Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Reply to thread
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Department of Justice Virus
Message
<blockquote data-quote="mgmg74a1" data-source="post: 142194" data-attributes="member: 14328"><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013</p><p>Ran by SYSTEM on REATOGO on 28-10-2013 23:01:27</p><p>Running from D:\</p><p>Microsoft Windows XP (X86) OS Language: English(US)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Recovery</p><p></p><p>The current controlset is ControlSet003</p><p><strong>ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.</strong></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-01-11] (ATI Technologies, Inc.)</p><p>HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2004-04-26] (CyberLink Corp.)</p><p>HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [122939 2004-08-13] (Sonic Solutions)</p><p>HKLM\...\Run: [UpdateManager] - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [110592 2004-01-07] (Sonic Solutions)</p><p>HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [155648 2004-09-13] (Alps Electric Co., Ltd.)</p><p>HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [48752 2005-06-02] (Symantec Corporation)</p><p>HKLM\...\Run: [vptray] - C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe [85696 2005-06-23] (Symantec Corporation)</p><p>HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [77824 2005-08-16] (Apple Computer, Inc.)</p><p>HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)</p><p>HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-08] (Intuit Inc. All rights reserved.)</p><p>HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)</p><p>HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3578272 2011-10-05] (Safer-Networking Ltd.)</p><p>HKLM\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3025304 2011-10-05] (Safer-Networking Ltd.)</p><p>HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel(R) Corporation)</p><p>HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel(R) Corporation)</p><p>HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)</p><p>HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)</p><p>HKLM\...\Run: [DisplaySwitch] - C:\Documents and Settings\Administrator\Templates\sysdrivwin.exe [120320 2013-10-21] ()</p><p>HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION</p><p>HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION</p><p>HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION</p><p>HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION</p><p>HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION</p><p>HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION</p><p>HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION</p><p>HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION</p><p>HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION</p><p>HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION</p><p>Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)</p><p>Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)</p><p>Winlogon\Notify\wungche: C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll ()</p><p>HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1</p><p>HKU\Administrator\...\Run: [wungche] - rundll32 "C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll",wungche <===== ATTENTION</p><p>HKU\Administrator\...\Run: [Google Update] - [x]</p><p>HKU\Administrator\...\Run: [enlatig] - regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\enlatig.dat" <===== ATTENTION</p><p>HKU\Administrator\...\Run: [ykhtbzy] - regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\ykhtbzy.dat" <===== ATTENTION</p><p>HKU\CPrahl\...\Run: [SpeedswitchXP] - C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe</p><p>HKU\CPrahl\...\Policies\system: [HideLegacyLogonScripts] 1</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk</p><p>ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk</p><p>ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk</p><p>ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk</p><p>ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)</p><p>BootExecute: autocheck autochk * sdnclean.exe</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>S2 BAsfIpM; C:\WINDOWS\system32\basfipm.exe [77824 2004-04-01] (Broadcom Corp.)</p><p>S2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [185968 2005-06-02] (Symantec Corporation)</p><p>S2 ccProxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [239216 2005-06-02] (Symantec Corporation)</p><p>S3 ccPwdSvc; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [83568 2005-06-02] (Symantec Corporation)</p><p>S2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [161392 2005-06-02] (Symantec Corporation)</p><p>S2 DefWatch; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [19648 2005-06-23] (Symantec Corporation)</p><p>S2 ISSVC; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [79488 2005-06-23] (Symantec Corporation)</p><p>S2 NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [356352 2005-03-03] (Dell Inc.)</p><p>S2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.)</p><p>S2 Rpcnet; C:\Windows\SYSTEM32\Rpcnet.exe [58288 2012-10-19] (Absolute Software Corp.)</p><p>S2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel(R) Corporation)</p><p>S2 SavRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [124608 2005-06-23] (symantec)</p><p>S2 SDHookService; C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe [130976 2011-10-05] (Safer-Networking Ltd.)</p><p>S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [892336 2011-10-05] (Safer-Networking Ltd.)</p><p>S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [955816 2011-10-05] (Safer-Networking Ltd.)