Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Department of Justice Virus
Message
<blockquote data-quote="mgmg74a1" data-source="post: 142353" data-attributes="member: 14328"><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013</p><p>Ran by Administrator (administrator) on CPRAHLD610XP on 30-10-2013 19:07:55</p><p>Running from D:\</p><p>Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Normal</p><p></p><p>==================== Processes (Whitelisted) ===================</p><p></p><p>(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe</p><p>(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe</p><p>(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccProxy.exe</p><p>(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe</p><p>(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe</p><p>(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe</p><p>(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe</p><p>(Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe</p><p>(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe</p><p>(Broadcom Corp.) C:\WINDOWS\system32\basfipm.exe</p><p>(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe</p><p>(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe</p><p>(Oracle Corporation) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe</p><p>(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe</p><p>(Dell Inc.) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe</p><p>(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe</p><p>(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe</p><p>(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe</p><p>(Absolute Software Corp.) C:\WINDOWS\SYSTEM32\Rpcnet.exe</p><p>(symantec) C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe</p><p>(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe</p><p>(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe</p><p>(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe</p><p>(Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\WLKeeper.exe</p><p>(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe</p><p>(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe</p><p>(SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe</p><p>(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe</p><p>(ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe</p><p>(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe</p><p>(Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe</p><p>(Sonic Solutions) C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe</p><p>(Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe</p><p>(Symantec Corporation) C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe</p><p>(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe</p><p>(Hewlett-Packard) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe</p><p>(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe</p><p>(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe</p><p>(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe</p><p>(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe</p><p>(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe</p><p>(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe</p><p>(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe</p><p>(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe</p><p>(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe</p><p>(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe</p><p>(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe</p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-01-11] (ATI Technologies, Inc.)</p><p>HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2004-04-26] (CyberLink Corp.)</p><p>HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [122939 2004-08-13] (Sonic Solutions)</p><p>HKLM\...\Run: [UpdateManager] - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [110592 2004-01-07] (Sonic Solutions)</p><p>HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [155648 2004-09-13] (Alps Electric Co., Ltd.)</p><p>HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [48752 2005-06-02] (Symantec Corporation)</p><p>HKLM\...\Run: [vptray] - C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe [85696 2005-06-23] (Symantec Corporation)</p><p>HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [77824 2005-08-16] (Apple Computer, Inc.)</p><p>HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.)</p><p>HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-08] (Intuit Inc. All rights reserved.)</p><p>HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)</p><p>HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3578272 2011-10-05] (Safer-Networking Ltd.)</p><p>HKLM\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3025304 2011-10-05] (Safer-Networking Ltd.)</p><p>HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel(R) Corporation)</p><p>HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel(R) Corporation)</p><p>HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)</p><p>HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)</p><p>Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)</p><p>Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)</p><p>HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1</p><p>HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)</p><p>HKU\CPrahl\...\Run: [SpeedswitchXP] - C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe</p><p>HKU\CPrahl\...\Policies\system: [HideLegacyLogonScripts] 1</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk</p><p>ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk</p><p>ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk</p><p>ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk</p><p>ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.)</p><p>BootExecute: autocheck autochk * sdnclean.exe</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/</p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com</p><p>URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.</p><p>URLSearchHook: HKCU - ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Freecorder 6\tbhelper.dll ()</p><p>SearchScopes: HKLM - {0A0BF877-1BFB-4B1F-BB65-ACCA3A0D89F4} URL = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c</p><p>SearchScopes: HKLM - {19FDEA85-EAB3-4E11-810F-E92FAA89F5BC} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c</p><p>SearchScopes: HKLM - {1D9EE092-03F7-4B79-8775-2515BE150853} URL = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c</p><p>SearchScopes: HKLM - {2D20C484-D09F-45BE-94B1-FEC626F24A87} URL = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c</p><p>SearchScopes: HKLM - {4FABB07C-2440-45C3-9F40-549BF7DFD198} URL = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c</p><p>SearchScopes: HKLM - {62C7F791-E378-4268-A8A7-AD35B7A909CE} URL = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c</p><p>SearchScopes: HKLM - {FBC6B876-59D0-4EFD-B787-233A38FF25D2} URL = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c</p><p>SearchScopes: HKCU - DefaultScope {D817F51A-797C-40CB-A78C-BF38458DFC1D} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c</p><p>SearchScopes: HKCU - {04BE0E81-D39F-472F-855F-88EC39D5FC86} URL = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c</p><p>SearchScopes: HKCU - {19FDEA85-EAB3-4E11-810F-E92FAA89F5BC} URL = </p><p>SearchScopes: