Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
ICE virus
Message
<blockquote data-quote="jlcaylor" data-source="post: 142354" data-attributes="member: 12557"><p>FARBAR log:</p><p></p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2013</p><p>Ran by cpeed (administrator) on D6LNV5H1 on 30-10-2013 18:10:04</p><p>Running from C:\Documents and Settings\cpeed\Desktop\My Downloads</p><p>Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Normal</p><p></p><p>==================== Processes (Whitelisted) ===================</p><p></p><p>(Allscripts) C:\Program Files\Allscripts\Deployment\ClientUpdater.exe</p><p>(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe</p><p>(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe</p><p>(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe</p><p>(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe</p><p>() C:\Program Files\SecureLink\bin\Wrapper.exe</p><p>(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe</p><p>(Sun Microsystems, Inc.) C:\Program Files\SecureLink\java\bin\java.exe</p><p>(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe</p><p>(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe</p><p>(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe</p><p>(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe</p><p>(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe</p><p>(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe</p><p>(CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe</p><p>(LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe</p><p>(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe</p><p>(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe</p><p>(PFU LIMITED) C:\Scans\PFU\ScanSnap\CardMinder\CardLauncher.exe</p><p>(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe</p><p>(PFU LIMITED) C:\Scans\PFU\ScanSnap\Driver\PfuSsMon.exe</p><p>(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe</p><p>(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe</p><p>(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe</p><p>(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe</p><p>(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe</p><p>(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe</p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] ()</p><p>HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [178712 2007-10-03] (Intel Corporation)</p><p>HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1036288 2007-09-24] (Analog Devices, Inc.)</p><p>HKLM\...\Run: [ECenter] - C:\dell\E-Center\EULALauncher.exe [17920 2008-02-26] ( )</p><p>HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-02-26] (CyberLink Corp.)</p><p>HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [Enhanced Performance Keyboard] - C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe [253440 2012-08-08] (LITE-ON TECHNOLOGY CORP.)</p><p>HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.)</p><p>HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe"</p><p>Winlogon\Notify\rssnotify: C:\WINDOWS\system32\rssnotify.dll ()</p><p>Winlogon\Notify\uvncnotify: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation)</p><p>HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-08-21] (Google Inc.)</p><p>HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)</p><p>MountPoints2: {6e351506-c2b3-11e0-8a5c-001ec95745cc} - E:\setup.exe</p><p>HKU\dklose\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-08-21] (Google Inc.)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk</p><p>ShortcutTarget: CardMinder Viewer.lnk -> C:\Scans\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CesarFTP.lnk</p><p>ShortcutTarget: CesarFTP.lnk -> C:\Program Files\CesarFTP\CesarFTP.exe (No File)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk</p><p>ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Scans\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk</p><p>ShortcutTarget: ScanSnap Manager.lnk -> C:\Scans\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED)</p><p>Startup: C:\Documents and Settings\cpeed\Start Menu\Programs\Startup\17tbrrzj.lnk</p><p>ShortcutTarget: 17tbrrzj.