Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Ice Removal Issues
Message
<blockquote data-quote="Bac-Man" data-source="post: 142039" data-attributes="member: 14320"><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013</p><p>Ran by SYSTEM on REATOGO on 28-10-2013 22:00:42</p><p>Running from D:\</p><p>Microsoft Windows XP (X86) OS Language: English(US)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Recovery</p><p></p><p>The current controlset is ControlSet001</p><p><strong>ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.</strong></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [851968 2007-06-03] (Synaptics, Inc.)</p><p>HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()</p><p>HKLM\...\Run: [Dell QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [1191936 2007-05-14] (Dell Inc)</p><p>HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.EXE [2183168 2007-12-11] (Dell Inc.)</p><p>HKLM\...\Run: [SigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [405504 2007-06-06] (SigmaTel, Inc.)</p><p>HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( )</p><p>HKLM\...\Run: [PCMService] - C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.)</p><p>HKLM\...\Run: [MVS Splash] - C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe [476480 2010-05-11] (McAfee, Inc.)</p><p>HKLM\...\Run: [McAfee Managed Services Tray] - "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"</p><p>HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [DellSupportCenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter</p><p>HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.)</p><p>HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)</p><p>HKLM\...\Run: [] - [x]</p><p>HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask)</p><p>HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-07-11] (Apple Inc.)</p><p>HKLM\...\Policies\Explorer: [NoControlPanel] 0</p><p>HKU\PR Baca\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe</p><p>HKU\PR Baca\...\Run: [DellSupportCenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter</p><p>HKU\PR Baca\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-21] (Skype Technologies S.A.)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk</p><p>ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software )</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk</p><p>ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)</p><p>Startup: C:\Documents and Settings\PR Baca\Start Menu\Programs\Startup\hjwhwqzj.lnk</p><p>ShortcutTarget: hjwhwqzj.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\jzqwhwjh.dss (Sekizenkan Company)</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>S2 EngineServer; C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe [14144 2009-12-15] (McAfee, Inc.)</p><p>S2 LxrJD31s; C:\Windows\System32\LxrJD31s.exe [71168 2010-12-10] ()</p><p>S2 McShield; C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe [144704 2009-12-15] (McAfee, Inc.)</p><p>S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)</p><p>S2 myAgtSvc; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [282824 2010-05-11] (McAfee, Inc.)</p><p>S2 ptumlcmsvc; C:\WINDOWS\system32\ptumlcmsvc.exe [143360 2012-09-21] (DEVGURU Co., LTD)</p><p>S2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.)</p><p>S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.)</p><p>S2 SWAGENT; C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe [202048 2010-05-11] (McAfee, Inc.)</p><p>S2 winmgmt; C:\DOCUME~1\ALLUSE~1\APPLIC~1\jzqwhwjh.dss [172032 2013-10-24] (Sekizenkan Company)</p><p>S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1921024 2007-12-11] (Dell Inc.)</p><p>S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)</p><p>S1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc)</p><p>S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [1123328 2007-12-11] (Broadcom Corp.)</p><p>S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-10-25] (HP)</p><p>S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-10-25] (HP)</p><p>S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-10-25] (HP)</p><p>S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [211200 2007-12-02] (Conexant Systems, Inc.)</p><p>S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989952 2007-12-02] (Conexant Systems, Inc.)</p><p>S2 LxrJD31d; C:\WINDOWS\system32\Drivers\LxrJD31d.sys [69824 2010-12-10] ()</p><p>S3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-12-15] (McAfee, Inc.)</p><p>S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-12-15] (McAfee, Inc.)</p><p>S1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214664 2009-12-15] (McAfee, Inc.)</p><p>S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-12-15] (McAfee, Inc.)</p><p>S1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55304 2009-12-15] (McAfee, Inc.)</p><p>S3 NWUSBCDFIL; C:\Windows\System32\DRIVERS\NwUsbCdFil.sys [20480 2008-07-07] (Novatel Wireless Inc.)</p><p>S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [174336 2008-05-09] (Novatel Wireless Inc.)</p><p>S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [88632 2012-09-21] (DEVGURU Co., LTD.)</p><p>S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [169016 2012-09-21] (DEVGURU Co., LTD.(www.devguru.co.kr))</p><p>S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [169016 2012-09-21] (DEVGURU Co., LTD.