</p><p>S2 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206552 2005-04-22] (Symantec Corporation)</p><p>S3 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [992864 2005-03-30] (Symantec Corporation)</p><p>S2 Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [1715904 2005-06-23] (Symantec Corporation)</p><p>S2 SymSecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [198272 2005-06-23] (Symantec Corporation)</p><p>S2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel(R) Corporation)</p><p>S2 JavaQuickStarterService; "C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe" -service -config "C:\Program Files\Oracle\JavaFX 2.1 Runtime\lib\deploy\jqs\jqs.conf"</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S3 Appdrv; C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys [16128 2004-06-30] (Dell Inc)</p><p>S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [156160 2006-05-10] (Broadcom Corporation)</p><p>S2 BASFND; C:\WINDOWS\system32\Drivers\BASFND.sys [6025 2003-04-24] (Broadcom Corporation)</p><p>S2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2004-08-13] (Sonic Solutions)</p><p>S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-11-10] (Symantec Corporation)</p><p>S3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [80384 2004-05-03] (Texas Instruments)</p><p>S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-10-21] ()</p><p>S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)</p><p>S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)</p><p>S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-02-26] (HP)</p><p>S3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [200064 2004-06-17] (Conexant Systems, Inc.)</p><p>S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)</p><p>S3 NAVENG; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120131.003\naveng.sys [86136 2011-12-14] (Symantec Corporation)</p><p>S3 NAVEX15; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120131.003\navex15.sys [1576312 2011-12-14] (Symantec Corporation)</p><p>S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16068 2000-10-15] (Printing Communications Assoc., Inc. (PCAUSA))</p><p>S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)</p><p>S1 SAVRT; C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys [324232 2005-02-04] (Symantec Corporation)</p><p>S1 SAVRTPEL; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys [53896 2005-02-04] (Symantec Corporation)</p><p>S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [372832 2005-03-30] (Symantec Corporation)</p><p>S1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)</p><p>S1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)</p><p>S3 STAC97; C:\Windows\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)</p><p>S3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [11512 2005-04-22] (Symantec Corporation)</p><p>S3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [123488 2005-05-13] (Symantec Corporation)</p><p>S3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [173208 2005-04-22] (Symantec Corporation)</p><p>S3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [36984 2005-04-22] (Symantec Corporation)</p><p>S3 SYMIDSCO; C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20120126.001\symidsco.sys [270712 2010-09-15] (Symantec Corporation)</p><p>S3 SYMNDIS; C:\Windows\System32\Drivers\SYMNDIS.SYS [47192 2005-04-22] (Symantec Corporation)</p><p>S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [17976 2005-04-22] (Symantec Corporation)</p><p>S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [267192 2005-04-22] (Symantec Corporation)</p><p>S2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25723 2004-08-13] (Sonic Solutions)</p><p>S2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-08-13] (Sonic Solutions)</p><p>S2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-08-13] (Sonic Solutions)</p><p>S2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-08-13] (Sonic Solutions)</p><p>S2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86202 2004-08-13] (Sonic Solutions)</p><p>S2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [14715 2004-08-13] (Sonic Solutions)</p><p>S2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-08-13] (Sonic Solutions)</p><p>S2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-08-13] (Sonic Solutions)</p><p>S2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-08-13] (Sonic Solutions)</p><p>S1 vmm; C:\WINDOWS\system32\drivers\vmm.sys [147040 2003-10-22] (Microsoft Corporation)</p><p>S3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation)</p><p>S3 ATICDSDr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ATICDSDr.sys [x]</p><p>S3 catchme; \??\C:\ComboFix\catchme.sys [x]</p><p>S4 IntelIde; No ImagePath</p><p>S3 PCDSRVC{E9D79540-57D5953E-06020200}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [x]</p><p>S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)</p><p>S3 UIUSys; system32\drivers\UIUSys.sys [x]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-10-28 23:01 - 2013-10-28 23:01 - 00000000 ____D C:\FRST</p><p>2013-10-28 17:22 - 2013-10-28 17:22 - 00000072 ____S C:\Kickstarter.exe</p><p>2013-10-28 15:18 - 2013-10-28 17:46 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0</p><p>2013-10-21 18:00 - 2013-10-21 18:00 - 00030976 _____ C:\Windows\System32\Drivers\hitmanpro37.sys</p><p>2013-10-21 18:00 - 2013-10-21 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>2013-10-21 11:27 - 2013-10-21 11:27 - 00212992 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\ykhtbzy.dat</p><p>2013-10-21 11:27 - 2013-10-21 11:27 - 00212992 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\enlatig.dat</p><p>2013-10-21 11:27 - 2013-10-21 11:27 - 00023552 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll</p><p>2013-10-18 18:32 - 2013-10-18 18:32 - 12431360 _____ C:\Documents and Settings\Administrator\My Documents\Meineke Car Care Center of Seabrook NH (Backup Oct 18,2013 06 31 PM).QBB</p><p>2013-10-11 12:50 - 2013-10-11 12:50 - 00043008 _____ C:\Documents and Settings\Administrator\My Documents\Immunogen Stock Option.xls</p><p>2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$</p><p>2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$</p><p>2013-10-09 03:23 - 