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\jzrrbt71.plz (No File)</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie</p><p>URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)</p><p>SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=DownloadXYB&dpid=DownloadXYB&co=US&userid=4ef4d09d-cef8-4e9f-8608-324b3b0131d0&searchtype=ds&q={searchTerms}&installDate=01/01/1970</p><p>SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=DownloadXYB&dpid=DownloadXYB&co=US&userid=4ef4d09d-cef8-4e9f-8608-324b3b0131d0&searchtype=ds&q={searchTerms}&installDate=01/01/1970</p><p>SearchScopes: HKCU - {D295732D-567D-4990-B3A2-C8A2419F9331} URL = http://www.mysearchresults.com/search?c=2804&t=01&q={searchTerms}</p><p>SearchScopes: HKCU - {FB3E12EA-D9F7-47CB-BB68-9A12749C7B11} URL = http://search.conduit.com/Results.aspx?&ctid=CT3283894&SearchSource=45?&q={searchTerms}</p><p>BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)</p><p>BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)</p><p>BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)</p><p>BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)</p><p>BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)</p><p>BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)</p><p>Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)</p><p>Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File</p><p>Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File</p><p>Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)</p><p>Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)</p><p>Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)</p><p>Toolbar: HKCU - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File</p><p>DPF: {222D8CD9-C9C2-4035-ABDC-414836D9B49F} https://portal.chs.net/,DanaInfo=10.41.4.12+MPI.dll</p><p>DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab</p><p>DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab</p><p>DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab</p><p>DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab</p><p>DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect.chs.net/dana-cached/sc/JuniperSetupClient.cab</p><p>Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File</p><p>Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)</p><p>Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt</p><p>Tcpip\Parameters: [DhcpNameServer] 205.171.3.26 205.171.2.26</p><p></p><p>Chrome: </p><p>=======</p><p>CHR HomePage: hxxp://www.google.com/</p><p>CHR RestoreOnStartup: "hxxp://www.google.com/"</p><p>CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google<img src="data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7" class="smilie smilie--sprite smilie--sprite117" alt=":eek:" title="Eek! :eek:" loading="lazy" data-shortname=":eek:" />riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}</p><p>CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}</p><p>CHR Extension: (YouTube) - C:\DOCUME~1\cpeed\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0</p><p>CHR Extension: (Google Search) - C:\DOCUME~1\cpeed\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0</p><p>CHR Extension: (Gmail) - C:\DOCUME~1\cpeed\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>R2 Allscripts Deployment Client Updater Service; C:\Program Files\Allscripts\Deployment\ClientUpdater.exe [243200 2012-04-10] (Allscripts)</p><p>R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)</p><p>R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)</p><p>S3 RssUVNC; C:\Program Files\SecureLink\bin\SLinkSW\rssuvnc.exe [1408176 2012-05-10] (UltraVNC)</p><p>S3 RssVNC; C:\Program Files\SecureLink\bin\SLinkSW\rssvnc.exe [424280 2012-05-10] (RealVNC Ltd.)</p><p>R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"</p><p>S3 RssDSService; "C:\Program Files\SecureLink\bin\SLinkSW\RssDSProxy.exe" -service -listenport 5916 -rsschannel 127.0.0.1:7892 [x]</p><p>R2 slinksc; "C:\Program Files\SecureLink\bin\Wrapper.exe" -s "C:\Program Files\SecureLink\conf\wrapper.conf"</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)</p><p>R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2007-07-25] (Broadcom Corporation)</p><p>R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)</p><p>R1 NEOFLTR_7110_21187; C:\WINDOWS\system32\Drivers\NEOFLTR_7110_21187.SYS [85680 2012-06-11] (Juniper Networks)</p><p>R3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [392960 