(www.devguru.co.kr))</p><p>S3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [97592 2012-09-21] (DEVGURU Co., LTD.)</p><p>S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [169656 2012-09-21] (DEVGURU Co., LTD.(www.devguru.co.kr))</p><p>S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59704 2012-09-21] (DEVGURU Co., LTD.)</p><p>S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [169016 2012-09-21] (DEVGURU Co., LTD.(www.devguru.co.kr))</p><p>S3 SMSIVZAM5; C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [32408 2011-11-29] (Smith Micro Inc.)</p><p>S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-06-06] (SigmaTel, Inc.)</p><p>S3 PTDMBus; system32\DRIVERS\PTDMBus.sys [x]</p><p>S3 PTDMMdm; system32\DRIVERS\PTDMMdm.sys [x]</p><p>S3 PTDMVsp; system32\DRIVERS\PTDMVsp.sys [x]</p><p>S3 PTDMWFLT; system32\DRIVERS\PTDMWFLT.sys [x]</p><p>S3 PTDMWWAN; system32\DRIVERS\PTDMWWAN.sys [x]</p><p>S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)</p><p>S3 SMNDIS5; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS [x]</p><p>S3 SymIM; system32\DRIVERS\SymIM.sys [x]</p><p>S3 SymIMMP; system32\DRIVERS\SymIM.sys [x]</p><p>S1 WS2IFSL; </p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-10-28 22:00 - 2013-10-28 22:00 - 00000000 ____D C:\FRST</p><p>2013-10-28 12:30 - 2013-10-28 12:30 - 00000000 ____D C:\Windows\CSC</p><p>2013-10-28 08:09 - 2013-10-28 14:11 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0</p><p>2013-10-24 16:52 - 2013-10-28 19:39 - 95025368 ____T C:\Documents and Settings\All Users\Application Data\hjwhwqzj.bxx</p><p>2013-10-24 16:52 - 2013-10-28 19:39 - 00000000 _____ C:\Documents and Settings\All Users\Application Data\hjwhwqzj.fvv</p><p>2013-10-24 16:52 - 2013-10-24 16:52 - 00172032 _____ (Sekizenkan Company) C:\Documents and Settings\All Users\Application Data\jzqwhwjh.dss</p><p>2013-10-22 12:53 - 2013-10-22 12:53 - 00033468 _____ C:\Documents and Settings\PR Baca\My Documents\Information for Will.htm</p><p>2013-10-22 12:53 - 2013-10-22 12:53 - 00000000 ____D C:\Documents and Settings\PR Baca\My Documents\Information for Will_files</p><p>2013-10-10 12:46 - 2013-10-10 12:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$</p><p>2013-10-10 12:45 - 2013-10-10 12:45 - 00009600 _____ C:\Windows\KB2862335.log</p><p>2013-10-10 12:45 - 2013-10-10 12:45 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$</p><p>2013-10-10 12:40 - 2013-10-10 12:40 - 00011109 _____ C:\Windows\KB2868038.log</p><p>2013-10-10 12:40 - 2013-10-10 12:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2868038$</p><p>2013-10-10 12:38 - 2013-10-10 12:39 - 00011340 _____ C:\Windows\KB2879017-IE8.log</p><p>2013-10-10 12:38 - 2013-10-10 12:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2883150$</p><p>2013-10-10 10:41 - 2013-10-10 12:46 - 00013678 _____ C:\Windows\KB2847311.log</p><p>2013-10-10 10:41 - 2013-07-02 22:12 - 00025088 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys</p><p>2013-10-10 10:41 - 2013-07-02 22:12 - 00025088 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys</p><p>2013-10-10 10:40 - 2013-07-16 20:58 - 00123008 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys</p><p>2013-10-10 10:40 - 2013-07-16 20:58 - 00123008 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys</p><p>2013-10-10 10:40 - 2013-07-16 20:58 - 00060160 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys</p><p>2013-10-10 10:40 - 2013-07-16 20:58 - 00060160 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys</p><p>2013-10-10 10:40 - 2013-07-16 20:58 - 00046848 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\irbus.sys</p><p>2013-10-10 10:40 - 2013-07-16 20:58 - 00046848 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\irbus.sys</p><p>2013-10-10 10:11 - 2013-10-10 10:11 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$</p><p>2013-10-10 09:55 - 2013-10-28 13:06 - 00107815 _____ C:\Windows\setupapi.log</p><p>2013-10-10 09:25 - 2013-08-08 20:55 - 00144128 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbport.sys</p><p>2013-10-10 09:25 - 2013-08-08 20:55 - 00144128 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbport.sys</p><p>2013-10-10 09:25 - 2013-08-08 20:55 - 00005376 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys</p><p>2013-10-10 09:25 - 2013-08-08 20:55 - 00005376 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys</p><p>2013-10-10 09:25 - 2009-03-18 07:02 - 00030336 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys</p><p>2013-10-10 09:25 - 2009-03-18 07:02 - 00030336 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-10-28 22:00 - 2013-10-28 22:00 - 00000000 ____D C:\FRST</p><p>2013-10-28 19:39 - 2013-10-24 16:52 - 95025368 ____T C:\Documents and Settings\All Users\Application Data\hjwhwqzj.bxx</p><p>2013-10-28 19:39 - 2013-10-24 16:52 - 00000000 _____ C:\Documents and Settings\All Users\Application Data\hjwhwqzj.fvv</p><p>2013-10-28 19:39 - 2004-08-11 18:09 - 00000050 _____ C:\Windows\wiaservc.log</p><p>2013-10-28 18:14 - 2004-08-11 18:09 - 00000159 _____ C:\Windows\wiadebug.log</p><p>2013-10-28 16:57 - 2004-08-11 18:13 - 02033693 _____ C:\Windows\WindowsUpdate.log</p><p>2013-10-28 16:48 - 2004-08-11 18:00 - 00002206 _____ C:\Windows\System32\wpa.dbl</p><p>2013-10-28 14:11 - 2013-10-28 08:09 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0</p><p>2013-10-28 