Desktop\FSS.txt
2013-10-30 17:00 - 2013-10-30 17:00 - 00001610 _____ C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2013-10-30 17:00 - 2013-10-30 17:00 - 00000000 ____D C:\Program Files\HitmanPro
2013-10-30 17:00 - 2013-10-30 17:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2013-10-30 16:52 - 2013-10-30 16:52 - 00090112 _____ C:\WINDOWS\Minidump\Mini103013-01.dmp
2013-10-28 23:01 - 2013-10-28 23:01 - 00000000 ____D C:\FRST
2013-10-28 17:22 - 2013-10-28 17:22 - 00000072 ____S C:\Kickstarter.exe
2013-10-28 15:18 - 2013-10-28 17:46 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-21 18:00 - 2013-10-30 17:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-18 18:32 - 2013-10-18 18:32 - 12431360 _____ C:\Documents and Settings\Administrator\My Documents\Meineke Car Care Center of Seabrook NH (Backup Oct 18,2013 06 31 PM).QBB
2013-10-11 12:50 - 2013-10-11 12:50 - 00043008 _____ C:\Documents and Settings\Administrator\My Documents\Immunogen Stock Option.xls
2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-09 03:23 - 2013-10-09 03:24 - 00031299 _____ C:\WINDOWS\KB2862335.log
2013-10-09 03:12 - 2013-10-09 03:12 - 00031662 _____ C:\WINDOWS\KB2868038.log
2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-09 03:10 - 2013-10-09 03:11 - 00032130 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-09 00:28 - 2013-10-09 03:24 - 00053202 _____ C:\WINDOWS\KB2847311.log
2013-10-09 00:27 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-09 00:27 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys
2013-10-09 00:27 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-09 00:27 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-09 00:27 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys

==================== One Month Modified Files and Folders =======

2013-10-30 19:08 - 2005-02-28 19:15 - 01921839 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-30 19:05 - 2013-09-17 14:19 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-30 19:05 - 2012-02-02 12:03 - 00000326 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2013-10-30 19:05 - 2002-08-29 08:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-10-30 19:04 - 2005-07-07 14:17 - 00017408 _____ C:\WINDOWS\system32\Rpcnetp.exe
2013-10-30 19:04 - 2005-07-07 11:29 - 00058288 _____ (Absolute Software Corp.) C:\WINDOWS\system32\Rpcnet.dll
2013-10-30 19:04 - 2005-02-28 17:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-30 19:04 - 2005-02-28 11:26 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-10-30 19:04 - 2005-02-28 11:26 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-10-30 19:02 - 2013-10-30 19:02 - 00130968 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2013-10-30 19:02 - 2012-11-30 00:17 - 00032576 _____ C:\WINDOWS\SchedLgU.Txt
2013-10-30 19:02 - 2012-02-02 13:06 - 00524288 _____ C:\WINDOWS\system32\config\SpybotSD.evt
2013-10-30 19:02 - 2005-07-05 09:04 - 00000040 _____ C:\WINDOWS\system32\profile.dat
2013-10-30 19:02 - 2005-02-28 19:23 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2013-10-30 18:55 - 2013-10-30 18:55 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\CC Support
2013-10-30 18:53 - 2013-10-30 18:53 - 04009167 _____ C:\Documents and Settings\Administrator\My Documents\ServicesRepair.exe
2013-10-30 18:36 - 2013-09-17 14:19 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-30 18:15 - 2012-08-30 08:03 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-30 17:09 - 2013-10-21 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro
2013-10-30 17:07 - 2013-10-30 17:06 - 00002785 _____ C:\Documents and Settings\Administrator\Desktop\FSS.txt
2013-10-30 17:00 - 2013-10-30 17:00 - 00001610 _____ C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2013-10-30 17:00 - 2013-10-30 17:00 - 00000000 ____D C:\Program Files\HitmanPro
2013-10-30 17:00 - 2013-10-30 17:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2013-10-30 16:54 - 2007-01-19 15:50 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.dll