2007-09-24] (Sensaura)</p><p>U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)</p><p>U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation)</p><p>S4 vsdatant; a [x]</p><p>U1 WS2IFSL; </p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-10-30 18:06 - 2013-10-30 18:07 - 00000000 ____D C:\WINDOWS\LastGood</p><p>2013-10-29 17:50 - 2013-10-29 17:50 - 00000000 ____D C:\Documents and Settings\cpeed\Application Data\Oracle</p><p>2013-10-29 17:49 - 2013-10-29 17:49 - 00000000 ____D C:\Documents and Settings\cpeed\Local Settings\Application Data\Sun</p><p>2013-10-29 17:48 - 2013-10-29 17:48 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe</p><p>2013-10-29 17:48 - 2013-10-29 17:48 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe</p><p>2013-10-29 17:48 - 2013-10-29 17:48 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe</p><p>2013-10-29 17:48 - 2013-10-29 17:48 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll</p><p>2013-10-29 17:48 - 2013-10-29 17:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java</p><p>2013-10-29 17:43 - 2013-10-29 18:06 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt</p><p>2013-10-29 17:43 - 2013-10-29 17:44 - 00030391 _____ C:\WINDOWS\KB926139-v2.log</p><p>2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB926139-v2$</p><p>2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 ____D C:\WINDOWS\system32\windowspowershell</p><p>2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0</p><p>2013-10-23 19:29 - 2013-10-23 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Citrix</p><p>2013-10-23 14:00 - 2013-10-23 14:00 - 17226632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe</p><p>2013-10-23 13:32 - 2013-10-29 18:10 - 00032888 _____ C:\WINDOWS\KB2862335.log</p><p>2013-10-23 13:32 - 2013-10-23 13:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$</p><p>2013-10-23 13:32 - 2013-10-23 13:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$</p><p>2013-10-23 13:24 - 2013-10-23 13:24 - 00020531 _____ C:\WINDOWS\KB2868038.log</p><p>2013-10-23 13:24 - 2013-10-23 13:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$</p><p>2013-10-23 13:23 - 2013-10-23 13:24 - 00018664 _____ C:\WINDOWS\KB2879017-IE8.log</p><p>2013-10-23 13:23 - 2013-10-23 13:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$</p><p>2013-10-23 13:22 - 2013-10-23 13:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$</p><p>2013-10-23 13:19 - 2013-10-23 13:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee</p><p>2013-10-23 13:15 - 2013-10-23 13:33 - 00021747 _____ C:\WINDOWS\KB2847311.log</p><p>2013-10-23 13:15 - 2013-07-16 19:58 - 00123008 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys</p><p>2013-10-23 13:15 - 2013-07-16 19:58 - 00060160 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys</p><p>2013-10-23 13:15 - 2013-07-16 19:58 - 00046848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys</p><p>2013-10-23 13:15 - 2013-07-02 21:12 - 00025088 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys</p><p>2013-10-23 13:15 - 2013-07-02 20:59 - 00014976 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys</p><p>2013-10-23 13:14 - 2013-08-08 19:55 - 00144128 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys</p><p>2013-10-23 13:14 - 2013-08-08 19:55 - 00032384 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys</p><p>2013-10-23 13:14 - 2013-08-08 19:55 - 00005376 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys</p><p>2013-10-23 13:14 - 2009-03-18 06:02 - 00030336 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys</p><p>2013-10-01 13:32 - 2013-10-01 13:32 - 00000000 ____D C:\_OTL</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-10-30 18:07 - 2013-10-30 18:06 - 00000000 ____D C:\WINDOWS\LastGood</p><p>2013-10-30 18:07 - 2008-08-21 09:57 - 00989329 _____ C:\WINDOWS\setupapi.log</p><p>2013-10-30 18:07 - 2004-08-11 16:13 - 01658397 _____ C:\WINDOWS\WindowsUpdate.log</p><p>2013-10-30 18:00 - 2013-06-24 14:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job</p><p>2013-10-30 17:13 - 2010-02-15 12:07 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-10-30 16:30 - 2008-09-11 14:25 - 00000128 _____ C:\WINDOWS\system32\config\netlogon.ftl</p><p>2013-10-30 15:46 - 2010-02-15 12:07 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-10-30 15:45 - 2004-08-11 16:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT</p><p>2013-10-30 