13:06 - 2013-10-10 09:55 - 00107815 _____ C:\Windows\setupapi.log</p><p>2013-10-28 12:30 - 2013-10-28 12:30 - 00000000 ____D C:\Windows\CSC</p><p>2013-10-24 21:32 - 2004-08-11 18:20 - 00032470 _____ C:\Windows\SchedLgU.Txt</p><p>2013-10-24 18:49 - 2008-05-28 12:07 - 00000178 ___SH C:\Documents and Settings\PR Baca\ntuser.ini</p><p>2013-10-24 16:52 - 2013-10-24 16:52 - 00172032 _____ (Sekizenkan Company) C:\Documents and Settings\All Users\Application Data\jzqwhwjh.dss</p><p>2013-10-24 16:51 - 2012-08-26 11:54 - 00000000 ____D C:\Documents and Settings\PR Baca\Local Settings\Application Data\AskToolbar</p><p>2013-10-24 16:48 - 2013-04-25 12:59 - 00000000 ____D C:\Documents and Settings\PR Baca\Application Data\Skype</p><p>2013-10-24 15:13 - 2013-05-07 13:04 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk</p><p>2013-10-23 16:35 - 2008-05-16 16:01 - 00028424 _____ C:\Windows\setupact.log</p><p>2013-10-22 12:53 - 2013-10-22 12:53 - 00033468 _____ C:\Documents and Settings\PR Baca\My Documents\Information for Will.htm</p><p>2013-10-22 12:53 - 2013-10-22 12:53 - 00000000 ____D C:\Documents and Settings\PR Baca\My Documents\Information for Will_files</p><p>2013-10-21 17:46 - 2004-08-11 18:07 - 01876478 _____ C:\Windows\FaxSetup.log</p><p>2013-10-21 17:46 - 2004-08-11 18:07 - 00918217 _____ C:\Windows\ocgen.log</p><p>2013-10-21 17:46 - 2004-08-11 18:07 - 00863199 _____ C:\Windows\tsoc.log</p><p>2013-10-21 17:46 - 2004-08-11 18:07 - 00595960 _____ C:\Windows\System32\PerfStringBackup.INI</p><p>2013-10-21 17:46 - 2004-08-11 18:07 - 00585768 _____ C:\Windows\msmqinst.log</p><p>2013-10-21 17:46 - 2004-08-11 18:07 - 00576211 _____ C:\Windows\comsetup.log</p><p>2013-10-21 17:46 - 2004-08-11 18:07 - 00350035 _____ C:\Windows\ntdtcsetup.log</p><p>2013-10-21 17:46 - 2004-08-11 18:07 - 00327289 _____ C:\Windows\netfxocm.log</p><p>2013-10-21 17:46 - 2004-08-11 18:07 - 00129821 _____ C:\Windows\MedCtrOC.log</p><p>2013-10-21 17:46 - 2004-08-11 18:07 - 00095942 _____ C:\Windows\iis6.log</p><p>2013-10-21 17:46 - 2004-08-11 18:07 - 00094384 _____ C:\Windows\ocmsn.log</p><p>2013-10-21 17:46 - 2004-08-11 18:07 - 00093964 _____ C:\Windows\msgsocm.log</p><p>2013-10-21 17:46 - 2004-08-11 18:07 - 00093817 _____ C:\Windows\tabletoc.log</p><p>2013-10-21 17:46 - 2004-08-11 18:07 - 00004757 _____ C:\Windows\imsins.log</p><p>2013-10-21 17:46 - 2004-08-11 18:02 - 00000000 ____D C:\Windows\System32\inetsrv</p><p>2013-10-18 13:17 - 2013-08-28 19:04 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk</p><p>2013-10-14 17:54 - 2004-08-11 18:21 - 00000000 ____D C:\Windows\Microsoft.NET</p><p>2013-10-10 13:22 - 2004-08-11 18:06 - 00267800 _____ C:\Windows\System32\FNTCACHE.DAT</p><p>2013-10-10 12:49 - 2008-05-16 16:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help</p><p>2013-10-10 12:46 - 2013-10-10 12:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$</p><p>2013-10-10 12:46 - 2013-10-10 10:41 - 00013678 _____ C:\Windows\KB2847311.log</p><p>2013-10-10 12:46 - 2008-05-16 16:14 - 00242612 _____ C:\Windows\updspapi.log</p><p>2013-10-10 12:46 - 2004-08-11 18:07 - 00001393 _____ C:\Windows\imsins.BAK</p><p>2013-10-10 12:45 - 2013-10-10 12:45 - 00009600 _____ C:\Windows\KB2862335.log</p><p>2013-10-10 12:45 - 2013-10-10 12:45 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$</p><p>2013-10-10 12:45 - 2013-07-12 19:57 - 00000000 ____D C:\Windows\System32\MRT</p><p>2013-10-10 12:42 - 2008-06-23 08:49 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>2013-10-10 12:40 - 2013-10-10 12:40 - 00011109 _____ C:\Windows\KB2868038.log</p><p>2013-10-10 12:40 - 2013-10-10 12:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2868038$</p><p>2013-10-10 12:39 - 2013-10-10 12:38 - 00011340 _____ C:\Windows\KB2879017-IE8.log</p><p>2013-10-10 12:38 - 2013-10-10 12:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2883150$</p><p>2013-10-10 10:11 - 2013-10-10 10:11 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$</p><p>2013-10-10 09:25 - 2013-03-13 17:12 - 01065976 _____ C:\Windows\setupapi.log.3.old</p><p>2013-10-09 17:30 - 2013-05-07 13:04 - 00000000 ___RD C:\Program Files\Skype</p><p>2013-10-09 17:30 - 2013-04-25 12:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype</p><p>2013-10-08 13:28 - 2012-07-30 13:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe</p><p>2013-10-08 13:28 - 2012-07-30 13:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl</p><p>2013-10-06 11:25 - 2010-12-10 23:28 - 05000129 _____ C:\Windows\System32\ptumlacsvc-1.log</p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Documents and Settings\PR Baca\Local Settings\Temp\ApnStub.exe</p><p>C:\Documents and Settings\PR Baca\Local Settings\Temp\eject.exe</p><p>C:\Documents and Settings\PR Baca\Local Settings\Temp\jre-6u34-windows-i586-iftw.exe</p><p>C:\Documents and Settings\PR Baca\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe</p><p>C:\Documents and Settings\PR Baca\Local Settings\Temp\setup.exe</p><p>C:\Documents and Settings\PR Baca\Local Settings\Temp\SkypeSetup.exe</p><p>C:\Documents and Settings\PR Baca\Local Settings\Temp\SkypeSetupFull(6.1.73.129)(Trackable457)trackable.exe</p><p>C:\Documents and Settings\PR Baca\Local Settings\Temp\~tmf4040273340246802631.dll</p><p></p><p></p><p>==================== Known DLLs (Whitelisted) ============</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points (XP) =====================</p><p></p><p>RP: -> 2013-10-22 16:46 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP938 </p><p></p><p>RP: -> 2013-10-18 17:27 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP937 </p><p></p><p>RP: -> 2013-10-14 18:14 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP936 </p><p></p><p>RP: -> 2013-10-13 15:42 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP935 </p><p></p><p>RP: -> 2013-10-13 14:24 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP934 </p><p></p><p>RP: -> 2013-10-10 12:36 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP933 </p><p></p><p>RP: -> 2013-10-10 10:09 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP932 </p><p></p><p>RP: -> 2013-10-09 19:02 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP931 </p><p></p><p>RP: -> 2013-10-08 15:29 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP930 </p><p></p><p>RP: -> 2013-10-06 13:39 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP929 </p><p></p><p>RP: -> 2013-10-03 17:39 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP928 </p><p></p><p>RP: -> 2013-10-02 15:53 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP927 </p><p></p><p>RP: -> 2013-09-22 14:04 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP926 </p><p></p><p>RP: -> 2013-09-19 18:28 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP925 </p><p></p><p>RP: -> 2013-09-18 12:27 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP924 </p><p></p><p>RP: -> 2013-09-16 17:53 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP923 </p><p></p><p>RP: -> 2013-09-15 13:15 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP922 </p><p></p><p>RP: -> 2013-09-13 18:52 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP921 </p><p></p><p>RP: -> 2013-09-13 13:23 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP920 </p><p></p><p>RP: -> 2013-09-13 12:22 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP919 </p><p></p><p>RP: -> 2013-09-13 00:41 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP918 </p><p></p><p>RP: -> 2013-09-12 21:13 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP917 </p><p></p><p>RP: -> 2013-09-12 16:02 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916 </p><p></p><p>RP: -> 2013-09-11 20:11 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP915 </p><p></p><p>RP: -> 2013-09-11 12:45 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP914 </p><p></p><p>RP: -> 2013-09-11 12:06 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP913 </p><p></p><p>RP: -> 2013-09-10 13:36 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP912 </p><p></p><p>RP: -> 2013-09-10 13:35 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911 </p><p></p><p>RP: -> 2013-09-10 13:24 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910 </p><p></p><p>RP: -> 2013-09-08 21:13 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909 </p><p></p><p>RP: -> 2013-09-06 18:06 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP908 </p><p></p><p>RP: -> 2013-09-04 23:38 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP907 </p><p></p><p>RP: -> 2013-09-02 19:09 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP906 </p><p></p><p>RP: -> 2013-09-01 15:35 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP905 </p><p></p><p>RP: -> 2013-08-29 23:05 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP904 </p><p></p><p>RP: -> 2013-08-28 11:31 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP903 </p><p></p><p>RP: -> 2013-08-27 11:29 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP902 </p><p></p><p>RP: -> 2013-08-25 23:51 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP901 </p><p></p><p>RP: -> 2013-08-22 00:32 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP900 </p><p></p><p>RP: -> 2013-08-20 13:40 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP899 </p><p></p><p>RP: -> 2013-08-17 20:34 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP898 </p><p></p><p>RP: -> 2013-08-15 17:26 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP897 </p><p></p><p>RP: -> 2013-08-14 12:44 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP896 </p><p></p><p>RP: -> 2013-08-14 11:30 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP895 </p><p></p><p>RP: -> 2013-08-12 22:21 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP894 </p><p></p><p>RP: -> 2013-08-09 16:19 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP893 </p><p></p><p>RP: -> 2013-08-08 08:30 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP892 </p><p></p><p>RP: -> 2013-08-07 08:05 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP891 </p><p></p><p>RP: -> 2013-08-05 22:34 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP890 </p><p></p><p>RP: -> 2013-08-03 18:54 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP889 </p><p></p><p>RP: -> 2013-08-01 17:16 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP888 </p><p></p><p>RP: -> 2013-07-30 17:36 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP887 </p><p></p><p>RP: -> 2013-07-29 16:04 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP886 </p><p></p><p>RP: -> 2013-07-28 13:36 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP885 </p><p></p><p>RP: -> 2013-07-25 15:47 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP884 </p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 13%</p><p>Total physical RAM: 2037.97 MB</p><p>Available physical RAM: 1756.32 MB</p><p>Total Pagefile: 1868.64 MB</p><p>Available Pagefile: 1784.72 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1984.92 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS</p><p>Drive c: () (Fixed) (Total:109.21 GB) (Free:82.28 GB) NTFS ==>[Drive with boot components (Windows XP)]</p><p>Drive d: (HITMANPRO) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32</p><p>Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows XP) (Size: 112 GB) (Disk ID: 41AB2316)</p><p>Partition 1: (Not Active) - (Size=86 MB) - (Type=DE)</p><p>Partition 2: (Active) - (Size=109 GB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=2 GB) - (Type=OF Extended)</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 2 GB) (Disk ID: B0D023BB)</p><p>Partition 1: (Active) - (Size=2 GB) - (Type=0B)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="Bac-Man, post: 142039, member: 14320"] Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-10-2013 Ran by SYSTEM on REATOGO on 28-10-2013 22:00:42 Running from D:\ Microsoft Windows XP (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [851968 2007-06-03] (Synaptics, Inc.) HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [Dell QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [1191936 2007-05-14] (Dell Inc) HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\WINDOWS\system32\WLTRAY.EXE [2183168 2007-12-11] (Dell Inc.) HKLM\...\Run: [SigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [405504 2007-06-06] (SigmaTel, Inc.) HKLM\...\Run: [dscactivate] - C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe [16384 2008-03-11] ( ) HKLM\...\Run: [PCMService] - C:\Program Files\Dell\MediaDirect\PCMService.exe [184320 2007-12-21] (CyberLink Corp.) HKLM\...\Run: [MVS Splash] - C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe [476480 2010-05-11] (McAfee, Inc.) HKLM\...\Run: [McAfee Managed Services Tray] - "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [39792 2008-01-11] (Adobe Systems Incorporated) HKLM\...\Run: [DellSupportCenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuSchd2.exe [49152 2006-12-10] (Hewlett-Packard Co.) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.) HKLM\...\Run: [] - [x] HKLM\...\Run: [ApnUpdater] - C:\Program Files\Ask.com\Updater\Updater.exe [1648264 2013-04-25] (Ask) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2013-07-11] (Apple Inc.) HKLM\...\Policies\Explorer: [NoControlPanel] 0 HKU\PR Baca\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe HKU\PR Baca\...\Run: [DellSupportCenter] - "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter HKU\PR Baca\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [ 2013-06-21] (Skype Technologies S.A.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk ShortcutTarget: Digital Line Detect.lnk -> C:\Program Files\Digital Line Detect\DLG.exe (Avanquest Software ) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\PR Baca\Start Menu\Programs\Startup\hjwhwqzj.lnk ShortcutTarget: hjwhwqzj.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\jzqwhwjh.dss (Sekizenkan Company) ========================== Services (Whitelisted) ================= S2 EngineServer; C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe [14144 2009-12-15] (McAfee, Inc.) S2 LxrJD31s; C:\Windows\System32\LxrJD31s.exe [71168 2010-12-10] () S2 McShield; C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe [144704 2009-12-15] (McAfee, Inc.) S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation) S2 myAgtSvc; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [282824 2010-05-11] (McAfee, Inc.) S2 ptumlcmsvc; C:\WINDOWS\system32\ptumlcmsvc.exe [143360 2012-09-21] (DEVGURU Co., LTD) S2 Skype C2C Service; C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3289208 2013-05-14] (Skype Technologies S.A.) S2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe [201968 2008-08-14] (SupportSoft, Inc.) S2 SWAGENT; C:\Program Files\McAfee\Managed VirusScan\Agent\swAgent.exe [202048 2010-05-11] (McAfee, Inc.) S2 winmgmt; C:\DOCUME~1\ALLUSE~1\APPLIC~1\jzqwhwjh.dss [172032 2013-10-24] (Sekizenkan Company) S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [1921024 2007-12-11] (Dell Inc.) S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) S1 APPDRV; C:\Windows\SYSTEM32\DRIVERS\APPDRV.SYS [16128 2005-08-12] (Dell Inc) S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [1123328 2007-12-11] (Broadcom Corp.) S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-10-25] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-10-25] (HP) S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-10-25] (HP) S3 HSFHWAZL; C:\Windows\System32\DRIVERS\HSFHWAZL.sys [211200 2007-12-02] (Conexant Systems, Inc.) S3 HSF_DPV; C:\Windows\System32\DRIVERS\HSF_DPV.sys [989952 2007-12-02] (Conexant Systems, Inc.) S2 LxrJD31d; C:\WINDOWS\system32\Drivers\LxrJD31d.sys [69824 2010-12-10] () S3 MfeAVFK; C:\Windows\System32\drivers\MfeAVFK.sys [79816 2009-12-15] (McAfee, Inc.) S3 MfeBOPK; C:\Windows\System32\drivers\MfeBOPK.sys [35272 2009-12-15] (McAfee, Inc.) S1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [214664 2009-12-15] (McAfee, Inc.) S3 MfeRKDK; C:\Windows\System32\drivers\MfeRKDK.sys [34248 