HKCU - {4AFFD502-BBD4-489B-9DDE-174FF446F6FD} URL = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c</p><p>SearchScopes: HKCU - {684368DD-98CE-4847-9D95-B09C32169682} URL = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c</p><p>SearchScopes: HKCU - {6AAF9ADD-0E77-4F9C-9B47-6427BC486F5D} URL = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c</p><p>SearchScopes: HKCU - {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=1FE9CA4001CCFA1E13F3B230&install_time=2012-03-04T15:49:38Z&src_id=30304&camp_id=3533&tb_version=1.1.3001.0(B)</p><p>SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3131886</p><p>SearchScopes: HKCU - {D18B4302-7AAF-4AD7-81CB-EA477C65AAB3} URL = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c</p><p>SearchScopes: HKCU - {D817F51A-797C-40CB-A78C-BF38458DFC1D} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c</p><p>SearchScopes: HKCU - {EBA0BC1C-72A2-4B0C-989D-47CB45F1446C} URL = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c</p><p>SearchScopes: HKCU - {EF9D57BA-E979-4202-A136-73F1A40337AE} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=A3EA745B-1B20-4C57-A243-B527E000673F&apn_sauid=F8D53695-1979-4292-9D79-D722470F1F8C</p><p>BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)</p><p>BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)</p><p>BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)</p><p>BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)</p><p>BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)</p><p>BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)</p><p>BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)</p><p>BHO: No Name - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - No File</p><p>BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)</p><p>BHO: TBSB00808 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Freecorder 6\tbcore3.dll ()</p><p>BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)</p><p>Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)</p><p>Toolbar: HKLM - Freecorder 6 - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files\Freecorder 6\tbcore3.dll ()</p><p>Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)</p><p>Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)</p><p>Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)</p><p>Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File</p><p>Toolbar: HKCU - Freecorder 6 - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files\Freecorder 6\tbcore3.dll ()</p><p>Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab</p><p>DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab</p><p>DPF: {0FDE699D-DB36-11D3-9F88-0050046F7885} http://wfcdemo/admin/Download/selfBenefitEventPages.CAB</p><p>DPF: {1627BB68-415A-4329-A3A6-7C0B8D850F07} http://wfcdemo/admin/Download/PITSaveOptions.CAB</p><p>DPF: {1A757344-ABCF-11D2-9018-006008B02CCA} http://wfcdemo/admin/Download/SystemSettings.CAB</p><p>DPF: {2452EE65-F378-4202-AFCA-075D150A6C90} http://wfcdemo/admin/Download/ActionsEditor.CAB</p><p>DPF: {2D6F995F-ABD2-11D2-9018-006008B02CCA} http://wfcdemo/admin/Download/MenuTreeX.CAB</p><p>DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} http://download.infotriever.com/bin/ifhelper.cab</p><p>DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab</p><p>DPF: {5C62BA7F-2EC1-11D1-BE6B-00600831F894} http://aschmidt/admin/download/SVRREG.CAB</p><p>DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120569570659</p><p>DPF: {681DE5FC-ABDC-11D2-9018-006008B02CCA} http://wfcdemo/admin/Download/Security.cab</p><p>DPF: {6F745ACF-CDB4-11D2-91D0-00600831F990} http://wfcdemo/admin/Download/HrPersonal.CAB</p><p>DPF: {7417038B-747A-11D4-9FB5-0050046F7885} http://wfcdemo/admin/Download/selfProfileSettings.CAB</p><p>DPF: {7c2c94f0-7991-42b4-8d5f-4cb15b490657} </p><p>DPF: {85FA5E07-AA7E-11D2-9B53-00600831F0E4} http://wfcdemo/admin/Download/HRMSCONTROLS111.CAB</p><p>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab</p><p>DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB</p><p>DPF: {b13d8b3e-04a8-406f-bd35-07530d4a62dc} http://testapp.kronos.com:8002/jinitiator/oajinit.exe</p><p>DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} http://kronosnow.kronos.com/main/Install/en/US/CentraDownloader.cab</p><p>DPF: {B3F8F451-788A-11D0-89D9-00A0C90C9B67} http://wfcdemo/admin/Download/mcsitree.cab</p><p>DPF: {BE87196E-AA7C-11D2-9B53-00600831F0E4} http://aschmidt/admin/Download/Support.CAB</p><p>DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB</p><p>DPF: {C253F5F2-A4D0-11D2-9B53-00600831F0E4} http://wfcdemo/admin/Download/HRMSErrMessage.CAB</p><p>DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://wtk-web/WFC/plugins/j2re-1_3_1_02-win.exe</p><p>DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://time.kronos.com/wfcstatic/plugins/j2re-1_4_2_06-windows-i586-p.exe</p><p>DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://time.kronos.com/wfcstatic/plugins/jre-1_5_0_01-windows-i586-p.exe</p><p>DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab</p><p>DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab</p><p>DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll</p><p>Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)</p><p>Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)</p><p>Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)</p><p>Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"</p><p>Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"</p><p>Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)</p><p>Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76</p><p></p><p>FireFox:</p><p>========</p><p>FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default</p><p>FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\user.js</p><p>FF DefaultSearchEngine: Vgrabber1 Customized Web Search</p><p>FF SearchEngineOrder.1: Ask.com</p><p>FF SelectedSearchEngine: ALOT Search</p><p>FF Homepage: hxxp://search.conduit.com/?CUI=UN15273160788479323&ctid=CT3131886&SearchSource=13</p><p>FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3131886&SearchSource=2&CUI=UN15273160788479323&UM=false&q=</p><p>FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()</p><p>FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)</p><p>FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)</p><p>FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)</p><p>FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)</p><p>FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)</p><p>FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\searchplugins\alot-search.xml</p><p>FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\searchplugins\askcom.xml</p><p>FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\searchplugins\conduit.xml</p><p>FF Extension: ALOT Appbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\Extensions\appbar@alot.com</p><p>FF Extension: Freecorder 6 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\Extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC}</p><p>FF Extension: Vgrabber1 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\Extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058}</p><p>FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\</p><p>FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\</p><p>FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2</p><p>FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2</p><p>FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2</p><p>FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>R2 BAsfIpM; C:\WINDOWS\system32\basfipm.exe [77824 2004-04-01] (Broadcom Corp.)