15:45 - 2004-08-11 16:09 - 00000159 ____C C:\WINDOWS\wiadebug.log</p><p>2013-10-30 15:45 - 2004-08-11 16:09 - 00000050 ____C C:\WINDOWS\wiaservc.log</p><p>2013-10-29 18:10 - 2013-10-23 13:32 - 00032888 _____ C:\WINDOWS\KB2862335.log</p><p>2013-10-29 18:10 - 2004-08-11 16:20 - 00032486 _____ C:\WINDOWS\SchedLgU.Txt</p><p>2013-10-29 18:09 - 2008-02-05 10:30 - 00000278 ___SH C:\Documents and Settings\cpeed\ntuser.ini</p><p>2013-10-29 18:09 - 2008-02-05 10:30 - 00000000 ____D C:\Documents and Settings\cpeed</p><p>2013-10-29 18:08 - 2008-08-21 10:17 - 00086491 ____C C:\WINDOWS\spupdsvc.log</p><p>2013-10-29 18:06 - 2013-10-29 17:43 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt</p><p>2013-10-29 18:06 - 2004-08-11 16:21 - 00000000 ____D C:\WINDOWS\Microsoft.NET</p><p>2013-10-29 17:50 - 2013-10-29 17:50 - 00000000 ____D C:\Documents and Settings\cpeed\Application Data\Oracle</p><p>2013-10-29 17:50 - 2008-08-21 10:11 - 00000000 ____D C:\Program Files\Java</p><p>2013-10-29 17:50 - 2008-08-21 10:11 - 00000000 ____D C:\Program Files\Common Files\Java</p><p>2013-10-29 17:49 - 2013-10-29 17:49 - 00000000 ____D C:\Documents and Settings\cpeed\Local Settings\Application Data\Sun</p><p>2013-10-29 17:48 - 2013-10-29 17:48 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe</p><p>2013-10-29 17:48 - 2013-10-29 17:48 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe</p><p>2013-10-29 17:48 - 2013-10-29 17:48 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe</p><p>2013-10-29 17:48 - 2013-10-29 17:48 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll</p><p>2013-10-29 17:48 - 2013-10-29 17:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java</p><p>2013-10-29 17:48 - 2008-08-21 10:12 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl</p><p>2013-10-29 17:44 - 2013-10-29 17:43 - 00030391 _____ C:\WINDOWS\KB926139-v2.log</p><p>2013-10-29 17:44 - 2004-08-11 16:07 - 02466629 _____ C:\WINDOWS\FaxSetup.log</p><p>2013-10-29 17:44 - 2004-08-11 16:07 - 01187547 _____ C:\WINDOWS\ocgen.log</p><p>2013-10-29 17:44 - 2004-08-11 16:07 - 01129699 _____ C:\WINDOWS\tsoc.log</p><p>2013-10-29 17:44 - 2004-08-11 16:07 - 00761672 _____ C:\WINDOWS\msmqinst.log</p><p>2013-10-29 17:44 - 2004-08-11 16:07 - 00697285 _____ C:\WINDOWS\iis6.log</p><p>2013-10-29 17:44 - 2004-08-11 16:07 - 00660390 _____ C:\WINDOWS\comsetup.log</p><p>2013-10-29 17:44 - 2004-08-11 16:07 - 00430753 _____ C:\WINDOWS\netfxocm.log</p><p>2013-10-29 17:44 - 2004-08-11 16:07 - 00399929 _____ C:\WINDOWS\ntdtcsetup.log</p><p>2013-10-29 17:44 - 2004-08-11 16:07 - 00169970 _____ C:\WINDOWS\MedCtrOC.log</p><p>2013-10-29 17:44 - 2004-08-11 16:07 - 00123984 _____ C:\WINDOWS\tabletoc.log</p><p>2013-10-29 17:44 - 2004-08-11 16:07 - 00123199 _____ C:\WINDOWS\msgsocm.log</p><p>2013-10-29 17:44 - 2004-08-11 16:07 - 00108762 _____ C:\WINDOWS\ocmsn.log</p><p>2013-10-29 17:44 - 2004-08-11 16:07 - 00001393 _____ C:\WINDOWS\imsins.log</p><p>2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB926139-v2$</p><p>2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 ____D C:\WINDOWS\system32\windowspowershell</p><p>2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0</p><p>2013-10-29 17:40 - 2004-08-11 16:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl</p><p>2013-10-23 20:06 - 2004-08-11 16:06 - 00214472 _____ C:\WINDOWS\system32\FNTCACHE.DAT</p><p>2013-10-23 19:29 - 2013-10-23 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Citrix</p><p>2013-10-23 19:29 - 2013-01-29 09:44 - 00000000 ____D C:\Documents and Settings\cpeed\Local Settings\Application Data\Citrix</p><p>2013-10-23 19:29 - 2009-05-19 11:42 - 00000000 ____D C:\Program Files\Citrix</p><p>2013-10-23 14:00 - 2013-10-23 14:00 - 17226632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe</p><p>2013-10-23 14:00 - 2013-06-24 14:37 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe</p><p>2013-10-23 14:00 - 2013-06-24 14:37 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl</p><p>2013-10-23 13:35 - 2004-08-11 16:07 - 00589442 _____ C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2013-10-23 13:33 - 2013-10-23 13:15 - 00021747 _____ C:\WINDOWS\KB2847311.log</p><p>2013-10-23 13:33 - 2004-08-11 16:07 - 00001393 _____ C:\WINDOWS\imsins.BAK</p><p>2013-10-23 13:32 - 2013-10-23 13:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$</p><p>2013-10-23 13:32 - 2013-10-23 13:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$</p><p>2013-10-23 13:32 - 2008-08-21 10:06 - 00271022 _____ C:\WINDOWS\updspapi.log</p><p>2013-10-23 13:29 - 2013-07-31 19:12 - 00000000 ____D C:\WINDOWS\system32\MRT</p><p>2013-10-23 13:24 - 2013-10-23 13:24 - 00020531 _____ C:\WINDOWS\KB2868038.log</p><p>2013-10-23 13:24 - 2013-10-23 13:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$</p><p>2013-10-23 13:24 - 2013-10-23 13:23 - 00018664 _____ C:\WINDOWS\KB2879017-IE8.log</p><p>2013-10-23 13:24 - 2011-10-07 08:34 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe</p><p>2013-10-23 13:23 - 2013-10-23 13:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$</p><p>2013-10-23 13:23 - 2011-10-07 08:38 - 00000000 ____D C:\WINDOWS\ie8updates</p><p>2013-10-23 13:22 - 2013-10-23 13:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$</p><p>2013-10-23 13:19 - 2013-10-23 13:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee</p><p>2013-10-23 13:18 - 2013-06-24 14:38 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk</p><p>2013-10-23 13:07 - 2008-09-11 14:25 - 00000000 __SHD C:\WINDOWS\CSC</p><p>2013-10-01 13:32 - 2013-10-01 13:32 - 00000000 ____D C:\_OTL</p><p></p><p>Files to move or delete:</p><p>====================</p><p>C:\Documents and Settings\cpeed\g2ax_customer_downloadhelper_win32_x86.exe</p><p></p><p></p><p>Some content of TEMP:</p><p>====================</p><p>C:\Documents and Settings\administrator.W11673DOM\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv_5fb2d044.exe</p><p>C:\Documents and Settings\cpeed\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="jlcaylor, post: 142354, member: 12557"] FARBAR log: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2013 Ran by cpeed (administrator) on D6LNV5H1 on 30-10-2013 18:10:04 Running from C:\Documents and Settings\cpeed\Desktop\My Downloads Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal ==================== Processes (Whitelisted) =================== (Allscripts) C:\Program Files\Allscripts\Deployment\ClientUpdater.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe () C:\Program Files\SecureLink\bin\Wrapper.exe (Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Sun Microsystems, Inc.) C:\Program Files\SecureLink\java\bin\java.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Intel Corporation) C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe (Intel Corporation) C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (CyberLink Corp.) C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (LITE-ON TECHNOLOGY CORP.) C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\SKDaemon.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe (Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (PFU LIMITED) C:\Scans\PFU\ScanSnap\CardMinder\CardLauncher.exe (Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe (PFU LIMITED) C:\Scans\PFU\ScanSnap\Driver\PfuSsMon.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\system32\hkcmd.exe [ ] () HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe [178712 2007-10-03] (Intel Corporation) HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1036288 2007-09-24] (Analog Devices, Inc.) HKLM\...\Run: [ECenter] - C:\dell\E-Center\EULALauncher.exe [17920 2008-02-26] ( ) HKLM\...\Run: [PDVDDXSrv] - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe [128296 2008-02-26] (CyberLink Corp.) HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe [34672 2008-06-12] (Adobe Systems Incorporated) HKLM\...\Run: [Enhanced Performance Keyboard] - C:\Program Files\Lenovo\USB Enhanced Performance Keyboard\Skdaemon.exe [253440 2012-08-08] (LITE-ON TECHNOLOGY CORP.) HKLM\...\Run: [ConnectionCenter] - C:\Program Files\Citrix\ICA Client\concentr.exe [305088 2011-04-25] (Citrix Systems, Inc.) HKLM\...\Run: [SunJavaUpdateSched] - "C:\Program Files\Java\jre7\bin\jusched.exe" Winlogon\Notify\rssnotify: C:\WINDOWS\system32\rssnotify.dll () Winlogon\Notify\uvncnotify: C:\WINDOWS\system32\wlnotify.dll (Microsoft Corporation) HKCU\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [68856 2008-08-21] (Google Inc.) HKCU\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) MountPoints2: {6e351506-c2b3-11e0-8a5c-001ec95745cc} - E:\setup.exe HKU\dklose\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [ 2008-08-21] (Google Inc.