2009-12-15] (McAfee, Inc.) S1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [55304 2009-12-15] (McAfee, Inc.) S3 NWUSBCDFIL; C:\Windows\System32\DRIVERS\NwUsbCdFil.sys [20480 2008-07-07] (Novatel Wireless Inc.) S3 NWUSBPort2; C:\Windows\System32\DRIVERS\nwusbser2.sys [174336 2008-05-09] (Novatel Wireless Inc.) S3 PTUMLBUS; C:\Windows\System32\DRIVERS\PTUMLBUS.sys [88632 2012-09-21] (DEVGURU Co., LTD.) S3 PTUMLCVsp; C:\Windows\System32\DRIVERS\PTUMLCVsp.sys [169016 2012-09-21] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 PTUMLMdm; C:\Windows\System32\DRIVERS\PTUMLMdm.sys [169016 2012-09-21] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 PTUMLNET; C:\Windows\System32\DRIVERS\PTUMLNET.sys [97592 2012-09-21] (DEVGURU Co., LTD.) S3 PTUMLNVsp; C:\Windows\System32\DRIVERS\PTUMLNVsp.sys [169656 2012-09-21] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 PTUMLRMNET; C:\Windows\System32\DRIVERS\PTUMLRMNET.sys [59704 2012-09-21] (DEVGURU Co., LTD.) S3 PTUMLVsp; C:\Windows\System32\DRIVERS\PTUMLVsp.sys [169016 2012-09-21] (DEVGURU Co., LTD.(www.devguru.co.kr)) S3 SMSIVZAM5; C:\PROGRA~1\VERIZO~1\VZACCE~1\SMSIVZAM5.SYS [32408 2011-11-29] (Smith Micro Inc.) S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1222840 2007-06-06] (SigmaTel, Inc.) S3 PTDMBus; system32\DRIVERS\PTDMBus.sys [x] S3 PTDMMdm; system32\DRIVERS\PTDMMdm.sys [x] S3 PTDMVsp; system32\DRIVERS\PTDMVsp.sys [x] S3 PTDMWFLT; system32\DRIVERS\PTDMWFLT.sys [x] S3 PTDMWWAN; system32\DRIVERS\PTDMWWAN.sys [x] S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) S3 SMNDIS5; \??\C:\PROGRA~1\VERIZO~1\VZACCE~1\SMNDIS5.SYS [x] S3 SymIM; system32\DRIVERS\SymIM.sys [x] S3 SymIMMP; system32\DRIVERS\SymIM.sys [x] S1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-28 22:00 - 2013-10-28 22:00 - 00000000 ____D C:\FRST 2013-10-28 12:30 - 2013-10-28 12:30 - 00000000 ____D C:\Windows\CSC 2013-10-28 08:09 - 2013-10-28 14:11 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-10-24 16:52 - 2013-10-28 19:39 - 95025368 ____T C:\Documents and Settings\All Users\Application Data\hjwhwqzj.bxx 2013-10-24 16:52 - 2013-10-28 19:39 - 00000000 _____ C:\Documents and Settings\All Users\Application Data\hjwhwqzj.fvv 2013-10-24 16:52 - 2013-10-24 16:52 - 00172032 _____ (Sekizenkan Company) C:\Documents and Settings\All Users\Application Data\jzqwhwjh.dss 2013-10-22 12:53 - 2013-10-22 12:53 - 00033468 _____ C:\Documents and Settings\PR Baca\My Documents\Information for Will.htm 2013-10-22 12:53 - 2013-10-22 12:53 - 00000000 ____D C:\Documents and Settings\PR Baca\My Documents\Information for Will_files 2013-10-10 12:46 - 2013-10-10 12:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$ 2013-10-10 12:45 - 2013-10-10 12:45 - 00009600 _____ C:\Windows\KB2862335.log 2013-10-10 12:45 - 2013-10-10 12:45 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$ 2013-10-10 12:40 - 2013-10-10 12:40 - 00011109 _____ C:\Windows\KB2868038.log 2013-10-10 12:40 - 2013-10-10 12:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2868038$ 2013-10-10 12:38 - 2013-10-10 12:39 - 00011340 _____ C:\Windows\KB2879017-IE8.log 2013-10-10 12:38 - 2013-10-10 12:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2883150$ 2013-10-10 10:41 - 2013-10-10 12:46 - 00013678 _____ C:\Windows\KB2847311.log 2013-10-10 10:41 - 2013-07-02 22:12 - 00025088 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys 2013-10-10 10:41 - 2013-07-02 22:12 - 00025088 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\hidparse.sys 2013-10-10 10:40 - 2013-07-16 20:58 - 00123008 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys 2013-10-10 10:40 - 2013-07-16 20:58 - 00123008 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbvideo.sys 2013-10-10 10:40 - 2013-07-16 20:58 - 00060160 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys 2013-10-10 10:40 - 2013-07-16 20:58 - 00060160 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbaudio.sys 2013-10-10 10:40 - 2013-07-16 20:58 - 00046848 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\irbus.sys 2013-10-10 10:40 - 2013-07-16 20:58 - 00046848 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\irbus.sys 2013-10-10 10:11 - 2013-10-10 10:11 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$ 2013-10-10 09:55 - 2013-10-28 13:06 - 00107815 _____ C:\Windows\setupapi.log 2013-10-10 09:25 - 2013-08-08 20:55 - 00144128 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbport.sys 2013-10-10 09:25 - 2013-08-08 20:55 - 00144128 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbport.sys 2013-10-10 09:25 - 2013-08-08 20:55 - 00005376 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys 2013-10-10 09:25 - 2013-08-08 20:55 - 00005376 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbd.sys 2013-10-10 09:25 - 2009-03-18 07:02 - 00030336 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys 2013-10-10 09:25 - 2009-03-18 07:02 - 00030336 ____N (Microsoft Corporation) C:\Windows\System32\dllcache\usbehci.sys ==================== One Month Modified Files and Folders ======= 2013-10-28 22:00 - 2013-10-28 22:00 - 00000000 ____D C:\FRST 2013-10-28 19:39 - 2013-10-24 16:52 - 95025368 ____T C:\Documents and Settings\All Users\Application Data\hjwhwqzj.bxx 2013-10-28 19:39 - 2013-10-24 16:52 - 00000000 _____ C:\Documents and Settings\All Users\Application Data\hjwhwqzj.fvv 2013-10-28 19:39 - 2004-08-11 18:09 - 00000050 _____ C:\Windows\wiaservc.log 2013-10-28 18:14 - 2004-08-11 18:09 - 00000159 _____ C:\Windows\wiadebug.log 2013-10-28 16:57 - 2004-08-11 18:13 - 02033693 _____ C:\Windows\WindowsUpdate.log 2013-10-28 16:48 - 2004-08-11 18:00 - 00002206 _____ C:\Windows\System32\wpa.dbl 2013-10-28 14:11 - 2013-10-28 08:09 - 00000000 ____D C:\Kaspersky Rescue Disk 10.0 2013-10-28 13:06 - 2013-10-10 09:55 - 00107815 _____ C:\Windows\setupapi.log 2013-10-28 12:30 - 2013-10-28 12:30 - 00000000 ____D C:\Windows\CSC 2013-10-24 21:32 - 2004-08-11 18:20 - 00032470 _____ C:\Windows\SchedLgU.Txt 2013-10-24 18:49 - 2008-05-28 12:07 - 00000178 ___SH C:\Documents and Settings\PR Baca\ntuser.ini 2013-10-24 16:52 - 2013-10-24 16:52 - 00172032 _____ (Sekizenkan Company) C:\Documents and Settings\All Users\Application Data\jzqwhwjh.dss 2013-10-24 16:51 - 2012-08-26 11:54 - 00000000 ____D C:\Documents and Settings\PR Baca\Local Settings\Application Data\AskToolbar 2013-10-24 16:48 - 2013-04-25 12:59 - 00000000 ____D C:\Documents and Settings\PR Baca\Application Data\Skype 2013-10-24 15:13 - 2013-05-07 13:04 - 00002265 _____ C:\Documents and Settings\All Users\Desktop\Skype.lnk 2013-10-23 16:35 - 2008-05-16 16:01 - 00028424 _____ C:\Windows\setupact.log 2013-10-22 12:53 - 2013-10-22 12:53 - 00033468 _____ C:\Documents and Settings\PR Baca\My Documents\Information for Will.htm 2013-10-22 12:53 - 2013-10-22 12:53 - 00000000 ____D C:\Documents and Settings\PR Baca\My Documents\Information for Will_files 2013-10-21 17:46 - 2004-08-11 18:07 - 01876478 _____ C:\Windows\FaxSetup.log 2013-10-21 17:46 - 2004-08-11 18:07 - 00918217 _____ C:\Windows\ocgen.log 2013-10-21 17:46 - 2004-08-11 18:07 - 00863199 _____ C:\Windows\tsoc.log 2013-10-21 17:46 - 2004-08-11 18:07 - 00595960 _____ C:\Windows\System32\PerfStringBackup.INI 2013-10-21 17:46 - 2004-08-11 18:07 - 00585768 _____ C:\Windows\msmqinst.log 2013-10-21 17:46 - 2004-08-11 18:07 - 00576211 _____ C:\Windows\comsetup.log 2013-10-21 17:46 - 2004-08-11 18:07 - 00350035 _____ C:\Windows\ntdtcsetup.log 2013-10-21 17:46 - 2004-08-11 18:07 - 00327289 _____ C:\Windows\netfxocm.log 2013-10-21 17:46 - 2004-08-11 18:07 - 00129821 _____ C:\Windows\MedCtrOC.log 2013-10-21 17:46 - 2004-08-11 18:07 - 00095942 _____ C:\Windows\iis6.log 2013-10-21 17:46 - 2004-08-11 18:07 - 00094384 _____ C:\Windows\ocmsn.log 2013-10-21 17:46 - 2004-08-11 18:07 - 00093964 _____ C:\Windows\msgsocm.log 2013-10-21 17:46 - 2004-08-11 18:07 - 00093817 _____ C:\Windows\tabletoc.log 2013-10-21 17:46 - 2004-08-11 18:07 - 00004757 _____ C:\Windows\imsins.log 2013-10-21 17:46 - 2004-08-11 18:02 - 00000000 ____D C:\Windows\System32\inetsrv 2013-10-18 13:17 - 2013-08-28 19:04 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2013-10-14 17:54 - 2004-08-11 18:21 - 00000000 ____D C:\Windows\Microsoft.NET 2013-10-10 13:22 - 2004-08-11 18:06 - 00267800 _____ C:\Windows\System32\FNTCACHE.DAT 2013-10-10 12:49 - 2008-05-16 16:27 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help 2013-10-10 12:46 - 2013-10-10 12:46 - 00000000 __HDC C:\Windows\$NtUninstallKB2847311$ 2013-10-10 12:46 - 2013-10-10 10:41 - 00013678 _____ C:\Windows\KB2847311.log 2013-10-10 12:46 - 2008-05-16 16:14 - 00242612 _____ C:\Windows\updspapi.log 2013-10-10 12:46 - 2004-08-11 18:07 - 00001393 _____ C:\Windows\imsins.BAK 2013-10-10 12:45 - 2013-10-10 12:45 - 00009600 _____ C:\Windows\KB2862335.log 2013-10-10 12:45 - 2013-10-10 12:45 - 00000000 __HDC C:\Windows\$NtUninstallKB2862335$ 2013-10-10 12:45 - 2013-07-12 19:57 - 00000000 ____D C:\Windows\System32\MRT 2013-10-10 12:42 - 2008-06-23 08:49 - 78106760 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-10-10 12:40 - 2013-10-10 12:40 - 00011109 _____ C:\Windows\KB2868038.log 2013-10-10 12:40 - 2013-10-10 12:40 - 00000000 __HDC C:\Windows\$NtUninstallKB2868038$ 2013-10-10 12:39 - 2013-10-10 12:38 - 00011340 _____ C:\Windows\KB2879017-IE8.log 2013-10-10 12:38 - 2013-10-10 12:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2883150$ 2013-10-10 10:11 - 2013-10-10 10:11 - 00000000 __HDC C:\Windows\$NtUninstallKB2862330$ 2013-10-10 09:25 - 2013-03-13 17:12 - 01065976 _____ C:\Windows\setupapi.log.3.old 2013-10-09 17:30 - 2013-05-07 13:04 - 00000000 ___RD C:\Program Files\Skype 2013-10-09 17:30 - 2013-04-25 12:58 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype 2013-10-08 13:28 - 2012-07-30 13:30 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-10-08 13:28 - 2012-07-30 13:30 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-10-06 11:25 - 2010-12-10 23:28 - 05000129 _____ C:\Windows\System32\ptumlacsvc-1.log Some content of TEMP: ==================== C:\Documents and Settings\PR Baca\Local Settings\Temp\ApnStub.exe C:\Documents and Settings\PR Baca\Local Settings\Temp\eject.exe C:\Documents and Settings\PR Baca\Local Settings\Temp\jre-6u34-windows-i586-iftw.exe C:\Documents and Settings\PR Baca\Local Settings\Temp\jre-6u35-windows-i586-iftw.exe C:\Documents and Settings\PR Baca\Local Settings\Temp\setup.exe C:\Documents and Settings\PR Baca\Local Settings\Temp\SkypeSetup.exe C:\Documents and Settings\PR Baca\Local Settings\Temp\SkypeSetupFull(6.1.73.129)(Trackable457)trackable.exe C:\Documents and Settings\PR Baca\Local Settings\Temp\~tmf4040273340246802631.dll ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points (XP) ===================== RP: -> 