Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Europol virus - Hitman Pro kickstart
Message
<blockquote data-quote="debdon" data-source="post: 117965" data-attributes="member: 7715"><p>Thanks Fiery</p><p>FRST.txt file copied below</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2013</p><p>Ran by SYSTEM on 25-04-2013 10:25:41</p><p>Running from D:\</p><p>Microsoft Windows XP (X86) OS Language: English(US)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Recovery</p><p>The current controlset is ControlSet003</p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent [x]</p><p>HKLM\...\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" [32768 2005-07-25] ()</p><p>HKLM\...\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation)</p><p>HKLM\...\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation)</p><p>HKLM\...\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [112216 2006-11-30] (McAfee, Inc.)</p><p>HKLM\...\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey [136768 2006-11-17] (McAfee, Inc.)</p><p>HKLM\...\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [1836328 2007-09-20] (Nero AG)</p><p>HKLM\...\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide [866584 2006-11-03] (Microsoft Corporation)</p><p>HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-01-11] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent [2060288 2008-03-13] (Vodafone)</p><p>HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [185896 2006-09-28] (Nuance Communications, Inc.)</p><p>HKLM\...\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [75304 2006-10-11] (ScanSoft, Inc.)</p><p>HKLM\...\Run: [KASHPNC99987954614232346] "C:\Program Files\Kaseya\Agent\KaUsrTsk.exe" [409600 2012-03-21] (Kaseya International Limited)</p><p>HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1468256 2009-11-05] (Microsoft Corporation)</p><p>HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2516296 2010-03-24] (CANON INC.)</p><p>HKLM\...\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.)</p><p>HKLM\...\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.)</p><p>HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.)</p><p>HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-11-12] (Apple Inc.)</p><p>HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)</p><p>HKLM\...\Run: [syshost32] C:\WINDOWS\Installer\{165BD854-2BF1-B6A8-2B1D-EE950AA8DFF3}\syshost.exe [149504 2013-03-29] ()</p><p>HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\host32.exe, [x]</p><p>HKLM\...\Winlogon: [System] </p><p>Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)</p><p>HKU\Admin\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]</p><p>HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]</p><p>HKU\administrator.WATERMANASPEN\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]</p><p>HKU\chamilton\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]</p><p>HKU\chamilton\...\Run: [\\WARRINGTONPC.watermanaspen.co.uk\EPSON Stylus DX9400F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\DOCUME~1\CHAMIL~1\LOCALS~1\Temp\E_S88.tmp" /EF "HKCU" [ 2008-11-03] ()</p><p>HKU\ddavidson\...\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler [ 2007-03-29] (Macrovision Corporation)</p><p>HKU\ddavidson\...\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart [x]</p><p>HKU\Default User\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]</p><p>HKU\Default User\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2004-10-13] (Microsoft Corporation)</p><p>HKU\Default User\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]</p><p>HKU\Default User\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x]</p><p>HKU\dmatheson\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]</p><p>HKU\dmatheson\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2004-10-13] (Microsoft Corporation)</p><p>HKU\dmatheson\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]</p><p>HKU\Donnie\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]</p><p>HKU\Donnie\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2004-10-13] (Microsoft Corporation)</p><p>HKU\Donnie\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]</p><p>HKU\Donnie\...\Run: [{2A2DB62D-8D02-BE06-7552-60540CE0DA6B}] C:\Documents and Settings\Donnie\Application Data\Sun\Java\Deployment\SystemCache\6.0\60\debug.exe [ 2004-08-04] ()</p><p>HKU\Donnie\...\Run: [Yahoo] RunDLL32.exe "C:\Documents and Settings\Donnie\Local Settings\Application Data\Yahoo\nlqvmaix.dll",MapLDAPTypeToADSType [x]</p><p>HKU\Donnie\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Donnie\Application Data\skype.dat [x]</p><p>HKU\kefag\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]</p><p>HKU\sparelaptop\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x]</p><p>HKU\sparelaptop\...