2013-10-09 03:24 - 00031299 _____ C:\Windows\KB2862335.log</p><p>2013-10-09 03:12 - 2013-10-09 03:12 - 00031662 _____ C:\Windows\KB2868038.log</p><p>2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2868038$</p><p>2013-10-09 03:10 - 2013-10-09 03:11 - 00032130 _____ C:\Windows\KB2879017-IE8.log</p><p>2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2883150$</p><p>2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$</p><p>2013-10-09 00:28 - 2013-10-09 03:24 - 00053202 _____ C:\Windows\KB2847311.log</p><p>2013-10-09 00:27 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbport.sys</p><p>2013-10-09 00:27 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbport.sys</p><p>2013-10-09 00:27 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys</p><p>2013-10-09 00:27 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys</p><p>2013-10-09 00:27 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys</p><p>2013-10-09 00:27 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys</p><p>2013-10-09 00:27 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys</p><p>2013-10-09 00:27 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys</p><p>2013-10-09 00:27 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irbus.sys</p><p>2013-10-09 00:27 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irbus.sys</p><p>2013-10-09 00:27 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys</p><p>2013-10-09 00:27 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys</p><p>2013-10-09 00:27 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys</p><p>2013-10-09 00:27 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-10-28 23:01 - 2013-10-28 23:01 - 00000000 ____D C:\FRST</p><p>2013-10-28 21:12 - 2002-08-29 08:00 - 00002206 _____ C:\Windows\System32\wpa.dbl</p><p>2013-10-28 21:11 - 2007-01-19 15:50 - 00017408 _____ C:\Windows\System32\rpcnetp.dll</p><p>2013-10-28 21:11 - 2005-07-07 11:29 - 00058288 _____ (Absolute Software Corp.) C:\Windows\System32\Rpcnet.dll</p><p>2013-10-28 21:11 - 2005-02-28 11:26 - 00000159 _____ C:\Windows\wiadebug.log</p><p>2013-10-28 21:11 - 2005-02-28 11:26 - 00000050 _____ C:\Windows\wiaservc.log</p><p>2013-10-28 21:09 - 2005-07-07 14:17 - 00017408 _____ C:\Windows\System32\Rpcnetp.exe</p><p>2013-10-28 17:46 - 2013-10-28 15:18 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0</p><p>2013-10-28 17:22 - 2013-10-28 17:22 - 00000072 ____S C:\Kickstarter.exe</p><p>2013-10-23 03:00 - 2005-02-28 19:15 - 01897539 _____ C:\Windows\WindowsUpdate.log</p><p>2013-10-22 22:15 - 2012-11-30 00:17 - 00032576 _____ C:\Windows\SchedLgU.Txt</p><p>2013-10-22 21:08 - 2005-03-01 08:37 - 00000000 __SHD C:\Windows\CSC</p><p>2013-10-21 18:00 - 2013-10-21 18:00 - 00030976 _____ C:\Windows\System32\Drivers\hitmanpro37.sys</p><p>2013-10-21 18:00 - 2013-10-21 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>2013-10-21 17:13 - 2012-12-10 18:32 - 00218310 _____ C:\Windows\setupapi.log</p><p>2013-10-21 11:27 - 2013-10-21 11:27 - 00212992 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\ykhtbzy.dat</p><p>2013-10-21 11:27 - 2013-10-21 11:27 - 00212992 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\enlatig.dat</p><p>2013-10-21 11:27 - 2013-10-21 11:27 - 00023552 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll</p><p>2013-10-21 11:27 - 2013-09-17 14:19 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google</p><p>2013-10-21 11:27 - 2005-11-04 10:08 - 00000000 ____D C:\Program Files\Google</p><p>2013-10-21 11:20 - 2012-10-24 18:12 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Recipes</p><p>2013-10-20 20:11 - 2012-11-30 17:46 - 00000071 __RSH C:\Documents and Settings\All Users\Application Data\3002.xml</p><p>2013-10-18 18:32 - 2013-10-18 18:32 - 12431360 _____ C:\Documents and Settings\Administrator\My Documents\Meineke Car Care Center of Seabrook NH (Backup Oct 18,2013 06 31 PM).QBB</p><p>2013-10-16 12:16 - 2011-01-03 23:43 - 00000000 ____D C:\Meineke</p><p>2013-10-15 16:00 - 2011-03-24 11:54 - 00000000 ____D C:\Program Files\Mozilla Firefox</p><p>2013-10-14 03:04 - 2011-01-27 23:22 - 00000000 ____D C:\Windows\Microsoft.NET</p><p>2013-10-11 12:50 - 2013-10-11 12:50 - 00043008 _____ C:\Documents and Settings\Administrator\My Documents\Immunogen Stock Option.xls</p><p>2013-10-09 11:15 - 2012-08-30 08:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe</p><p>2013-10-09 11:15 - 2012-02-21 17:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl</p><p>2013-10-09 03:49 - 2005-02-28 11:23 - 00231984 _____ C:\Windows\System32\FNTCACHE.DAT</p><p>2013-10-09 03:48 - 2013-06-20 13:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service</p><p>2013-10-09 03:46 - 2005-02-28 19:23 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini</p><p>2013-10-09 03:28 - 2005-02-28 11:24 - 00589046 _____ C:\Windows\System32\PerfStringBackup.INI</p><p>2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$</p><p>2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$</p><p>2013-10-09 03:24 - 2013-10-09 03:23 - 00031299 _____ C:\Windows\KB2862335.log</p><p>2013-10-09 03:24 - 2013-10-09 00:28 - 00053202 _____ C:\Windows\KB2847311.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00323335 _____ C:\Windows\iis6.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00302961 _____ C:\Windows\FaxSetup.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00144844 _____ C:\Windows\ocgen.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00138230 _____ C:\Windows\tsoc.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00099944 _____ C:\Windows\comsetup.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00091158 _____ C:\Windows\msmqinst.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00060601 _____ C:\Windows\ntdtcsetup.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00053067 _____ C:\Windows\netfxocm.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00045857 _____ C:\Windows\updspapi.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00020825 _____ C:\Windows\MedCtrOC.