</p><p>R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [185968 2005-06-02] (Symantec Corporation)</p><p>R2 ccProxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [239216 2005-06-02] (Symantec Corporation)</p><p>S3 ccPwdSvc; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [83568 2005-06-02] (Symantec Corporation)</p><p>R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [161392 2005-06-02] (Symantec Corporation)</p><p>R2 DefWatch; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [19648 2005-06-23] (Symantec Corporation)</p><p>R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-10-30] (SurfRight B.V.)</p><p>R2 ISSVC; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [79488 2005-06-23] (Symantec Corporation)</p><p>R2 NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [356352 2005-03-03] (Dell Inc.)</p><p>R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.)</p><p>R2 Rpcnet; C:\Windows\SYSTEM32\Rpcnet.exe [58288 2012-10-19] (Absolute Software Corp.)</p><p>R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel(R) Corporation)</p><p>R2 SavRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [124608 2005-06-23] (symantec)</p><p>R2 SDHookService; C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe [130976 2011-10-05] (Safer-Networking Ltd.)</p><p>R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [892336 2011-10-05] (Safer-Networking Ltd.)</p><p>R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [955816 2011-10-05] (Safer-Networking Ltd.)</p><p>R2 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206552 2005-04-22] (Symantec Corporation)</p><p>S3 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [992864 2005-03-30] (Symantec Corporation)</p><p>R2 Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [1715904 2005-06-23] (Symantec Corporation)</p><p>R2 SymSecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [198272 2005-06-23] (Symantec Corporation)</p><p>R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel(R) Corporation)</p><p>R2 JavaQuickStarterService; "C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe" -service -config "C:\Program Files\Oracle\JavaFX 2.1 Runtime\lib\deploy\jqs\jqs.conf"</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>R3 Appdrv; C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys [16128 2004-06-30] (Dell Inc)</p><p>R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [156160 2006-05-10] (Broadcom Corporation)</p><p>R2 BASFND; C:\WINDOWS\system32\Drivers\BASFND.sys [6025 2003-04-24] (Broadcom Corporation)</p><p>R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2004-08-13] (Sonic Solutions)</p><p>R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-11-10] (Symantec Corporation)</p><p>U3 EraserUtilDrvI13; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys [106104 2011-12-14] (Symantec Corporation)</p><p>R3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [80384 2004-05-03] (Texas Instruments)</p><p>S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)</p><p>S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)</p><p>S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-02-26] (HP)</p><p>R3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [200064 2004-06-17] (Conexant Systems, Inc.)</p><p>S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation)</p><p>R3 NAVENG; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120131.003\naveng.sys [86136 2011-12-14] (Symantec Corporation)</p><p>R3 NAVEX15; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120131.003\navex15.sys [1576312 2011-12-14] (Symantec Corporation)</p><p>S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16068 2000-10-15] (Printing Communications Assoc., Inc. (PCAUSA))</p><p>R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation)</p><p>R1 SAVRT; C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys [324232 2005-02-04] (Symantec Corporation)</p><p>R1 SAVRTPEL; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys [53896 2005-02-04] (Symantec Corporation)</p><p>S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [372832 2005-03-30] (Symantec Corporation)</p><p>R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions)</p><p>R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions)</p><p>R3 STAC97; C:\Windows\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)</p><p>R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [11512 2005-04-22] (Symantec Corporation)</p><p>R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [123488 2005-05-13] (Symantec Corporation)</p><p>R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [173208 2005-04-22] (Symantec Corporation)</p><p>R3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [36984 2005-04-22] (Symantec Corporation)</p><p>R3 SYMIDSCO; C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20120126.001\symidsco.sys [270712 2010-09-15] (Symantec Corporation)</p><p>R3 SYMNDIS; C:\Windows\System32\Drivers\SYMNDIS.SYS [47192 2005-04-22] (Symantec Corporation)</p><p>R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [17976 2005-04-22] (Symantec Corporation)</p><p>R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [267192 2005-04-22] (Symantec Corporation)</p><p>R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25723 2004-08-13] (Sonic Solutions)</p><p>R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-08-13] (Sonic Solutions)</p><p>R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-08-13] (Sonic Solutions)</p><p>R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-08-13] (Sonic Solutions)</p><p>R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86202 2004-08-13] (Sonic Solutions)</p><p>R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [14715 2004-08-13] (Sonic Solutions)</p><p>R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-08-13] (Sonic Solutions)</p><p>R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-08-13] (Sonic Solutions)</p><p>R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-08-13] (Sonic Solutions)</p><p>R1 vmm; C:\WINDOWS\system32\drivers\vmm.sys [147040 2003-10-22] (Microsoft Corporation)</p><p>R3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation)</p><p>S3 ATICDSDr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ATICDSDr.sys [x]</p><p>S3 catchme; \??