\Run: [\\warringtonpc\EPSON Stylus DX9400F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\DOCUME~1\SPAREL~1\LOCALS~1\Temp\E_S70.tmp" /EF "HKCU" [ 2008-12-05] ()</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk</p><p>ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)</p><p>Startup: C:\Documents and Settings\ddavidson\Start Menu\Programs\Startup\Connection to Waterman HQ.lnk</p><p>ShortcutTarget: Connection to Waterman HQ.lnk -> C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe (SonicWALL, Inc.)</p><p>Startup: C:\Documents and Settings\ddavidson\Start Menu\Programs\Startup\Microsoft Office Outlook.lnk</p><p>ShortcutTarget: Microsoft Office Outlook.lnk -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation)</p><p>Startup: C:\Documents and Settings\Donnie\Start Menu\Programs\Startup\Dropbox.lnk</p><p>ShortcutTarget: Dropbox.lnk -> B:\Documents and Settings\Default User\Application Data\Dropbox\bin\Dropbox.exe (No File)</p><p>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>S2 gtdetectsc; C:\WINDOWS\system32\gtdetectsc.exe [122880 2006-09-28] (OptionNV)</p><p>S2 KAPNC99987954614232346; C:\Program Files\Kaseya\Agent\AgentMon.exe [847872 2012-06-07] (Kaseya International Limited)</p><p>S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [104000 2006-11-17] (McAfee, Inc.)</p><p>S2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144960 2006-11-30] (McAfee, Inc.)</p><p>S2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54872 2006-11-30] (McAfee, Inc.)</p><p>S2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [66872 2008-07-27] ()</p><p>S2 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [103736 2008-07-27] ()</p><p>S3 RampartSvc; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [131072 2004-10-15] (SonicWALL, Inc.)</p><p>S2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [24576 2008-03-13] (Vodafone)</p><p>S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)</p><p>S2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [438272 2008-04-30] (RealVNC Ltd.)</p><p>S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2007-06-15] (Avanquest Software)</p><p>S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [147236 2004-05-14] (Deterministic Networks, Inc.)</p><p>S0 e48c6df33eed4299; C:\Windows\System32\Drivers\e48c6df33eed4299.sys [61312 2013-03-29] ()</p><p>S3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [61568 2006-07-13] (ENE Technology Inc.)</p><p>S3 ESDCR; C:\Windows\System32\DRIVERS\ESD7SK.sys [40064 2006-07-13] (ENE Technology Inc.)</p><p>S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. )</p><p>S3 G3GRUMDM; C:\Windows\System32\DRIVERS\g3grumdm.sys [27648 2005-06-10] (Option N.V.)</p><p>S3 G3GRUSER; C:\Windows\System32\DRIVERS\g3gruser.sys [24064 2005-06-10] (Option N.V.)</p><p>S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows (R) Server 2003 DDK provider)</p><p>S1 Hotkey; C:\Windows\System32\Drivers\Hotkey.sys [9867 2003-04-28] ()</p><p>S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1166972 2006-03-23] (Intel Corporation)</p><p>S3 KAPFA; C:\WINDOWS\system32\drivers\KAPFA.SYS [17920 2011-06-23] (Kaseya)</p><p>S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [64360 2006-11-30] (McAfee, Inc.)</p><p>S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [72264 2006-11-30] (McAfee, Inc.)</p><p>S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [34152 2006-11-30] (McAfee, Inc.)</p><p>S3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [168776 2006-11-30] (McAfee, Inc.)</p><p>S1 mferkdk; C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [31944 2006-11-30] (McAfee, Inc.)</p><p>S1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [52136 2006-11-30] (McAfee, Inc.)</p><p>S3 n558; C:\Windows\System32\Drivers\n558.sys [9600 2007-08-15] ()</p><p>S3 NETw3x32; C:\Windows\System32\DRIVERS\NETw3x32.sys [1709696 2006-09-26] (Intel® Corporation)</p><p>S3 odysseyIM4; C:\Windows\System32\DRIVERS\odysseyIM4.sys [173056 2005-06-10] (Funk Software, Inc.)</p><p>S1 RCFOX; C:\WINDOWS\system32\Drivers\RCFOX.sys [91136 2004-10-15] (SonicWALL, Inc.)</p><p>S3 rcvpn; C:\Windows\System32\DRIVERS\rcvpn.sys [23180 2003-08-20] (SonicWALL, Inc.)</p><p>S3 S3SavageNB; C:\Windows\System32\DRIVERS\s3gnbm.sys [166912 2004-08-03] (S3 Graphics, Inc.)</p><p>S3 swivsp; C:\Windows\System32\DRIVERS\swivspnt.sys [20352 2007-03-23] (Sierra Wireless Inc.)</p><p>S3 SWNC8U00; C:\Windows\System32\DRIVERS\SWNC8U00.sys [102144 2007-03-23] (Sierra Wireless Inc.)