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00016758 _____ C:\Windows\ocmsn.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00015239 _____ C:\Windows\tabletoc.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00015141 _____ C:\Windows\msgsocm.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00001374 _____ C:\Windows\imsins.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00001374 _____ C:\Windows\imsins.BAK</p><p>2013-10-09 03:19 - 2013-08-14 03:21 - 00000000 ____D C:\Windows\System32\MRT</p><p>2013-10-09 03:12 - 2013-10-09 03:12 - 00031662 _____ C:\Windows\KB2868038.log</p><p>2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2868038$</p><p>2013-10-09 03:12 - 2005-05-19 15:36 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>2013-10-09 03:11 - 2013-10-09 03:10 - 00032130 _____ C:\Windows\KB2879017-IE8.log</p><p>2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2883150$</p><p>2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$</p><p></p><p>ZeroAccess:</p><p>C:\Windows\assembly\GAC\Desktop.ini</p><p></p><p>Files to move or delete:</p><p>====================</p><p>ZeroAccess:</p><p>C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install</p><p>ZeroAccess:</p><p>C:\Program Files\Google\Desktop\Install</p><p></p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Documents and Settings\Administrator\Local Settings\Temp\dotnetfx.exe</p><p>C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe</p><p>C:\Documents and Settings\Administrator\Local Settings\Temp\nitro_pro8.exe</p><p>C:\Documents and Settings\Administrator\Local Settings\Temp\vcredist_x86.exe</p><p></p><p></p><p>==================== Known DLLs (Whitelisted) ============</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points (XP) =====================</p><p></p><p>RP: -> 2013-10-22 21:27 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP603 </p><p></p><p>RP: -> 2013-10-21 09:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP602 </p><p></p><p>RP: -> 2013-10-20 08:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP601 </p><p></p><p>RP: -> 2013-10-19 07:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP600 </p><p></p><p>RP: -> 2013-10-18 06:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP599 </p><p></p><p>RP: -> 2013-10-17 05:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP598 </p><p></p><p>RP: -> 2013-10-16 04:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP597 </p><p></p><p>RP: -> 2013-10-15 03:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP596 </p><p></p><p>RP: -> 2013-10-14 03:00 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP595 </p><p></p><p>RP: -> 2013-10-13 06:15 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP594 </p><p></p><p>RP: -> 2013-10-12 05:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP593 </p><p></p><p>RP: -> 2013-10-11 04:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP592 </p><p></p><p>RP: -> 2013-10-10 03:53 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP591 </p><p></p><p>RP: -> 2013-10-09 03:00 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP590 </p><p></p><p>RP: -> 2013-10-09 02:18 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP589 </p><p></p><p>RP: -> 2013-10-08 02:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP588 </p><p></p><p>RP: -> 2013-10-07 01:25 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP587 </p><p></p><p>RP: -> 2013-10-06 00:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP586 </p><p></p><p>RP: -> 2013-10-04 23:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP585 </p><p></p><p>RP: -> 2013-10-03 22:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP584 </p><p></p><p>RP: -> 2013-10-02 21:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP583 </p><p></p><p>RP: -> 2013-10-01 20:19 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP582 </p><p></p><p>RP: -> 2013-09-30 20:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP581 </p><p></p><p>RP: -> 2013-09-29 19:19 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP580 </p><p></p><p>RP: -> 2013-09-28 19:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP579 </p><p></p><p>RP: -> 2013-09-27 18:29 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP578 </p><p></p><p>RP: -> 2013-09-26 18:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP577 </p><p></p><p>RP: -> 2013-09-25 17:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP576 </p><p></p><p>RP: -> 2013-09-24 16:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP575 </p><p></p><p>RP: -> 2013-09-23 15:18 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP574 </p><p></p><p>RP: -> 2013-09-22 14:51 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP573 </p><p></p><p>RP: -> 2013-09-21 14:41 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP572 </p><p></p><p>RP: -> 2013-09-20 14:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP571 </p><p></p><p>RP: -> 2013-09-19 13:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP570 </p><p></p><p>RP: -> 2013-09-18 12:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP569 </p><p></p><p>RP: -> 2013-09-17 11:19 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP568 </p><p></p><p>RP: -> 2013-09-16 11:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP567 </p><p></p><p>RP: -> 2013-09-15 10:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP566 </p><p></p><p>RP: -> 2013-09-14 09:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP565 </p><p></p><p>RP: -> 2013-09-13 01:41 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP564 </p><p></p><p>RP: -> 2013-09-12 00:29 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP563 </p><p></p><p>RP: -> 2013-09-11 00:08 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP562 </p><p></p><p>RP: -> 2013-09-10 20:32 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP561 </p><p></p><p>RP: -> 2013-09-09 11:09 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP560 </p><p></p><p>RP: -> 2013-09-08 09:58 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP559 </p><p></p><p>RP: -> 2013-09-07 09:47 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP558 </p><p></p><p>RP: -> 2013-09-06 07:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP557 </p><p></p><p>RP: -> 2013-09-05 06:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP556 </p><p></p><p>RP: -> 2013-09-04 05:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP555 </p><p></p><p>RP: -> 2013-09-03 04:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP554 </p><p></p><p>RP: -> 2013-09-02 03:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP553 </p><p></p><p>RP: -> 2013-09-01 02:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP552 </p><p></p><p>RP: -> 2013-08-31 01:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP551 </p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 13%</p><p>Total physical RAM: 2047.36 MB</p><p>Available physical RAM: 1760.87 MB</p><p>Total Pagefile: 1878 MB</p><p>Available Pagefile: 1804.08 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1993.16 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS</p><p>Drive c: () (Fixed) (Total:55.88 GB) (Free:21.34 GB) NTFS ==>[Drive with boot components (Windows XP)]</p><p>Drive d: (HITMANPRO) (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT32</p><p>Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows XP) (Size: 56 GB) (Disk ID: B4D8B4D8)</p><p>Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 966 MB) (Disk ID: 320327BE)</p><p>Partition 1: (Active) - (Size=965 MB) - (Type=0B)</p><p></p><p>==================== End Of Log ======</p></blockquote><p></p>
[QUOTE="mgmg74a1, post: 142194, member: 14328"] Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013 Ran by SYSTEM on REATOGO on 28-10-2013 23:01:27 Running from D:\ Microsoft Windows XP (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet003 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-01-11] (ATI Technologies, Inc.) HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2004-04-26] (CyberLink Corp.) HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [122939 2004-08-13] (Sonic Solutions) HKLM\...\Run: [UpdateManager] - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [110592 2004-01-07] (Sonic Solutions) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [155648 2004-09-13] (Alps Electric Co., Ltd.) HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [48752 2005-06-02] (Symantec Corporation) HKLM\...\Run: [vptray] - C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe [85696 2005-06-23] (Symantec Corporation) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [77824 2005-08-16] (Apple Computer, Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-08] (Intuit Inc. All rights reserved.) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3578272 2011-10-05] (Safer-Networking Ltd.) HKLM\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3025304 2011-10-05] (Safer-Networking Ltd.) HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel(R) Corporation) HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel(R) Corporation) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.) HKLM\...\Run: [DisplaySwitch] - C:\Documents and Settings\Administrator\Templates\sysdrivwin.exe [120320 2013-10-21] () HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Symantec <====== ATTENTION HKLM Group Policy restriction on software: C:\Program Files\Common Files\Symantec Shared <====== ATTENTION Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) Winlogon\Notify\wungche: C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll () HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1 HKU\Administrator\...\Run: [wungche] - rundll32 "C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll",wungche <===== ATTENTION HKU\Administrator\...\Run: [Google Update] - [x] HKU\Administrator\...\Run: [enlatig] - regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\enlatig.dat" <===== ATTENTION HKU\Administrator\...\Run: [ykhtbzy] - regsvr32.exe /s "C:\Documents and Settings\All Users\Application Data\ykhtbzy.dat" <===== ATTENTION HKU\CPrahl\...\Run: [SpeedswitchXP] - C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe HKU\CPrahl\...\Policies\system: [HideLegacyLogonScripts] 1 Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.) BootExecute: autocheck autochk * sdnclean.exe ========================== Services (Whitelisted) ================= S2 BAsfIpM; C:\WINDOWS\system32\basfipm.exe [77824 2004-04-01] (Broadcom Corp.) S2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [185968 2005-06-02] (Symantec Corporation) S2 ccProxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [239216 2005-06-02] (Symantec Corporation) S3 ccPwdSvc; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [83568 2005-06-02] (Symantec Corporation) S2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [161392 2005-06-02] (Symantec Corporation) S2 DefWatch; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [19648 2005-06-23] (Symantec Corporation) S2 ISSVC; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [79488 2005-06-23] (Symantec Corporation) S2 NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [356352 2005-03-03] (Dell Inc.) S2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) S2 Rpcnet; C:\Windows\SYSTEM32\Rpcnet.exe [58288 2012-10-19] (Absolute Software Corp.) S2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel(R) Corporation) S2 SavRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [124608 2005-06-23] (symantec) S2 SDHookService; C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe [130976 2011-10-05] (Safer-Networking Ltd.) S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [892336 2011-10-05] (Safer-Networking Ltd.) S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [955816 2011-10-05] (Safer-Networking Ltd.) S2 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206552 2005-04-22] (Symantec Corporation) S3 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [992864 2005-03-30] (Symantec Corporation) S2 Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [1715904 2005-06-23] (Symantec Corporation) S2 SymSecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [198272 2005-06-23] (Symantec Corporation) S2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel(R) Corporation) S2 JavaQuickStarterService; "C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe" -service -config "C:\Program Files\Oracle\JavaFX 2.1 Runtime\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== S3 Appdrv; C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys [16128 2004-06-30] (Dell Inc) S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [156160 2006-05-10] (Broadcom Corporation) S2 BASFND; C:\WINDOWS\system32\Drivers\BASFND.sys [6025 2003-04-24] (Broadcom Corporation) S2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2004-08-13] (Sonic Solutions) S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-11-10] (Symantec Corporation) S3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [80384 2004-05-03] (Texas Instruments) S3 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [30976 2013-10-21] () S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP) S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-02-26] (HP) S3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [200064 2004-06-17] (Conexant Systems, Inc.) S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation) S3 NAVENG; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120131.003\naveng.sys [86136 2011-12-14] (Symantec Corporation) S3 NAVEX15; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120131.003\navex15.sys [1576312 2011-12-14] (Symantec Corporation) S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16068 2000-10-15] (Printing Communications Assoc., Inc. (PCAUSA)) S2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation) S1 SAVRT; C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys [324232 2005-02-04] (Symantec Corporation) S1 SAVRTPEL; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys [53896 2005-02-04] (Symantec Corporation) S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [372832 2005-03-30] (Symantec Corporation) S1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) S1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) S3 STAC97; C:\Windows\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.) S3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [11512 2005-04-22] (Symantec Corporation) S3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [123488 2005-05-13] (Symantec Corporation) S3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [173208 2005-04-22] (Symantec Corporation) S3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [36984 2005-04-22] (Symantec Corporation) S3 SYMIDSCO; C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20120126.001\symidsco.sys [270712 2010-09-15] (Symantec Corporation) S3 SYMNDIS; C:\Windows\System32\Drivers\SYMNDIS.SYS [47192 2005-04-22] (Symantec Corporation) S3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [17976 2005-04-22] (Symantec Corporation) S1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [267192 2005-04-22] (Symantec Corporation) S2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25723 2004-08-13] (Sonic Solutions) S2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-08-13] (Sonic Solutions) S2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-08-13] (Sonic Solutions) S2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-08-13] (Sonic Solutions) S2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86202 2004-08-13] (Sonic Solutions) S2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [14715 2004-08-13] (Sonic Solutions) S2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-08-13] (Sonic Solutions) S2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-08-13] (Sonic Solutions) S2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-08-13] (Sonic Solutions) S1 vmm; C:\WINDOWS\system32\drivers\vmm.sys [147040 2003-10-22] (Microsoft Corporation) S3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation) S3 ATICDSDr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ATICDSDr.sys [x] S3 catchme; \??\C:\ComboFix\catchme.sys [x] S4 IntelIde; No ImagePath S3 PCDSRVC{E9D79540-57D5953E-06020200}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [x] S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 UIUSys; system32\drivers\UIUSys.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-28 23:01 - 2013-10-28 23:01 - 00000000 ____D C:\FRST 2013-10-28 17:22 - 2013-10-28 17:22 - 00000072 ____S C:\Kickstarter.exe 2013-10-28 15:18 - 2013-10-28 17:46 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-10-21 18:00 - 2013-10-21 18:00 - 00030976 _____ C:\Windows\System32\Drivers\hitmanpro37.sys 2013-10-21 18:00 - 2013-10-21 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro 2013-10-21 11:27 - 2013-10-21 11:27 - 00212992 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\ykhtbzy.dat 2013-10-21 11:27 - 2013-10-21 11:27 - 00212992 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\enlatig.dat 2013-10-21 11:27 - 2013-10-21 11:27 - 00023552 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll 2013-10-18 18:32 - 2013-10-18 18:32 - 12431360 _____ C:\Documents and Settings\Administrator\My Documents\Meineke Car Care Center of Seabrook NH (Backup Oct 18,2013 06 31 PM).QBB 2013-10-11 12:50 - 2013-10-11 12:50 - 00043008 _____ C:\Documents and Settings\Administrator\My Documents\Immunogen Stock Option.xls 2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$ 2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$ 2013-10-09 03:23 - 2013-10-09 03:24 - 00031299 _____ C:\Windows\KB2862335.log 2013-10-09 03:12 - 2013-10-09 03:12 - 00031662 _____ C:\Windows\KB2868038.log 2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2868038$ 2013-10-09 03:10 - 2013-10-09 03:11 - 00032130 _____ C:\Windows\KB2879017-IE8.log 2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2883150$ 2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$ 