\C:\ComboFix\catchme.sys [x]</p><p>S4 IntelIde; No ImagePath</p><p>S3 PCDSRVC{E9D79540-57D5953E-06020200}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [x]</p><p>U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)</p><p>S3 UIUSys; system32\drivers\UIUSys.sys [x]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-10-30 19:02 - 2013-10-30 19:02 - 00130968 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat</p><p>2013-10-30 18:55 - 2013-10-30 18:55 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\CC Support</p><p>2013-10-30 18:53 - 2013-10-30 18:53 - 04009167 _____ C:\Documents and Settings\Administrator\My Documents\ServicesRepair.exe</p><p>2013-10-30 17:06 - 2013-10-30 17:07 - 00002785 _____ C:\Documents and Settings\Administrator\Desktop\FSS.txt</p><p>2013-10-30 17:00 - 2013-10-30 17:00 - 00001610 _____ C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk</p><p>2013-10-30 17:00 - 2013-10-30 17:00 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2013-10-30 17:00 - 2013-10-30 17:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro</p><p>2013-10-30 16:52 - 2013-10-30 16:52 - 00090112 _____ C:\WINDOWS\Minidump\Mini103013-01.dmp</p><p>2013-10-28 23:01 - 2013-10-28 23:01 - 00000000 ____D C:\FRST</p><p>2013-10-28 17:22 - 2013-10-28 17:22 - 00000072 ____S C:\Kickstarter.exe</p><p>2013-10-28 15:18 - 2013-10-28 17:46 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0</p><p>2013-10-21 18:00 - 2013-10-30 17:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>2013-10-18 18:32 - 2013-10-18 18:32 - 12431360 _____ C:\Documents and Settings\Administrator\My Documents\Meineke Car Care Center of Seabrook NH (Backup Oct 18,2013 06 31 PM).QBB</p><p>2013-10-11 12:50 - 2013-10-11 12:50 - 00043008 _____ C:\Documents and Settings\Administrator\My Documents\Immunogen Stock Option.xls</p><p>2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$</p><p>2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$</p><p>2013-10-09 03:23 - 2013-10-09 03:24 - 00031299 _____ C:\WINDOWS\KB2862335.log</p><p>2013-10-09 03:12 - 2013-10-09 03:12 - 00031662 _____ C:\WINDOWS\KB2868038.log</p><p>2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$</p><p>2013-10-09 03:10 - 2013-10-09 03:11 - 00032130 _____ C:\WINDOWS\KB2879017-IE8.log</p><p>2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$</p><p>2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$</p><p>2013-10-09 00:28 - 2013-10-09 03:24 - 00053202 _____ C:\WINDOWS\KB2847311.log</p><p>2013-10-09 00:27 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys</p><p>2013-10-09 00:27 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys</p><p>2013-10-09 00:27 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys</p><p>2013-10-09 00:27 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys</p><p>2013-10-09 00:27 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys</p><p>2013-10-09 00:27 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys</p><p>2013-10-09 00:27 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-10-30 19:08 - 2005-02-28 19:15 - 01921839 _____ C:\WINDOWS\WindowsUpdate.log</p><p>2013-10-30 19:05 - 2013-09-17 14:19 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-10-30 19:05 - 2012-02-02 12:03 - 00000326 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job</p><p>2013-10-30 19:05 - 2002-08-29 08:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl</p><p>2013-10-30 19:04 - 2005-07-07 14:17 - 00017408 _____ C:\WINDOWS\system32\Rpcnetp.exe</p><p>2013-10-30 19:04 - 2005-07-07 11:29 - 00058288 _____ (Absolute Software Corp.) C:\WINDOWS\system32\Rpcnet.dll</p><p>2013-10-30 19:04 - 2005-02-28 17:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT</p><p>2013-10-30 19:04 - 2005-02-28 11:26 - 00000159 _____ C:\WINDOWS\wiadebug.log</p><p>2013-10-30 19:04 - 2005-02-28 11:26 - 00000050 _____ C:\WINDOWS\wiaservc.log</p><p>2013-10-30 19:02 - 2013-10-30 19:02 - 00130968 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat</p><p>2013-10-30 19:02 - 2012-11-30 00:17 - 00032576 _____ C:\WINDOWS\SchedLgU.Txt</p><p>2013-10-30 19:02 - 2012-02-02 13:06 - 00524288 _____ C:\WINDOWS\system32\config\SpybotSD.evt</p><p>2013-10-30 19:02 - 2005-07-05 09:04 - 00000040 _____ C:\WINDOWS\system32\profile.dat</p><p>2013-10-30 19:02 - 2005-02-28 19:23 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini</p><p>2013-10-30 18:55 - 2013-10-30 18:55 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\CC Support</p><p>2013-10-30 18:53 - 2013-10-30 18:53 - 04009167 _____ C:\Documents and Settings\Administrator\My Documents\ServicesRepair.exe</p><p>2013-10-30 18:36 - 2013-09-17 14:19 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-10-30 18:15 - 2012-08-30 08:03 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job</p><p>2013-10-30 17:09 - 2013-10-21 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>2013-10-30 17:07 - 2013-10-30 17:06 - 00002785 _____ C:\Documents and Settings\Administrator\Desktop\FSS.txt</p><p>2013-10-30 17:00 - 2013-10-30 17:00 - 00001610 _____ C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk</p><p>2013-10-30 17:00 - 2013-10-30 17:00 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2013-10-30 17:00 - 2013-10-30 17:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro</p><p>2013-10-30 16:54 - 2007-01-19 15:50 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.dll</p><p>2013-10-30 16:53 - 2005-03-01 08:37 - 00000000 __SHD C:\WINDOWS\CSC</p><p>2013-10-30 16:52 - 2013-10-30 16:52 - 00090112 _____ C:\WINDOWS\Minidump\Mini103013-01.dmp</p><p>2013-10-30 16:52 - 2012-02-16 04:33 - 00000000 ____D C:\WINDOWS\Minidump</p><p>2013-10-30 14:16 - 2012-11-30 17:46 - 00000071 __RSH C:\Documents and Settings\All Users\Application Data\3002.xml</p><p>2013-10-28 23:01 - 2013-10-28 23:01 - 00000000 ____D C:\FRST</p><p>2013-10-28 17:46 - 2013-10-28 15:18 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0</p><p>2013-10-28 17:22 - 2013-10-28 17:22 - 00000072 ____S C:\Kickstarter.exe</p><p>2013-10-21 17:13 - 2012-12-10 18:32 - 00218310 _____ C:\WINDOWS\setupapi.log</p><p>2013-10-21 11:27 - 2013-09-17 14:19 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google</p><p>2013-10-21 11:27 - 2005-11-04 10:08 - 00000000 ____D C:\Program Files\Google</p><p>2013-10-21 11:20 - 2012-10-24 18:12 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Recipes</p><p>2013-10-18 18:32 - 2013-10-18 18:32 - 12431360 _____ C:\Documents and Settings\Administrator\My Documents\Meineke Car Care Center of Seabrook NH (Backup Oct 18,2013 06 31 PM).QBB</p><p>2013-10-17 10:30 - 2012-02-02 12:03 - 00000326 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job</p><p>2013-10-17 09:45 - 2012-02-16 15:01 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job</p><p>2013-10-16 12:16 - 2011-01-03 23:43 - 00000000 ____D C:\Meineke</p><p>2013-10-15 16:00 - 2011-03-24 11:54 - 00000000 ____D C:\Program Files\Mozilla Firefox</p><p>2013-10-14 03:04 - 2011-01-27 23:22 - 00000000 ____D C:\WINDOWS\Microsoft.NET</p><p>2013-10-11 12:50 - 2013-10-11 12:50 - 00043008 _____ C:\Documents and Settings\Administrator\My Documents\Immunogen Stock Option.xls</p><p>2013-10-09 11:15 - 2012-08-30 08:02 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe</p><p>2013-10-09 11:15 - 2012-02-21 17:25 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl</p><p>2013-10-09 03:49 - 2005-02-28 11:23 - 00231984 _____ C:\WINDOWS\system32\FNTCACHE.DAT</p><p>2013-10-09 03:48 - 2013-06-20 13:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service</p><p>2013-10-09 03:28 - 2005-02-28 11:24 - 00589046 _____ C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$</p><p>2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$</p><p>2013-10-09 03:24 - 2013-10-09 03:23 - 00031299 _____ C:\WINDOWS\KB2862335.log</p><p>2013-10-09 03:24 - 2013-10-09 00:28 - 00053202 _____ C:\WINDOWS\KB2847311.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00323335 _____ C:\WINDOWS\iis6.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00302961 _____ C:\WINDOWS\FaxSetup.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00144844 _____ C:\WINDOWS\ocgen.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00138230 _____ C:\WINDOWS\tsoc.