</p><p>S3 SWUMX00; C:\Windows\System32\DRIVERS\swumx00.sys [70656 2007-03-23] (Sierra Wireless Inc.)</p><p>S3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [248832 2006-08-07] (Marvell)</p><p>S4 Abiosdsk; No ImagePath</p><p>S4 Atdisk; No ImagePath</p><p>S1 Changer; No ImagePath</p><p>S1 lbrtfdc; No ImagePath</p><p>S1 mailKmd; No ImagePath</p><p>S1 PCIDump; No ImagePath</p><p>S3 PDCOMP; No ImagePath</p><p>S3 PDFRAME; No ImagePath</p><p>S3 PDRELI; No ImagePath</p><p>S3 PDRFRAME; No ImagePath</p><p>S4 Simbad; No ImagePath</p><p>S1 Wbutton; \SystemRoot\system32\drivers\Wbutton.sys [x]</p><p>S3 WDICA; No ImagePath</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-04-25 10:25 - 2013-04-25 10:25 - 00000000 ____D C:\FRST</p><p>2013-03-29 09:38 - 2013-04-15 05:52 - 00000004 ____A C:\Documents and Settings\Donnie\Application Data\skype.ini</p><p>2013-03-29 09:38 - 2013-03-29 09:38 - 00061312 ____A C:\Windows\System32\Drivers\e48c6df33eed4299.sys</p><p>2013-03-29 09:37 - 2013-03-29 09:37 - 00142336 ____A (TechDays Inc.) C:\Documents and Settings\Donnie\vhjaopmspkeasxcxioaj.exe</p><p></p><p>==================== One Month Modified Files and Folders ========</p><p></p><p>2013-04-25 10:25 - 2013-04-25 10:25 - 00000000 ____D C:\FRST</p><p>2013-04-25 04:16 - 2011-11-28 11:22 - 00000430 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{C4D5A3FC-B6FC-4B94-B53B-35B717517C29}.job</p><p>2013-04-25 04:16 - 2008-08-23 17:12 - 00000050 ____A C:\Windows\wiaservc.log</p><p>2013-04-25 04:16 - 2006-01-30 15:21 - 00032476 ____A C:\Windows\SchedLgU.Txt</p><p>2013-04-25 04:16 - 2006-01-30 15:21 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-04-25 04:16 - 2006-01-30 15:14 - 01705821 ____A C:\Windows\WindowsUpdate.log</p><p>2013-04-25 04:16 - 2006-01-30 15:10 - 00000216 ____A C:\Windows\wiadebug.log</p><p>2013-04-25 04:15 - 2008-05-31 16:49 - 00000430 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{3249C59C-3609-49AD-9D5C-528AAF764D3A}.job</p><p>2013-04-25 04:09 - 2008-04-30 10:52 - 00000000 ____D C:\panacea</p><p>2013-04-25 04:07 - 2006-01-30 15:07 - 00581894 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-04-25 04:06 - 2008-05-01 09:37 - 00000330 ___AH C:\Windows\Tasks\MP Scheduled Scan.job</p><p>2013-04-25 04:04 - 2010-02-07 11:52 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-04-25 04:03 - 2006-01-30 15:21 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini</p><p>2013-04-25 04:03 - 2006-01-30 15:21 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini</p><p>2013-04-25 04:03 - 2006-01-30 13:59 - 00001158 ____A C:\Windows\System32\wpa.dbl</p><p>2013-04-23 08:04 - 2011-12-16 05:12 - 00000178 __ASH C:\Documents and Settings\Donnie\ntuser.ini</p><p>2013-04-23 08:04 - 2011-12-16 05:12 - 00000062 __ASH C:\Documents and Settings\Donnie\Local Settings\desktop.ini</p><p>2013-04-15 05:52 - 2013-03-29 09:38 - 00000004 ____A C:\Documents and Settings\Donnie\Application Data\skype.ini</p><p>2013-04-15 05:50 - 2012-11-22 12:41 - 00000000 ___RD C:\Documents and Settings\Donnie\My Documents\Dropbox</p><p>2013-04-15 05:50 - 2012-11-22 12:39 - 00000000 ____D C:\Documents and Settings\Donnie\Application Data\Dropbox</p><p>2013-04-15 05:49 - 2010-02-07 11:52 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-04-02 11:46 - 2008-04-29 09:59 - 00000000 __SHD C:\Windows\CSC</p><p>2013-03-29 09:38 - 2013-03-29 09:38 - 00061312 ____A C:\Windows\System32\Drivers\e48c6df33eed4299.sys</p><p>2013-03-29 09:37 - 2013-03-29 09:37 - 00142336 ____A (TechDays Inc.) C:\Documents and Settings\Donnie\vhjaopmspkeasxcxioaj.exe</p><p>2013-03-29 09:28 - 2012-02-20 06:50 - 00002473 ____A C:\Documents and Settings\Donnie\Desktop\Microsoft Office Excel 2007.lnk</p><p></p><p>==================== Known DLLs (ALL) =========================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\explorer.exe</p><p>[2006-01-30 13:59] - [2007-06-13 06:23] - 1033216 ____A (Microsoft Corporation) 97bd6515465659ff8f3b7be375b2ea87 </p><p></p><p>C:\Windows\System32\winlogon.exe</p><p>[2006-01-30 13:59] - [2004-08-04 08:00] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe </p><p></p><p>C:\Windows\System32\svchost.exe</p><p>[2006-01-30 13:59] - [2004-08-04 08:00] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716 </p><p></p><p>C:\Windows\System32\services.exe</p><p>[2006-01-30 13:59] - [2009-02-06 13:14] - 0110592 ____A (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de </p><p></p><p>C:\Windows\System32\User32.dll</p><p>[2006-01-30 13:59] - [2007-03-08 11:36] - 0577536 ____A (Microsoft Corporation) b409909f6e2e8a7067076ed748abf1e7 </p><p></p><p>C:\Windows\System32\userinit.exe</p><p>[2006-01-30 13:59] - [2004-08-04 08:00] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff </p><p></p><p>C:\Windows\System32\Drivers\volsnap.sys</p><p>[2006-01-30 13:59] - [2004-08-04 08:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b </p><p></p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points (XP) =====================</p><p></p><p>RP: -> 2013-04-23 08:22 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1144 </p><p></p><p>RP: -> 2013-04-15 03:46 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1143 </p><p></p><p>RP: -> 2013-03-29 09:38 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1142 </p><p></p><p>RP: -> 2013-03-26 06:57 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1141 </p><p></p><p>RP: -> 2013-03-25 07:18 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1140 </p><p></p><p>RP: -> 2013-03-19 12:45 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1139 </p><p></p><p>RP: -> 2013-03-18 11:37 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1138 </p><p></p><p>RP: -> 2013-03-15 10:23 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1137 </p><p></p><p>RP: -> 2013-03-13 08:39 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1136 </p><p></p><p>RP: -> 2013-03-10 11:13 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1135 </p><p></p><p>RP: -> 2013-03-08 07:42 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1134 </p><p></p><p>RP: -> 2013-03-06 10:07 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1133 </p><p></p><p>RP: -> 2013-03-03 13:24 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1132 </p><p></p><p>RP: -> 2013-02-27 06:27 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1131 </p><p></p><p>RP: -> 2013-02-24 14:37 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1130 </p><p></p><p>RP: -> 2013-02-23 08:45 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1129 </p><p></p><p>RP: -> 2013-02-17 13:36 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1128 </p><p></p><p>RP: -> 2013-02-13 11:48 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1127 </p><p></p><p>RP: -> 2013-02-11 04:34 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1126 </p><p></p><p>RP: -> 2013-02-07 12:25 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1125 </p><p></p><p>RP: -> 2013-02-05 06:12 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1124 </p><p></p><p>RP: -> 2013-01-30 07:27 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1123 </p><p></p><p>RP: -> 2013-01-28 05:03 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1122 </p><p></p><p>RP: -> 2013-01-23 14:57 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1121 </p><p></p><p>RP: -> 2013-01-21 04:28 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1120 </p><p></p><p>RP: -> 2013-01-18 06:01 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1119 </p><p></p><p>RP: -> 2013-01-17 05:09 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1118 </p><p></p><p>RP: -> 2013-01-15 10:10 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1117 </p><p></p><p>RP: -> 2013-01-14 04:28 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1116 </p><p></p><p>RP: -> 2013-01-10 10:53 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1115 </p><p></p><p>RP: -> 2013-01-07 04:40 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1114 </p><p></p><p>RP: -> 2013-01-03 05:16 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1113 </p><p></p><p>RP: -> 2012-12-31 11:34 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1112 </p><p></p><p>RP: -> 2012-12-28 06:19 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1111 </p><p></p><p>RP: -> 2012-12-20 06:16 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1110 </p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 10%</p><p>Total physical RAM: 2550.05 MB</p><p>Available physical RAM: 2280.11 MB</p><p>Total Pagefile: 2377.75 MB</p><p>Available Pagefile: 2315.87 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1993.54 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS</p><p>Drive c: (System) (Fixed) (Total:74.53 GB) (Free:19.37 GB) NTFS ==>[Drive with boot components (Windows XP)]</p><p>Drive d: (HITMANPRO) (Removable) (Total:1.96 GB) (Free:1.95 GB) FAT32</p><p>Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS</p><p></p><p> Disk ### Status Size Free Dyn Gpt</p><p> -------- ---------- ------- ------- --- ---</p><p> Disk 0 Online 75 GB 0 B </p><p></p><p>Partitions of Disk 0:</p><p>===============</p><p></p><p> Partition ### Type Size Offset</p><p> ------------- ---------------- ------- -------</p><p> Partition 1 Primary 