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CardMinder Viewer.lnk ShortcutTarget: CardMinder Viewer.lnk -> C:\Scans\PFU\ScanSnap\CardMinder\CardLauncher.exe (PFU LIMITED) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\CesarFTP.lnk ShortcutTarget: CesarFTP.lnk -> C:\Program Files\CesarFTP\CesarFTP.exe (No File) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Conversion to PDF with ScanSnap Organizer.lnk ShortcutTarget: Conversion to PDF with ScanSnap Organizer.lnk -> C:\Scans\PFU\ScanSnap\Organizer\PfuSsOrgOcrChk.exe (PFU LIMITED) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ScanSnap Manager.lnk ShortcutTarget: ScanSnap Manager.lnk -> C:\Scans\PFU\ScanSnap\Driver\PfuSsMon.exe (PFU LIMITED) Startup: C:\Documents and Settings\cpeed\Start Menu\Programs\Startup\17tbrrzj.lnk ShortcutTarget: 17tbrrzj.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\jzrrbt71.plz (No File) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=DownloadXYB&dpid=DownloadXYB&co=US&userid=4ef4d09d-cef8-4e9f-8608-324b3b0131d0&searchtype=ds&q={searchTerms}&installDate=01/01/1970 SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snap.do/?publisher=DownloadXYB&dpid=DownloadXYB&co=US&userid=4ef4d09d-cef8-4e9f-8608-324b3b0131d0&searchtype=ds&q={searchTerms}&installDate=01/01/1970 SearchScopes: HKCU - {D295732D-567D-4990-B3A2-C8A2419F9331} URL = http://www.mysearchresults.com/search?c=2804&t=01&q={searchTerms} SearchScopes: HKCU - {FB3E12EA-D9F7-47CB-BB68-9A12749C7B11} URL = http://search.conduit.com/Results.aspx?&ctid=CT3283894&SearchSource=45?&q={searchTerms} BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File Toolbar: HKLM - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - &Inbox Toolbar - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File DPF: {222D8CD9-C9C2-4035-ABDC-414836D9B49F} https://portal.chs.net/,DanaInfo=10.41.4.12+MPI.dll DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0045-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_45-windows-i586.cab DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://connect.chs.net/dana-cached/sc/JuniperSetupClient.cab Handler: inbox - {37540F19-DD4C-478B-B2DF-C19281BCAF27} - C:\PROGRA~1\INBOXT~1\Inbox.dll No File Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 205.171.3.26 205.171.2.26 Chrome: ======= CHR HomePage: hxxp://www.google.com/ CHR RestoreOnStartup: "hxxp://www.google.com/" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR Extension: (YouTube) - C:\DOCUME~1\cpeed\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0 CHR Extension: (Google Search) - C:\DOCUME~1\cpeed\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0 CHR Extension: (Gmail) - C:\DOCUME~1\cpeed\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0 ========================== Services (Whitelisted) ================= R2 Allscripts Deployment Client Updater Service; C:\Program Files\Allscripts\Deployment\ClientUpdater.exe [243200 2012-04-10] (Allscripts) R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S3 RssUVNC; C:\Program Files\SecureLink\bin\SLinkSW\rssuvnc.exe [1408176 2012-05-10] (UltraVNC) S3 RssVNC; C:\Program Files\SecureLink\bin\SLinkSW\rssvnc.exe [424280 2012-05-10] (RealVNC Ltd.) R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf" S3 RssDSService; "C:\Program Files\SecureLink\bin\SLinkSW\RssDSProxy.exe" -service -listenport 5916 -rsschannel 127.0.0.1:7892 [x] R2 slinksc; "C:\Program Files\SecureLink\bin\Wrapper.exe" -s "C:\Program Files\SecureLink\conf\wrapper.conf" ==================== Drivers (Whitelisted) ==================== S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation) R3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2007-07-25] (Broadcom Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) R1 NEOFLTR_7110_21187; C:\WINDOWS\system32\Drivers\NEOFLTR_7110_21187.SYS [85680 2012-06-11] (Juniper Networks) R3 SenFiltService; C:\Windows\System32\drivers\Senfilt.sys [392960 2007-09-24] (Sensaura) U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U5 Sdbus; C:\Windows\System32\Drivers\Sdbus.sys [79232 2008-04-13] (Microsoft Corporation) S4 vsdatant; a [x] U1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-30 18:06 - 2013-10-30 18:07 - 