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00099944 _____ C:\WINDOWS\comsetup.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00091158 _____ C:\WINDOWS\msmqinst.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00060601 _____ C:\WINDOWS\ntdtcsetup.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00053067 _____ C:\WINDOWS\netfxocm.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00045857 _____ C:\WINDOWS\updspapi.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00020825 _____ C:\WINDOWS\MedCtrOC.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00016758 _____ C:\WINDOWS\ocmsn.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00015239 _____ C:\WINDOWS\tabletoc.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00015141 _____ C:\WINDOWS\msgsocm.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00001374 _____ C:\WINDOWS\imsins.log</p><p>2013-10-09 03:24 - 2012-12-12 04:07 - 00001374 _____ C:\WINDOWS\imsins.BAK</p><p>2013-10-09 03:19 - 2013-08-14 03:21 - 00000000 ____D C:\WINDOWS\system32\MRT</p><p>2013-10-09 03:12 - 2013-10-09 03:12 - 00031662 _____ C:\WINDOWS\KB2868038.log</p><p>2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$</p><p>2013-10-09 03:12 - 2005-05-19 15:36 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe</p><p>2013-10-09 03:11 - 2013-10-09 03:10 - 00032130 _____ C:\WINDOWS\KB2879017-IE8.log</p><p>2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$</p><p>2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$</p><p>2013-10-01 11:00 - 2012-02-02 12:03 - 00000334 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job</p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="mgmg74a1, post: 142353, member: 14328"] Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013 Ran by Administrator (administrator) on CPRAHLD610XP on 30-10-2013 19:07:55 Running from D:\ Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\S24EvMon.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccProxy.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Microsoft Corporation) C:\WINDOWS\System32\SCardSvr.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Broadcom Corp.) C:\WINDOWS\system32\basfipm.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Oracle Corporation) C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe (Dell Inc.) C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe (Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe (Absolute Software Corp.) C:\WINDOWS\SYSTEM32\Rpcnet.exe (symantec) C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe (Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation) C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\WLKeeper.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (SurfRight B.V.) C:\Program Files\HitmanPro\HitmanPro.exe (ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies, Inc.) C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (Sonic Solutions) C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions) C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe (Symantec Corporation) C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation) C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\HPWuSchd2.exe (Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apntex.exe (Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe (Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [ATIPTA] - C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe [344064 2005-01-11] (ATI Technologies, Inc.) HKLM\...\Run: [DVDLauncher] - C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe [53248 2004-04-26] (CyberLink Corp.) HKLM\...\Run: [dla] - C:\WINDOWS\system32\dla\tfswctrl.exe [122939 2004-08-13] (Sonic Solutions) HKLM\...\Run: [UpdateManager] - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [110592 2004-01-07] (Sonic Solutions) HKLM\...\Run: [Apoint] - C:\Program Files\Apoint\Apoint.exe [155648 2004-09-13] (Alps Electric Co., Ltd.) HKLM\...\Run: [ccApp] - C:\Program Files\Common Files\Symantec Shared\ccApp.exe [48752 2005-06-02] (Symantec Corporation) HKLM\...\Run: [vptray] - C:\Program Files\Symantec Client Security\Symantec AntiVirus\VPTray.exe [85696 2005-06-23] (Symantec Corporation) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [77824 2005-08-16] (Apple Computer, Inc.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [252296 2012-01-17] (Sun Microsystems, Inc.) HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-08] (Intuit Inc. All rights reserved.) HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [54840 2007-05-08] (Hewlett-Packard) HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [3578272 2011-10-05] (Safer-Networking Ltd.) HKLM\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3025304 2011-10-05] (Safer-Networking Ltd.) HKLM\...\Run: [IntelZeroConfig] - C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe [1372160 2009-11-03] (Intel(R) Corporation) HKLM\...\Run: [IntelWireless] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1202448 2009-11-03] (Intel(R) Corporation) HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.) HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.) Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.) Winlogon\Notify\NavLogon: C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation) HKLM\...\Policies\Explorer: [NoWelcomeScreen] 1 HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path) HKU\CPrahl\...\Run: [SpeedswitchXP] - C:\Program Files\SpeedswitchXP\SpeedswitchXP.exe HKU\CPrahl\...\Policies\system: [HideLegacyLogonScripts] 1 Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Intuit Data Protect.lnk ShortcutTarget: Intuit Data Protect.lnk -> C:\Program Files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk ShortcutTarget: QuickBooks Update Agent.lnk -> C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\QuickBooks_Standard_21.lnk ShortcutTarget: QuickBooks_Standard_21.lnk -> C:\Program Files\Intuit\QuickBooks 2011\QBW32.EXE (Intuit Inc.) BootExecute: autocheck autochk * sdnclean.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com URLSearchHook: ATTENTION ==> Default URLSearchHook is missing. URLSearchHook: HKCU - ToolbarURLSearchHook Class - {CA3EB689-8F09-4026-AA10-B9534C691CE0} - C:\Program Files\Freecorder 6\tbhelper.dll () SearchScopes: HKLM - {0A0BF877-1BFB-4B1F-BB65-ACCA3A0D89F4} URL = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c SearchScopes: HKLM - {19FDEA85-EAB3-4E11-810F-E92FAA89F5BC} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c SearchScopes: HKLM - {1D9EE092-03F7-4B79-8775-2515BE150853} URL = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c SearchScopes: HKLM - {2D20C484-D09F-45BE-94B1-FEC626F24A87} URL = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c SearchScopes: HKLM - {4FABB07C-2440-45C3-9F40-549BF7DFD198} URL = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c SearchScopes: HKLM - {62C7F791-E378-4268-A8A7-AD35B7A909CE} URL = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c SearchScopes: HKLM - {FBC6B876-59D0-4EFD-B787-233A38FF25D2} URL = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c SearchScopes: HKCU - DefaultScope {D817F51A-797C-40CB-A78C-BF38458DFC1D} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c SearchScopes: HKCU - {04BE0E81-D39F-472F-855F-88EC39D5FC86} URL = http://video.yahoo.com/video/search?p={searchTerms}&fr=yie7c SearchScopes: HKCU - {19FDEA85-EAB3-4E11-810F-E92FAA89F5BC} URL = SearchScopes: HKCU - {4AFFD502-BBD4-489B-9DDE-174FF446F6FD} URL = http://local.yahoo.com/results?stx={searchTerms}&fr=yie7c SearchScopes: HKCU - {684368DD-98CE-4847-9D95-B09C32169682} URL = http://shopping.yahoo.com/search?p={searchTerms}&fr=yie7c SearchScopes: HKCU - {6AAF9ADD-0E77-4F9C-9B47-6427BC486F5D} URL = http://news.search.yahoo.com/search/news?p={searchTerms}&fr=yie7c SearchScopes: HKCU - {A531D99C-5A22-449b-83DA-872725C6D0ED} URL = http://search.alot.com/web?q={searchTerms}&pr=prov&client_id=1FE9CA4001CCFA1E13F3B230&install_time=2012-03-04T15:49:38Z&src_id=30304&camp_id=3533&tb_version=1.1.3001.0(B) SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3131886 SearchScopes: HKCU - {D18B4302-7AAF-4AD7-81CB-EA477C65AAB3} URL = http://images.search.yahoo.com/search/images?p={searchTerms}&fr=yie7c SearchScopes: HKCU - {D817F51A-797C-40CB-A78C-BF38458DFC1D} URL = http://search.yahoo.com/search?p={searchTerms}&fr=yie7c SearchScopes: HKCU - {EBA0BC1C-72A2-4B0C-989D-47CB45F1446C} URL = http://answers.yahoo.com/search/search_result?p={searchTerms}&fr=yie7c SearchScopes: HKCU - {EF9D57BA-E979-4202-A136-73F1A40337AE} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000031&src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=TV&apn_dtid=OSJ000YYUS&apn_uid=A3EA745B-1B20-4C57-A243-B527E000673F&apn_sauid=F8D53695-1979-4292-9D79-D722470F1F8C BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: No Name - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - No File BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) BHO: TBSB00808 Class - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - C:\Program Files\Freecorder 6\tbcore3.dll () BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) Toolbar: HKLM - Freecorder 6 - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files\Freecorder 6\tbcore3.dll () Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) Toolbar: HKCU - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.) Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKCU - Freecorder 6 - {6B34ACCF-1B63-4E1A-8633-461917C75544} - C:\Program Files\Freecorder 6\tbcore3.dll () Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://www.apple.com/qtactivex/qtplugin.cab DPF: {0FDE699D-DB36-11D3-9F88-0050046F7885} http://wfcdemo/admin/Download/selfBenefitEventPages.CAB DPF: {1627BB68-415A-4329-A3A6-7C0B8D850F07} http://wfcdemo/admin/Download/PITSaveOptions.CAB DPF: {1A757344-ABCF-11D2-9018-006008B02CCA} http://wfcdemo/admin/Download/SystemSettings.CAB DPF: {2452EE65-F378-4202-AFCA-075D150A6C90} http://wfcdemo/admin/Download/ActionsEditor.CAB DPF: {2D6F995F-ABD2-11D2-9018-006008B02CCA} http://wfcdemo/admin/Download/MenuTreeX.CAB DPF: {36E4E9BC-4D0C-41B4-90C9-37AFDBFAAD3C} http://download.infotriever.com/bin/ifhelper.cab DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc2.cab DPF: {5C62BA7F-2EC1-11D1-BE6B-00600831F894} http://aschmidt/admin/download/SVRREG.CAB DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120569570659 DPF: {681DE5FC-ABDC-11D2-9018-006008B02CCA} http://wfcdemo/admin/Download/Security.cab DPF: {6F745ACF-CDB4-11D2-91D0-00600831F990} http://wfcdemo/admin/Download/HrPersonal.CAB DPF: {7417038B-747A-11D4-9FB5-0050046F7885} http://wfcdemo/admin/Download/selfProfileSettings.CAB DPF: {7c2c94f0-7991-42b4-8d5f-4cb15b490657} DPF: {85FA5E07-AA7E-11D2-9B53-00600831F0E4} http://wfcdemo/admin/Download/HRMSCONTROLS111.CAB DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/products/plugin/autodl/jinstall-150-windows-i586.cab DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} http://xserv.dell.com/DellDriverScanner/DellSystem.CAB DPF: {b13d8b3e-04a8-406f-bd35-07530d4a62dc} http://testapp.kronos.com:8002/jinitiator/oajinit.exe DPF: {B24F0664-7DDA-40B6-B38C-A4FD68DE8685} http://kronosnow.kronos.com/main/Install/en/US/CentraDownloader.cab DPF: {B3F8F451-788A-11D0-89D9-00A0C90C9B67} http://wfcdemo/admin/Download/mcsitree.cab DPF: {BE87196E-AA7C-11D2-9B53-00600831F0E4} http://aschmidt/admin/Download/Support.CAB DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} http://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {C253F5F2-A4D0-11D2-9B53-00600831F0E4} http://wfcdemo/admin/Download/HRMSErrMessage.CAB DPF: {CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA} http://wtk-web/WFC/plugins/j2re-1_3_1_02-win.exe DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://time.kronos.com/wfcstatic/plugins/j2re-1_4_2_06-windows-i586-p.exe DPF: {CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA} http://time.kronos.com/wfcstatic/plugins/jre-1_5_0_01-windows-i586-p.exe DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll Handler: intu-help-qb4 - {ACE22922-D07C-4860-B51B-8CF472FEC2CB} - C:\Program Files\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.) Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation) Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 03 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll" Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default FF user.js: detected! => C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\user.js FF DefaultSearchEngine: Vgrabber1 Customized Web Search FF SearchEngineOrder.1: Ask.com FF SelectedSearchEngine: ALOT Search FF Homepage: hxxp://search.conduit.com/?CUI=UN15273160788479323&ctid=CT3131886&SearchSource=13 FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3131886&SearchSource=2&CUI=UN15273160788479323&UM=false&q= FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Administrator\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online) FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\searchplugins\alot-search.xml FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\searchplugins\askcom.xml FF SearchPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\searchplugins\conduit.xml FF Extension: ALOT Appbar - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\Extensions\appbar@alot.com FF Extension: Freecorder 6 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\Extensions\{132E58DE-22BF-44CA-A061-7FCE1E8BA1EC} FF Extension: Vgrabber1 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c9vhkzej.default\Extensions\{f9bbf004-6e40-4019-8214-c43a37e1d058} FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn2 ========================== Services (Whitelisted) ================= R2 BAsfIpM; C:\WINDOWS\system32\basfipm.exe [77824 2004-04-01] (Broadcom Corp.) R2 ccEvtMgr; C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe [185968 2005-06-02] (Symantec Corporation) R2 ccProxy; C:\Program Files\Common Files\Symantec Shared\ccProxy.exe [239216 2005-06-02] (Symantec Corporation) S3 ccPwdSvc; C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe [83568 2005-06-02] (Symantec Corporation) R2 ccSetMgr; C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe [161392 2005-06-02] (Symantec Corporation) R2 DefWatch; C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe [19648 2005-06-23] (Symantec Corporation) R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106280 2013-10-30] (SurfRight B.V.) R2 ISSVC; C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe [79488 2005-06-23] (Symantec Corporation) R2 NICCONFIGSVC; C:\Program Files\Dell\NICCONFIGSVC\NICCONFIGSVC.exe [356352 2005-03-03] (Dell Inc.) R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-06-30] (Intuit