75 GB 32 KB</p><p>==================================================================================</p><p></p><p>Disk: 0</p><p>Partition 1</p><p>Type : 07</p><p>Hidden: No</p><p>Active: Yes</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 1 C System NTFS Partition 75 GB Healthy </p><p>=========================================================</p><p>============================== MBR & Partition Table ==================</p><p></p><p>====================================================================</p><p>Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: B3F42574)</p><p>Partition 1: (Active) - (Size=75 GB) - (Type=07) (NTFS)</p><p></p><p>====================================================================</p><p>Disk: 1 (Size: 2 GB) (Disk ID: 689C5F5D)</p><p>Partition 1: (Active) - (Size=2 GB) - (Type=0B)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="debdon, post: 117965, member: 7715"] Thanks Fiery FRST.txt file copied below Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2013 Ran by SYSTEM on 25-04-2013 10:25:41 Running from D:\ Microsoft Windows XP (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet003 ==================== Registry (Whitelisted) ================== HKLM\...\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent [x] HKLM\...\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" [32768 2005-07-25] () HKLM\...\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [77824 2006-03-23] (Intel Corporation) HKLM\...\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe [118784 2006-03-23] (Intel Corporation) HKLM\...\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [112216 2006-11-30] (McAfee, Inc.) HKLM\...\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey [136768 2006-11-17] (McAfee, Inc.) HKLM\...\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [1836328 2007-09-20] (Nero AG) HKLM\...\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide [866584 2006-11-03] (Microsoft Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-01-11] (Adobe Systems Incorporated) HKLM\...\Run: [MobileConnect] %programfiles%\Vodafone\Vodafone Mobile Connect\Bin\MobileConnect.exe /silent [2060288 2008-03-13] (Vodafone) HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [185896 2006-09-28] (Nuance Communications, Inc.) HKLM\...\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe" [75304 2006-10-11] (ScanSoft, Inc.) HKLM\...\Run: [KASHPNC99987954614232346] "C:\Program Files\Kaseya\Agent\KaUsrTsk.exe" [409600 2012-03-21] (Kaseya International Limited) HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe" [1468256 2009-11-05] (Microsoft Corporation) HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [2516296 2010-03-24] (CANON INC.) HKLM\...\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE /logon [1185112 2010-04-02] (CANON INC.) HKLM\...\Run: [IJNetworkScanUtility] C:\Program Files\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe [140640 2010-03-02] (CANON INC.) HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59240 2011-09-27] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421736 2011-11-12] (Apple Inc.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\Run: [syshost32] C:\WINDOWS\Installer\{165BD854-2BF1-B6A8-2B1D-EE950AA8DFF3}\syshost.exe [149504 2013-03-29] () HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\host32.exe, [x] HKLM\...\Winlogon: [System] Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) HKU\Admin\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x] HKU\Administrator\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x] HKU\administrator.WATERMANASPEN\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x] HKU\chamilton\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x] HKU\chamilton\...\Run: [\\WARRINGTONPC.watermanaspen.co.uk\EPSON Stylus DX9400F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\DOCUME~1\CHAMIL~1\LOCALS~1\Temp\E_S88.tmp" /EF "HKCU" [ 2008-11-03] () HKU\ddavidson\...\Run: [ISUSPM] "C:\Documents and Settings\All Users\Application Data\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler [ 2007-03-29] (Macrovision Corporation) HKU\ddavidson\...\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart [x] HKU\Default User\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x] HKU\Default User\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2004-10-13] (Microsoft Corporation) HKU\Default User\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x] HKU\Default User\...