2013-10-09 00:28 - 2013-10-09 03:24 - 00053202 _____ C:\Windows\KB2847311.log 2013-10-09 00:27 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbport.sys 2013-10-09 00:27 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbport.sys 2013-10-09 00:27 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys 2013-10-09 00:27 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys 2013-10-09 00:27 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys 2013-10-09 00:27 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys 2013-10-09 00:27 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys 2013-10-09 00:27 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys 2013-10-09 00:27 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irbus.sys 2013-10-09 00:27 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\irbus.sys 2013-10-09 00:27 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys 2013-10-09 00:27 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys 2013-10-09 00:27 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys 2013-10-09 00:27 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys ==================== One Month Modified Files and Folders ======= 2013-10-28 23:01 - 2013-10-28 23:01 - 00000000 ____D C:\FRST 2013-10-28 21:12 - 2002-08-29 08:00 - 00002206 _____ C:\Windows\System32\wpa.dbl 2013-10-28 21:11 - 2007-01-19 15:50 - 00017408 _____ C:\Windows\System32\rpcnetp.dll 2013-10-28 21:11 - 2005-07-07 11:29 - 00058288 _____ (Absolute Software Corp.) C:\Windows\System32\Rpcnet.dll 2013-10-28 21:11 - 2005-02-28 11:26 - 00000159 _____ C:\Windows\wiadebug.log 2013-10-28 21:11 - 2005-02-28 11:26 - 00000050 _____ C:\Windows\wiaservc.log 2013-10-28 21:09 - 2005-07-07 14:17 - 00017408 _____ C:\Windows\System32\Rpcnetp.exe 2013-10-28 17:46 - 2013-10-28 15:18 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-10-28 17:22 - 2013-10-28 17:22 - 00000072 ____S C:\Kickstarter.exe 2013-10-23 03:00 - 2005-02-28 19:15 - 01897539 _____ C:\Windows\WindowsUpdate.log 2013-10-22 22:15 - 2012-11-30 00:17 - 00032576 _____ C:\Windows\SchedLgU.Txt 2013-10-22 21:08 - 2005-03-01 08:37 - 00000000 __SHD C:\Windows\CSC 2013-10-21 18:00 - 2013-10-21 18:00 - 00030976 _____ C:\Windows\System32\Drivers\hitmanpro37.sys 2013-10-21 18:00 - 2013-10-21 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro 2013-10-21 17:13 - 2012-12-10 18:32 - 00218310 _____ C:\Windows\setupapi.log 2013-10-21 11:27 - 2013-10-21 11:27 - 00212992 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\ykhtbzy.dat 2013-10-21 11:27 - 2013-10-21 11:27 - 00212992 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\enlatig.dat 2013-10-21 11:27 - 2013-10-21 11:27 - 00023552 _____ C:\Documents and Settings\Administrator\Local Settings\Application Data\wungche.dll 2013-10-21 11:27 - 2013-09-17 14:19 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2013-10-21 11:27 - 2005-11-04 10:08 - 00000000 ____D C:\Program Files\Google 2013-10-21 11:20 - 2012-10-24 18:12 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Recipes 2013-10-20 20:11 - 2012-11-30 17:46 - 00000071 __RSH C:\Documents and Settings\All Users\Application Data\3002.xml 2013-10-18 18:32 - 2013-10-18 18:32 - 12431360 _____ C:\Documents and Settings\Administrator\My Documents\Meineke Car Care Center of Seabrook NH (Backup Oct 18,2013 06 31 PM).QBB 2013-10-16 12:16 - 2011-01-03 23:43 - 00000000 ____D C:\Meineke 2013-10-15 16:00 - 2011-03-24 11:54 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-14 03:04 - 2011-01-27 23:22 - 00000000 ____D C:\Windows\Microsoft.NET 2013-10-11 12:50 - 2013-10-11 12:50 - 00043008 _____ C:\Documents and Settings\Administrator\My Documents\Immunogen Stock Option.xls 2013-10-09 11:15 - 2012-08-30 08:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-10-09 11:15 - 2012-02-21 17:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-10-09 03:49 - 2005-02-28 11:23 - 00231984 _____ C:\Windows\System32\FNTCACHE.DAT 2013-10-09 03:48 - 2013-06-20 13:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-09 03:46 - 2005-02-28 19:23 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-10-09 03:28 - 2005-02-28 11:24 - 00589046 _____ C:\Windows\System32\PerfStringBackup.INI 2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$ 2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$ 2013-10-09 03:24 - 2013-10-09 03:23 - 00031299 _____ C:\Windows\KB2862335.log 2013-10-09 03:24 - 2013-10-09 00:28 - 00053202 _____ C:\Windows\KB2847311.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00323335 _____ C:\Windows\iis6.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00302961 _____ C:\Windows\FaxSetup.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00144844 _____ C:\Windows\ocgen.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00138230 _____ C:\Windows\tsoc.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00099944 _____ C:\Windows\comsetup.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00091158 _____ C:\Windows\msmqinst.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00060601 _____ C:\Windows\ntdtcsetup.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00053067 _____ C:\Windows\netfxocm.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00045857 _____ C:\Windows\updspapi.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00020825 _____ C:\Windows\MedCtrOC.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00016758 _____ C:\Windows\ocmsn.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00015239 _____ C:\Windows\tabletoc.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00015141 _____ C:\Windows\msgsocm.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00001374 _____ C:\Windows\imsins.