Inc.) R2 Rpcnet; C:\Windows\SYSTEM32\Rpcnet.exe [58288 2012-10-19] (Absolute Software Corp.) R2 S24EventMonitor; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [909312 2009-11-03] (Intel(R) Corporation) R2 SavRoam; C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe [124608 2005-06-23] (symantec) R2 SDHookService; C:\Program Files\Spybot - Search & Destroy 2\SDHookSvc.exe [130976 2011-10-05] (Safer-Networking Ltd.) R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [892336 2011-10-05] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [955816 2011-10-05] (Safer-Networking Ltd.) R2 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206552 2005-04-22] (Symantec Corporation) S3 SPBBCSvc; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe [992864 2005-03-30] (Symantec Corporation) R2 Symantec AntiVirus; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe [1715904 2005-06-23] (Symantec Corporation) R2 SymSecurePort; C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe [198272 2005-06-23] (Symantec Corporation) R2 WLANKEEPER; C:\Program Files\Intel\WiFi\bin\WLKeeper.exe [348160 2009-11-03] (Intel(R) Corporation) R2 JavaQuickStarterService; "C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jqs.exe" -service -config "C:\Program Files\Oracle\JavaFX 2.1 Runtime\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== R3 Appdrv; C:\Program Files\Dell\NICCONFIGSVC\Appdrv.sys [16128 2004-06-30] (Dell Inc) R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [156160 2006-05-10] (Broadcom Corporation) R2 BASFND; C:\WINDOWS\system32\Drivers\BASFND.sys [6025 2003-04-24] (Broadcom Corporation) R2 drvnddm; C:\Windows\System32\drivers\drvnddm.sys [40544 2004-08-13] (Sonic Solutions) R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-11-10] (Symantec Corporation) U3 EraserUtilDrvI13; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilDrvI13.sys [106104 2011-12-14] (Symantec Corporation) R3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [80384 2004-05-03] (Texas Instruments) S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP) S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-02-26] (HP) R3 HSFHWICH; C:\Windows\System32\DRIVERS\HSFHWICH.sys [200064 2004-06-17] (Conexant Systems, Inc.) S3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [25112 2010-07-29] (Initio Corporation) R3 NAVENG; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120131.003\naveng.sys [86136 2011-12-14] (Symantec Corporation) R3 NAVEX15; C:\PROGRA~1\COMMON~1\SYMANT~1\VIRUSD~1\20120131.003\navex15.sys [1576312 2011-12-14] (Symantec Corporation) S3 PCANDIS5; C:\WINDOWS\system32\PCANDIS5.SYS [16068 2000-10-15] (Printing Communications Assoc., Inc. (PCAUSA)) R2 s24trans; C:\Windows\System32\DRIVERS\s24trans.sys [11904 2008-08-13] (Intel Corporation) R1 SAVRT; C:\Program Files\Symantec Client Security\Symantec AntiVirus\savrt.sys [324232 2005-02-04] (Symantec Corporation) R1 SAVRTPEL; C:\Program Files\Symantec Client Security\Symantec AntiVirus\Savrtpel.sys [53896 2005-02-04] (Symantec Corporation) S3 SPBBCDrv; C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys [372832 2005-03-30] (Symantec Corporation) R1 sscdbhk5; C:\Windows\System32\drivers\sscdbhk5.sys [5627 2004-07-14] (Sonic Solutions) R1 ssrtln; C:\Windows\System32\drivers\ssrtln.sys [23545 2004-07-14] (Sonic Solutions) R3 STAC97; C:\Windows\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.) R3 SYMDNS; C:\Windows\System32\Drivers\SYMDNS.SYS [11512 2005-04-22] (Symantec Corporation) R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [123488 2005-05-13] (Symantec Corporation) R3 SYMFW; C:\Windows\System32\Drivers\SYMFW.SYS [173208 2005-04-22] (Symantec Corporation) R3 SYMIDS; C:\Windows\System32\Drivers\SYMIDS.SYS [36984 2005-04-22] (Symantec Corporation) R3 SYMIDSCO; C:\PROGRA~1\COMMON~1\SYMANT~1\SymcData\SCFIDS~1\20120126.001\symidsco.sys [270712 2010-09-15] (Symantec Corporation) R3 SYMNDIS; C:\Windows\System32\Drivers\SYMNDIS.SYS [47192 2005-04-22] (Symantec Corporation) R3 SYMREDRV; C:\Windows\System32\Drivers\SYMREDRV.SYS [17976 2005-04-22] (Symantec Corporation) R1 SYMTDI; C:\Windows\System32\Drivers\SYMTDI.SYS [267192 2005-04-22] (Symantec Corporation) R2 tfsnboio; C:\Windows\System32\dla\tfsnboio.sys [25723 2004-08-13] (Sonic Solutions) R2 tfsncofs; C:\Windows\System32\dla\tfsncofs.sys [34843 2004-08-13] (Sonic Solutions) R2 tfsndrct; C:\Windows\System32\dla\tfsndrct.sys [4123 2004-08-13] (Sonic Solutions) R2 tfsndres; C:\Windows\System32\dla\tfsndres.sys [2239 2004-08-13] (Sonic Solutions) R2 tfsnifs; C:\Windows\System32\dla\tfsnifs.sys [86202 2004-08-13] (Sonic Solutions) R2 tfsnopio; C:\Windows\System32\dla\tfsnopio.sys [14715 2004-08-13] (Sonic Solutions) R2 tfsnpool; C:\Windows\System32\dla\tfsnpool.sys [6363 2004-08-13] (Sonic Solutions) R2 tfsnudf; C:\Windows\System32\dla\tfsnudf.sys [98714 2004-08-13] (Sonic Solutions) R2 tfsnudfa; C:\Windows\System32\dla\tfsnudfa.sys [100603 2004-08-13] (Sonic Solutions) R1 vmm; C:\WINDOWS\system32\drivers\vmm.sys [147040 2003-10-22] (Microsoft Corporation) R3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation) S3 ATICDSDr; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ATICDSDr.sys [x] S3 catchme; \??\C:\ComboFix\catchme.sys [x] S4 IntelIde; No ImagePath S3 PCDSRVC{E9D79540-57D5953E-06020200}_0; \??\c:\program files\dell support center\pcdsrvc.pkms [x] U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 UIUSys; system32\drivers\UIUSys.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-30 19:02 - 2013-10-30 19:02 - 00130968 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2013-10-30 18:55 - 2013-10-30 18:55 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\CC Support 2013-10-30 18:53 - 2013-10-30 18:53 - 04009167 _____ C:\Documents and Settings\Administrator\My Documents\ServicesRepair.exe 2013-10-30 17:06 - 2013-10-30 17:07 - 00002785 _____ C:\Documents and Settings\Administrator\Desktop\FSS.txt 2013-10-30 17:00 - 2013-10-30 17:00 - 00001610 _____ C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk 2013-10-30 17:00 - 2013-10-30 17:00 - 00000000 ____D C:\Program Files\HitmanPro 2013-10-30 17:00 - 2013-10-30 17:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro 2013-10-30 16:52 - 2013-10-30 16:52 - 00090112 _____ C:\WINDOWS\Minidump\Mini103013-01.dmp 2013-10-28 23:01 - 2013-10-28 23:01 - 00000000 ____D C:\FRST 2013-10-28 17:22 - 2013-10-28 17:22 - 00000072 ____S C:\Kickstarter.exe 2013-10-28 15:18 - 2013-10-28 17:46 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-10-21 18:00 - 2013-10-30 17:09 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro 2013-10-18 18:32 - 2013-10-18 18:32 - 12431360 _____ C:\Documents and Settings\Administrator\My Documents\Meineke Car Care Center of Seabrook NH (Backup Oct 18,2013 06 31 PM).QBB 2013-10-11 12:50 - 2013-10-11 12:50 - 00043008 _____ C:\Documents and Settings\Administrator\My Documents\Immunogen Stock Option.xls 2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-10-09 03:23 - 2013-10-09 03:24 - 00031299 _____ C:\WINDOWS\KB2862335.log 2013-10-09 03:12 - 2013-10-09 03:12 - 00031662 _____ C:\WINDOWS\KB2868038.log 2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$ 2013-10-09 03:10 - 2013-10-09 03:11 - 00032130 _____ C:\WINDOWS\KB2879017-IE8.log 2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$ 