\RunOnce: [NeroHomeFirstStart] "C:\Program Files\Common Files\Nero\Lib\NMFirstStart.exe" [x] HKU\dmatheson\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x] HKU\dmatheson\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2004-10-13] (Microsoft Corporation) HKU\dmatheson\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x] HKU\Donnie\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x] HKU\Donnie\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2004-10-13] (Microsoft Corporation) HKU\Donnie\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x] HKU\Donnie\...\Run: [{2A2DB62D-8D02-BE06-7552-60540CE0DA6B}] C:\Documents and Settings\Donnie\Application Data\Sun\Java\Deployment\SystemCache\6.0\60\debug.exe [ 2004-08-04] () HKU\Donnie\...\Run: [Yahoo] RunDLL32.exe "C:\Documents and Settings\Donnie\Local Settings\Application Data\Yahoo\nlqvmaix.dll",MapLDAPTypeToADSType [x] HKU\Donnie\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Donnie\Application Data\skype.dat [x] HKU\kefag\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x] HKU\sparelaptop\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe" [x] HKU\sparelaptop\...\Run: [\\warringtonpc\EPSON Stylus DX9400F Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICFE.EXE /FU "C:\DOCUME~1\SPAREL~1\LOCALS~1\Temp\E_S70.tmp" /EF "HKCU" [ 2008-12-05] () Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) Startup: C:\Documents and Settings\ddavidson\Start Menu\Programs\Startup\Connection to Waterman HQ.lnk ShortcutTarget: Connection to Waterman HQ.lnk -> C:\Program Files\SonicWALL\SonicWALL Global VPN Client\SWGVpnClient.exe (SonicWALL, Inc.) Startup: C:\Documents and Settings\ddavidson\Start Menu\Programs\Startup\Microsoft Office Outlook.lnk ShortcutTarget: Microsoft Office Outlook.lnk -> C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE (Microsoft Corporation) Startup: C:\Documents and Settings\Donnie\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> B:\Documents and Settings\Default User\Application Data\Dropbox\bin\Dropbox.exe (No File) SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) ========================== Services (Whitelisted) ================= S2 gtdetectsc; C:\WINDOWS\system32\gtdetectsc.exe [122880 2006-09-28] (OptionNV) S2 KAPNC99987954614232346; C:\Program Files\Kaseya\Agent\AgentMon.exe [847872 2012-06-07] (Kaseya International Limited) S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [104000 2006-11-17] (McAfee, Inc.) S2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [144960 2006-11-30] (McAfee, Inc.) S2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [54872 2006-11-30] (McAfee, Inc.) S2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [66872 2008-07-27] () S2 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [103736 2008-07-27] () S3 RampartSvc; C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe [131072 2004-10-15] (SonicWALL, Inc.) S2 VMCService; C:\Program Files\Vodafone\Vodafone Mobile Connect\Bin\VMCService.exe [24576 2008-03-13] (Vodafone) S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation) S2 WinVNC4; C:\Program Files\RealVNC\VNC4\WinVNC4.exe [438272 2008-04-30] (RealVNC Ltd.) S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2007-06-15] (Avanquest Software) S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [147236 2004-05-14] (Deterministic Networks, Inc.) S0 e48c6df33eed4299; C:\Windows\System32\Drivers\e48c6df33eed4299.sys [61312 2013-03-29] () S3 EMSCR; C:\Windows\System32\DRIVERS\EMS7SK.sys [61568 2006-07-13] (ENE Technology Inc.) S3 ESDCR; C:\Windows\System32\DRIVERS\ESD7SK.sys [40064 2006-07-13] (ENE Technology Inc.) S3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd5.sys [27165 2001-08-17] (VIA Technologies, Inc. ) S3 G3GRUMDM; C:\Windows\System32\DRIVERS\g3grumdm.sys [27648 2005-06-10] (Option N.V.) S3 G3GRUSER; C:\Windows\System32\DRIVERS\g3gruser.sys [24064 2005-06-10] (Option N.V.) S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [138752 2005-01-07] (Windows (R) Server 2003 DDK provider) S1 Hotkey; C:\Windows\System32\Drivers\Hotkey.sys [9867 2003-04-28] () S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1166972 2006-03-23] (Intel Corporation) S3 KAPFA; C:\WINDOWS\system32\drivers\KAPFA.SYS [17920 2011-06-23] (Kaseya) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [64360 2006-11-30] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [72264 2006-11-30] (McAfee, Inc.) S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [34152 2006-11-30] (McAfee, Inc.) S3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [168776 2006-11-30] (McAfee, Inc.) S1 mferkdk; C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [31944 2006-11-30] (McAfee, Inc.) S1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [52136 