2013-10-30 16:53 - 2005-03-01 08:37 - 00000000 __SHD C:\WINDOWS\CSC
2013-10-30 16:52 - 2013-10-30 16:52 - 00090112 _____ C:\WINDOWS\Minidump\Mini103013-01.dmp
2013-10-30 16:52 - 2012-02-16 04:33 - 00000000 ____D C:\WINDOWS\Minidump
2013-10-30 14:16 - 2012-11-30 17:46 - 00000071 __RSH C:\Documents and Settings\All Users\Application Data\3002.xml
2013-10-28 23:01 - 2013-10-28 23:01 - 00000000 ____D C:\FRST
2013-10-28 17:46 - 2013-10-28 15:18 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0
2013-10-28 17:22 - 2013-10-28 17:22 - 00000072 ____S C:\Kickstarter.exe
2013-10-21 17:13 - 2012-12-10 18:32 - 00218310 _____ C:\WINDOWS\setupapi.log
2013-10-21 11:27 - 2013-09-17 14:19 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google
2013-10-21 11:27 - 2005-11-04 10:08 - 00000000 ____D C:\Program Files\Google
2013-10-21 11:20 - 2012-10-24 18:12 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Recipes
2013-10-18 18:32 - 2013-10-18 18:32 - 12431360 _____ C:\Documents and Settings\Administrator\My Documents\Meineke Car Care Center of Seabrook NH (Backup Oct 18,2013 06 31 PM).QBB
2013-10-17 10:30 - 2012-02-02 12:03 - 00000326 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2013-10-17 09:45 - 2012-02-16 15:01 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-10-16 12:16 - 2011-01-03 23:43 - 00000000 ____D C:\Meineke
2013-10-15 16:00 - 2011-03-24 11:54 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-14 03:04 - 2011-01-27 23:22 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-11 12:50 - 2013-10-11 12:50 - 00043008 _____ C:\Documents and Settings\Administrator\My Documents\Immunogen Stock Option.xls
2013-10-09 11:15 - 2012-08-30 08:02 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 11:15 - 2012-02-21 17:25 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-09 03:49 - 2005-02-28 11:23 - 00231984 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-09 03:48 - 2013-06-20 13:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-09 03:28 - 2005-02-28 11:24 - 00589046 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-09 03:24 - 2013-10-09 03:23 - 00031299 _____ C:\WINDOWS\KB2862335.log
2013-10-09 03:24 - 2013-10-09 00:28 - 00053202 _____ C:\WINDOWS\KB2847311.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00323335 _____ C:\WINDOWS\iis6.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00302961 _____ C:\WINDOWS\FaxSetup.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00144844 _____ C:\WINDOWS\ocgen.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00138230 _____ C:\WINDOWS\tsoc.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00099944 _____ C:\WINDOWS\comsetup.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00091158 _____ C:\WINDOWS\msmqinst.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00060601 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00053067 _____ C:\WINDOWS\netfxocm.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00045857 _____ C:\WINDOWS\updspapi.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00020825 _____ C:\WINDOWS\MedCtrOC.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00016758 _____ C:\WINDOWS\ocmsn.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00015239 _____ C:\WINDOWS\tabletoc.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00015141 _____ C:\WINDOWS\msgsocm.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00001374 _____ C:\WINDOWS\imsins.log
2013-10-09 03:24 - 2012-12-12 04:07 - 00001374 _____ C:\WINDOWS\imsins.BAK
2013-10-09 03:19 - 2013-08-14 03:21 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-09 03:12 - 2013-10-09 03:12 - 00031662 _____ C:\WINDOWS\KB2868038.log
2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-09 03:12 - 2005-05-19 15:36 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-09 03:11 - 2013-10-09 03:10 - 00032130 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-01 11:00 - 2012-02-02 12:03 - 00000334 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================