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00001374 _____ C:\Windows\imsins.BAK 2013-10-09 03:19 - 2013-08-14 03:21 - 00000000 ____D C:\Windows\System32\MRT 2013-10-09 03:12 - 2013-10-09 03:12 - 00031662 _____ C:\Windows\KB2868038.log 2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\Windows\$NtUninstallKB2868038$ 2013-10-09 03:12 - 2005-05-19 15:36 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-10-09 03:11 - 2013-10-09 03:10 - 00032130 _____ C:\Windows\KB2879017-IE8.log 2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2883150$ 2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$ ZeroAccess: C:\Windows\assembly\GAC\Desktop.ini Files to move or delete: ==================== ZeroAccess: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Desktop\Install ZeroAccess: C:\Program Files\Google\Desktop\Install Some content of TEMP: ==================== C:\Documents and Settings\Administrator\Local Settings\Temp\dotnetfx.exe C:\Documents and Settings\Administrator\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe C:\Documents and Settings\Administrator\Local Settings\Temp\nitro_pro8.exe C:\Documents and Settings\Administrator\Local Settings\Temp\vcredist_x86.exe ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points (XP) ===================== RP: -> 2013-10-22 21:27 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP603 RP: -> 2013-10-21 09:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP602 RP: -> 2013-10-20 08:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP601 RP: -> 2013-10-19 07:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP600 RP: -> 2013-10-18 06:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP599 RP: -> 2013-10-17 05:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP598 RP: -> 2013-10-16 04:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP597 RP: -> 2013-10-15 03:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP596 RP: -> 2013-10-14 03:00 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP595 RP: -> 2013-10-13 06:15 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP594 RP: -> 2013-10-12 05:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP593 RP: -> 2013-10-11 04:03 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP592 RP: -> 2013-10-10 03:53 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP591 RP: -> 2013-10-09 03:00 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP590 RP: -> 2013-10-09 02:18 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP589 RP: -> 2013-10-08 02:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP588 RP: -> 2013-10-07 01:25 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP587 RP: -> 2013-10-06 00:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP586 RP: -> 2013-10-04 23:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP585 RP: -> 2013-10-03 22:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP584 RP: -> 2013-10-02 21:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP583 RP: -> 2013-10-01 20:19 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP582 RP: -> 2013-09-30 20:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP581 RP: -> 2013-09-29 19:19 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP580 RP: -> 2013-09-28 19:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP579 RP: -> 2013-09-27 18:29 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP578 RP: -> 2013-09-26 18:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP577 RP: -> 2013-09-25 17:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP576 RP: -> 2013-09-24 16:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP575 RP: -> 2013-09-23 15:18 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP574 RP: -> 2013-09-22 14:51 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP573 RP: -> 2013-09-21 14:41 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP572 RP: -> 2013-09-20 14:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP571 RP: -> 2013-09-19 13:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP570 RP: -> 2013-09-18 12:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP569 RP: -> 2013-09-17 11:19 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP568 RP: -> 2013-09-16 11:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP567 RP: -> 2013-09-15 10:17 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP566 RP: -> 2013-09-14 09:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP565 RP: -> 2013-09-13 01:41 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP564 RP: -> 2013-09-12 00:29 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP563 RP: -> 2013-09-11 00:08 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP562 RP: -> 2013-09-10 20:32 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP561 RP: -> 2013-09-09 11:09 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP560 RP: -> 2013-09-08 09:58 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP559 RP: -> 2013-09-07 09:47 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP558 RP: -> 2013-09-06 07:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP557 RP: -> 2013-09-05 06:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP556 RP: -> 2013-09-04 05:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP555 RP: -> 2013-09-03 04:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP554 RP: -> 2013-09-02 03:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP553 RP: -> 2013-09-01 02:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP552 RP: -> 2013-08-31 01:42 - 028672 _restore{0663CE10-D990-4347-BFA4-B48BB6442B96}\RP551 ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 2047.36 MB Available physical RAM: 1760.87 MB Total Pagefile: 1878 MB Available Pagefile: 1804.08 MB Total Virtual: 2047.88 MB Available Virtual: 1993.16 MB ==================== Drives ================================ Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS Drive c: () (Fixed) (Total:55.88 GB) (Free:21.34 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (HITMANPRO) (Removable) (Total:0.94 GB) (Free:0.94 GB) FAT32 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 56 GB) (Disk ID: B4D8B4D8) Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 966 MB) (Disk ID: 320327BE) Partition 1: (Active) - (Size=965 MB) - (Type=0B) ==================== End Of Log ====== [/QUOTE]
Insert quotes…
Verification
Post reply
Top