2006-11-30] (McAfee, Inc.) S3 n558; C:\Windows\System32\Drivers\n558.sys [9600 2007-08-15] () S3 NETw3x32; C:\Windows\System32\DRIVERS\NETw3x32.sys [1709696 2006-09-26] (Intel® Corporation) S3 odysseyIM4; C:\Windows\System32\DRIVERS\odysseyIM4.sys [173056 2005-06-10] (Funk Software, Inc.) S1 RCFOX; C:\WINDOWS\system32\Drivers\RCFOX.sys [91136 2004-10-15] (SonicWALL, Inc.) S3 rcvpn; C:\Windows\System32\DRIVERS\rcvpn.sys [23180 2003-08-20] (SonicWALL, Inc.) S3 S3SavageNB; C:\Windows\System32\DRIVERS\s3gnbm.sys [166912 2004-08-03] (S3 Graphics, Inc.) S3 swivsp; C:\Windows\System32\DRIVERS\swivspnt.sys [20352 2007-03-23] (Sierra Wireless Inc.) S3 SWNC8U00; C:\Windows\System32\DRIVERS\SWNC8U00.sys [102144 2007-03-23] (Sierra Wireless Inc.) S3 SWUMX00; C:\Windows\System32\DRIVERS\swumx00.sys [70656 2007-03-23] (Sierra Wireless Inc.) S3 yukonwxp; C:\Windows\System32\DRIVERS\yk51x86.sys [248832 2006-08-07] (Marvell) S4 Abiosdsk; No ImagePath S4 Atdisk; No ImagePath S1 Changer; No ImagePath S1 lbrtfdc; No ImagePath S1 mailKmd; No ImagePath S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 Simbad; No ImagePath S1 Wbutton; \SystemRoot\system32\drivers\Wbutton.sys [x] S3 WDICA; No ImagePath ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-04-25 10:25 - 2013-04-25 10:25 - 00000000 ____D C:\FRST 2013-03-29 09:38 - 2013-04-15 05:52 - 00000004 ____A C:\Documents and Settings\Donnie\Application Data\skype.ini 2013-03-29 09:38 - 2013-03-29 09:38 - 00061312 ____A C:\Windows\System32\Drivers\e48c6df33eed4299.sys 2013-03-29 09:37 - 2013-03-29 09:37 - 00142336 ____A (TechDays Inc.) C:\Documents and Settings\Donnie\vhjaopmspkeasxcxioaj.exe ==================== One Month Modified Files and Folders ======== 2013-04-25 10:25 - 2013-04-25 10:25 - 00000000 ____D C:\FRST 2013-04-25 04:16 - 2011-11-28 11:22 - 00000430 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{C4D5A3FC-B6FC-4B94-B53B-35B717517C29}.job 2013-04-25 04:16 - 2008-08-23 17:12 - 00000050 ____A C:\Windows\wiaservc.log 2013-04-25 04:16 - 2006-01-30 15:21 - 00032476 ____A C:\Windows\SchedLgU.Txt 2013-04-25 04:16 - 2006-01-30 15:21 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-25 04:16 - 2006-01-30 15:14 - 01705821 ____A C:\Windows\WindowsUpdate.log 2013-04-25 04:16 - 2006-01-30 15:10 - 00000216 ____A C:\Windows\wiadebug.log 2013-04-25 04:15 - 2008-05-31 16:49 - 00000430 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{3249C59C-3609-49AD-9D5C-528AAF764D3A}.job 2013-04-25 04:09 - 2008-04-30 10:52 - 00000000 ____D C:\panacea 2013-04-25 04:07 - 2006-01-30 15:07 - 00581894 ____A C:\Windows\System32\PerfStringBackup.INI 2013-04-25 04:06 - 2008-05-01 09:37 - 00000330 ___AH C:\Windows\Tasks\MP Scheduled Scan.job 2013-04-25 04:04 - 2010-02-07 11:52 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-04-25 04:03 - 2006-01-30 15:21 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2013-04-25 04:03 - 2006-01-30 15:21 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2013-04-25 04:03 - 2006-01-30 13:59 - 00001158 ____A C:\Windows\System32\wpa.dbl 2013-04-23 08:04 - 2011-12-16 05:12 - 00000178 __ASH C:\Documents and Settings\Donnie\ntuser.ini 2013-04-23 08:04 - 2011-12-16 05:12 - 00000062 __ASH C:\Documents and Settings\Donnie\Local Settings\desktop.ini 2013-04-15 05:52 - 2013-03-29 09:38 - 00000004 ____A C:\Documents and Settings\Donnie\Application Data\skype.ini 2013-04-15 05:50 - 2012-11-22 12:41 - 00000000 ___RD C:\Documents and Settings\Donnie\My Documents\Dropbox 2013-04-15 05:50 - 2012-11-22 12:39 - 00000000 ____D C:\Documents and Settings\Donnie\Application Data\Dropbox 2013-04-15 05:49 - 2010-02-07 11:52 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-04-02 11:46 - 2008-04-29 09:59 - 00000000 __SHD C:\Windows\CSC 2013-03-29 09:38 - 2013-03-29 09:38 - 00061312 ____A C:\Windows\System32\Drivers\e48c6df33eed4299.sys 2013-03-29 09:37 - 2013-03-29 09:37 - 00142336 ____A (TechDays Inc.) C:\Documents and Settings\Donnie\vhjaopmspkeasxcxioaj.exe 2013-03-29 09:28 - 2012-02-20 06:50 - 00002473 ____A C:\Documents and Settings\Donnie\Desktop\Microsoft Office Excel 2007.lnk ==================== Known DLLs (ALL) ========================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe [2006-01-30 13:59] - [2007-06-13 06:23] - 1033216 ____A (Microsoft Corporation) 97bd6515465659ff8f3b7be375b2ea87 C:\Windows\System32\winlogon.exe [2006-01-30 13:59] - [2004-08-04 08:00] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe C:\Windows\System32\svchost.exe [2006-01-30 13:59] - [2004-08-04 08:00] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716 C:\Windows\System32\services.exe [2006-01-30 