2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-10-09 00:28 - 2013-10-09 03:24 - 00053202 _____ C:\WINDOWS\KB2847311.log 2013-10-09 00:27 - 2013-08-08 20:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys 2013-10-09 00:27 - 2013-08-08 20:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys 2013-10-09 00:27 - 2013-07-16 20:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys 2013-10-09 00:27 - 2013-07-16 20:58 - 00060160 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys 2013-10-09 00:27 - 2013-07-16 20:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys 2013-10-09 00:27 - 2013-07-02 22:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys 2013-10-09 00:27 - 2009-03-18 07:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys ==================== One Month Modified Files and Folders ======= 2013-10-30 19:08 - 2005-02-28 19:15 - 01921839 _____ C:\WINDOWS\WindowsUpdate.log 2013-10-30 19:05 - 2013-09-17 14:19 - 00000896 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-30 19:05 - 2012-02-02 12:03 - 00000326 _____ C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job 2013-10-30 19:05 - 2002-08-29 08:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2013-10-30 19:04 - 2005-07-07 14:17 - 00017408 _____ C:\WINDOWS\system32\Rpcnetp.exe 2013-10-30 19:04 - 2005-07-07 11:29 - 00058288 _____ (Absolute Software Corp.) C:\WINDOWS\system32\Rpcnet.dll 2013-10-30 19:04 - 2005-02-28 17:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-10-30 19:04 - 2005-02-28 11:26 - 00000159 _____ C:\WINDOWS\wiadebug.log 2013-10-30 19:04 - 2005-02-28 11:26 - 00000050 _____ C:\WINDOWS\wiaservc.log 2013-10-30 19:02 - 2013-10-30 19:02 - 00130968 _____ C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat 2013-10-30 19:02 - 2012-11-30 00:17 - 00032576 _____ C:\WINDOWS\SchedLgU.Txt 2013-10-30 19:02 - 2012-02-02 13:06 - 00524288 _____ C:\WINDOWS\system32\config\SpybotSD.evt 2013-10-30 19:02 - 2005-07-05 09:04 - 00000040 _____ C:\WINDOWS\system32\profile.dat 2013-10-30 19:02 - 2005-02-28 19:23 - 00000278 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-10-30 18:55 - 2013-10-30 18:55 - 00000000 ____D C:\Documents and Settings\All Users\Desktop\CC Support 2013-10-30 18:53 - 2013-10-30 18:53 - 04009167 _____ C:\Documents and Settings\Administrator\My Documents\ServicesRepair.exe 2013-10-30 18:36 - 2013-09-17 14:19 - 00000900 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-30 18:15 - 2012-08-30 08:03 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-10-30 17:09 - 2013-10-21 18:00 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro 2013-10-30 17:07 - 2013-10-30 17:06 - 00002785 _____ C:\Documents and Settings\Administrator\Desktop\FSS.txt 2013-10-30 17:00 - 2013-10-30 17:00 - 00001610 _____ C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk 2013-10-30 17:00 - 2013-10-30 17:00 - 00000000 ____D C:\Program Files\HitmanPro 2013-10-30 17:00 - 2013-10-30 17:00 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro 2013-10-30 16:54 - 2007-01-19 15:50 - 00017408 _____ C:\WINDOWS\system32\rpcnetp.dll 2013-10-30 16:53 - 2005-03-01 08:37 - 00000000 __SHD C:\WINDOWS\CSC 2013-10-30 16:52 - 2013-10-30 16:52 - 00090112 _____ C:\WINDOWS\Minidump\Mini103013-01.dmp 2013-10-30 16:52 - 2012-02-16 04:33 - 00000000 ____D C:\WINDOWS\Minidump 2013-10-30 14:16 - 2012-11-30 17:46 - 00000071 __RSH C:\Documents and Settings\All Users\Application Data\3002.xml 2013-10-28 23:01 - 2013-10-28 23:01 - 00000000 ____D C:\FRST 2013-10-28 17:46 - 2013-10-28 15:18 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-10-28 17:22 - 2013-10-28 17:22 - 00000072 ____S C:\Kickstarter.exe 2013-10-21 17:13 - 2012-12-10 18:32 - 00218310 _____ C:\WINDOWS\setupapi.log 2013-10-21 11:27 - 2013-09-17 14:19 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2013-10-21 11:27 - 2005-11-04 10:08 - 00000000 ____D C:\Program Files\Google 2013-10-21 11:20 - 2012-10-24 18:12 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\Recipes 2013-10-18 18:32 - 2013-10-18 18:32 - 12431360 _____ C:\Documents and Settings\Administrator\My Documents\Meineke Car Care Center of Seabrook NH (Backup Oct 18,2013 06 31 PM).QBB 2013-10-17 10:30 - 2012-02-02 12:03 - 00000326 _____ C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job 2013-10-17 09:45 - 2012-02-16 15:01 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2013-10-16 12:16 - 2011-01-03 23:43 - 00000000 ____D C:\Meineke 2013-10-15 16:00 - 2011-03-24 11:54 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-10-14 03:04 - 2011-01-27 23:22 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-10-11 12:50 - 2013-10-11 12:50 - 00043008 _____ C:\Documents and Settings\Administrator\My Documents\Immunogen Stock Option.xls 2013-10-09 11:15 - 2012-08-30 08:02 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-10-09 11:15 - 2012-02-21 17:25 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-10-09 03:49 - 2005-02-28 11:23 - 00231984 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-10-09 03:48 - 2013-06-20 13:28 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-10-09 03:28 - 2005-02-28 11:24 - 00589046 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-10-09 03:24 - 2013-10-09 03:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-10-09 03:24 - 2013-10-09 03:23 - 00031299 _____ C:\WINDOWS\KB2862335.log 2013-10-09 03:24 - 2013-10-09 00:28 - 00053202 _____ C:\WINDOWS\KB2847311.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00323335 _____ C:\WINDOWS\iis6.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00302961 _____ C:\WINDOWS\FaxSetup.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00144844 _____ C:\WINDOWS\ocgen.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00138230 _____ C:\WINDOWS\tsoc.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00099944 _____ C:\WINDOWS\comsetup.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00091158 _____ C:\WINDOWS\msmqinst.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00060601 _____ C:\WINDOWS\ntdtcsetup.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00053067 _____ C:\WINDOWS\netfxocm.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00045857 _____ C:\WINDOWS\updspapi.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00020825 _____ C:\WINDOWS\MedCtrOC.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00016758 _____ C:\WINDOWS\ocmsn.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00015239 _____ C:\WINDOWS\tabletoc.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00015141 _____ C:\WINDOWS\msgsocm.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00001374 _____ C:\WINDOWS\imsins.log 2013-10-09 03:24 - 2012-12-12 04:07 - 00001374 _____ C:\WINDOWS\imsins.BAK 2013-10-09 03:19 - 2013-08-14 03:21 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-10-09 03:12 - 2013-10-09 03:12 - 00031662 _____ C:\WINDOWS\KB2868038.log 2013-10-09 03:12 - 2013-10-09 03:12 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$ 2013-10-09 03:12 - 2005-05-19 15:36 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-10-09 03:11 - 2013-10-09 03:10 - 00032130 _____ C:\WINDOWS\KB2879017-IE8.log 2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$ 2013-10-09 03:10 - 2013-10-09 03:10 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-10-01 11:00 - 2012-02-02 12:03 - 00000334 _____ C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top