2013-10-22 16:46 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP938 RP: -> 2013-10-18 17:27 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP937 RP: -> 2013-10-14 18:14 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP936 RP: -> 2013-10-13 15:42 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP935 RP: -> 2013-10-13 14:24 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP934 RP: -> 2013-10-10 12:36 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP933 RP: -> 2013-10-10 10:09 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP932 RP: -> 2013-10-09 19:02 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP931 RP: -> 2013-10-08 15:29 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP930 RP: -> 2013-10-06 13:39 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP929 RP: -> 2013-10-03 17:39 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP928 RP: -> 2013-10-02 15:53 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP927 RP: -> 2013-09-22 14:04 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP926 RP: -> 2013-09-19 18:28 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP925 RP: -> 2013-09-18 12:27 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP924 RP: -> 2013-09-16 17:53 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP923 RP: -> 2013-09-15 13:15 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP922 RP: -> 2013-09-13 18:52 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP921 RP: -> 2013-09-13 13:23 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP920 RP: -> 2013-09-13 12:22 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP919 RP: -> 2013-09-13 00:41 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP918 RP: -> 2013-09-12 21:13 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP917 RP: -> 2013-09-12 16:02 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP916 RP: -> 2013-09-11 20:11 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP915 RP: -> 2013-09-11 12:45 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP914 RP: -> 2013-09-11 12:06 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP913 RP: -> 2013-09-10 13:36 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP912 RP: -> 2013-09-10 13:35 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP911 RP: -> 2013-09-10 13:24 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP910 RP: -> 2013-09-08 21:13 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP909 RP: -> 2013-09-06 18:06 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP908 RP: -> 2013-09-04 23:38 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP907 RP: -> 2013-09-02 19:09 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP906 RP: -> 2013-09-01 15:35 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP905 RP: -> 2013-08-29 23:05 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP904 RP: -> 2013-08-28 11:31 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP903 RP: -> 2013-08-27 11:29 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP902 RP: -> 2013-08-25 23:51 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP901 RP: -> 2013-08-22 00:32 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP900 RP: -> 2013-08-20 13:40 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP899 RP: -> 2013-08-17 20:34 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP898 RP: -> 2013-08-15 17:26 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP897 RP: -> 2013-08-14 12:44 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP896 RP: -> 2013-08-14 11:30 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP895 RP: -> 2013-08-12 22:21 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP894 RP: -> 2013-08-09 16:19 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP893 RP: -> 2013-08-08 08:30 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP892 RP: -> 2013-08-07 08:05 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP891 RP: -> 2013-08-05 22:34 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP890 RP: -> 2013-08-03 18:54 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP889 RP: -> 2013-08-01 17:16 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP888 RP: -> 2013-07-30 17:36 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP887 RP: -> 2013-07-29 16:04 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP886 RP: -> 2013-07-28 13:36 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP885 RP: -> 2013-07-25 15:47 - 032768 _restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP884 ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 2037.97 MB Available physical RAM: 1756.32 MB Total Pagefile: 1868.64 MB Available Pagefile: 1784.72 MB Total Virtual: 2047.88 MB Available Virtual: 1984.92 MB ==================== Drives ================================ Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS Drive c: () (Fixed) (Total:109.21 GB) (Free:82.28 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (HITMANPRO) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 112 GB) (Disk ID: 41AB2316) Partition 1: (Not Active) - (Size=86 MB) - (Type=DE) Partition 2: (Active) - (Size=109 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=2 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: B0D023BB) Partition 1: (Active) - (Size=2 GB) - (Type=0B) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top