13:59] - [2009-02-06 13:14] - 0110592 ____A (Microsoft Corporation) 37561f8d4160d62da86d24ae41fae8de C:\Windows\System32\User32.dll [2006-01-30 13:59] - [2007-03-08 11:36] - 0577536 ____A (Microsoft Corporation) b409909f6e2e8a7067076ed748abf1e7 C:\Windows\System32\userinit.exe [2006-01-30 13:59] - [2004-08-04 08:00] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff C:\Windows\System32\Drivers\volsnap.sys [2006-01-30 13:59] - [2004-08-04 08:00] - 0052352 ____A (Microsoft Corporation) ee4660083deba849ff6c485d944b379b ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points (XP) ===================== RP: -> 2013-04-23 08:22 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1144 RP: -> 2013-04-15 03:46 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1143 RP: -> 2013-03-29 09:38 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1142 RP: -> 2013-03-26 06:57 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1141 RP: -> 2013-03-25 07:18 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1140 RP: -> 2013-03-19 12:45 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1139 RP: -> 2013-03-18 11:37 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1138 RP: -> 2013-03-15 10:23 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1137 RP: -> 2013-03-13 08:39 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1136 RP: -> 2013-03-10 11:13 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1135 RP: -> 2013-03-08 07:42 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1134 RP: -> 2013-03-06 10:07 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1133 RP: -> 2013-03-03 13:24 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1132 RP: -> 2013-02-27 06:27 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1131 RP: -> 2013-02-24 14:37 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1130 RP: -> 2013-02-23 08:45 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1129 RP: -> 2013-02-17 13:36 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1128 RP: -> 2013-02-13 11:48 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1127 RP: -> 2013-02-11 04:34 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1126 RP: -> 2013-02-07 12:25 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1125 RP: -> 2013-02-05 06:12 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1124 RP: -> 2013-01-30 07:27 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1123 RP: -> 2013-01-28 05:03 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1122 RP: -> 2013-01-23 14:57 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1121 RP: -> 2013-01-21 04:28 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1120 RP: -> 2013-01-18 06:01 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1119 RP: -> 2013-01-17 05:09 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1118 RP: -> 2013-01-15 10:10 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1117 RP: -> 2013-01-14 04:28 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1116 RP: -> 2013-01-10 10:53 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1115 RP: -> 2013-01-07 04:40 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1114 RP: -> 2013-01-03 05:16 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1113 RP: -> 2012-12-31 11:34 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1112 RP: -> 2012-12-28 06:19 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1111 RP: -> 2012-12-20 06:16 - 032768 _restore{2FE390B6-FB31-48E2-8D14-5A0FEEDEF327}\RP1110 ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 2550.05 MB Available physical RAM: 2280.11 MB Total Pagefile: 2377.75 MB Available Pagefile: 2315.87 MB Total Virtual: 2047.88 MB Available Virtual: 1993.54 MB ==================== Drives ================================ Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS Drive c: (System) (Fixed) (Total:74.53 GB) (Free:19.37 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (HITMANPRO) (Removable) (Total:1.96 GB) (Free:1.95 GB) FAT32 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 75 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 75 GB 32 KB ================================================================================== Disk: 0 Partition 1 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C System NTFS Partition 75 GB Healthy ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: B3F42574) Partition 1: (Active) - (Size=75 GB) - (Type=07) (NTFS) ==================================================================== Disk: 1 (Size: 2 GB) (Disk ID: 689C5F5D) Partition 1: (Active) - (Size=2 GB) - (Type=0B) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top