00000000 ____D C:\WINDOWS\LastGood 2013-10-29 17:50 - 2013-10-29 17:50 - 00000000 ____D C:\Documents and Settings\cpeed\Application Data\Oracle 2013-10-29 17:49 - 2013-10-29 17:49 - 00000000 ____D C:\Documents and Settings\cpeed\Local Settings\Application Data\Sun 2013-10-29 17:48 - 2013-10-29 17:48 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-10-29 17:48 - 2013-10-29 17:48 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-10-29 17:48 - 2013-10-29 17:48 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-10-29 17:48 - 2013-10-29 17:48 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-10-29 17:48 - 2013-10-29 17:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java 2013-10-29 17:43 - 2013-10-29 18:06 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt 2013-10-29 17:43 - 2013-10-29 17:44 - 00030391 _____ C:\WINDOWS\KB926139-v2.log 2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB926139-v2$ 2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 ____D C:\WINDOWS\system32\windowspowershell 2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0 2013-10-23 19:29 - 2013-10-23 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Citrix 2013-10-23 14:00 - 2013-10-23 14:00 - 17226632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2013-10-23 13:32 - 2013-10-29 18:10 - 00032888 _____ C:\WINDOWS\KB2862335.log 2013-10-23 13:32 - 2013-10-23 13:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-10-23 13:32 - 2013-10-23 13:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-10-23 13:24 - 2013-10-23 13:24 - 00020531 _____ C:\WINDOWS\KB2868038.log 2013-10-23 13:24 - 2013-10-23 13:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$ 2013-10-23 13:23 - 2013-10-23 13:24 - 00018664 _____ C:\WINDOWS\KB2879017-IE8.log 2013-10-23 13:23 - 2013-10-23 13:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$ 2013-10-23 13:22 - 2013-10-23 13:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-10-23 13:19 - 2013-10-23 13:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee 2013-10-23 13:15 - 2013-10-23 13:33 - 00021747 _____ C:\WINDOWS\KB2847311.log 2013-10-23 13:15 - 2013-07-16 19:58 - 00123008 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys 2013-10-23 13:15 - 2013-07-16 19:58 - 00060160 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbaudio.sys 2013-10-23 13:15 - 2013-07-16 19:58 - 00046848 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys 2013-10-23 13:15 - 2013-07-02 21:12 - 00025088 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys 2013-10-23 13:15 - 2013-07-02 20:59 - 00014976 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbscan.sys 2013-10-23 13:14 - 2013-08-08 19:55 - 00144128 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys 2013-10-23 13:14 - 2013-08-08 19:55 - 00032384 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbccgp.sys 2013-10-23 13:14 - 2013-08-08 19:55 - 00005376 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys 2013-10-23 13:14 - 2009-03-18 06:02 - 00030336 ____N (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys 2013-10-01 13:32 - 2013-10-01 13:32 - 00000000 ____D C:\_OTL ==================== One Month Modified Files and Folders ======= 2013-10-30 18:07 - 2013-10-30 18:06 - 00000000 ____D C:\WINDOWS\LastGood 2013-10-30 18:07 - 2008-08-21 09:57 - 00989329 _____ C:\WINDOWS\setupapi.log 2013-10-30 18:07 - 2004-08-11 16:13 - 01658397 _____ C:\WINDOWS\WindowsUpdate.log 2013-10-30 18:00 - 2013-06-24 14:37 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-10-30 17:13 - 2010-02-15 12:07 - 00000886 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-30 16:30 - 2008-09-11 14:25 - 00000128 _____ C:\WINDOWS\system32\config\netlogon.ftl 2013-10-30 15:46 - 2010-02-15 12:07 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-30 15:45 - 2004-08-11 16:20 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-10-30 15:45 - 2004-08-11 16:09 - 00000159 ____C C:\WINDOWS\wiadebug.log 2013-10-30 15:45 - 2004-08-11 16:09 - 00000050 ____C C:\WINDOWS\wiaservc.log 2013-10-29 18:10 - 2013-10-23 13:32 - 00032888 _____ C:\WINDOWS\KB2862335.log 2013-10-29 18:10 - 2004-08-11 16:20 - 00032486 _____ C:\WINDOWS\SchedLgU.Txt 2013-10-29 18:09 - 2008-02-05 10:30 - 00000278 ___SH C:\Documents and Settings\cpeed\ntuser.ini 2013-10-29 18:09 - 2008-02-05 10:30 - 00000000 ____D C:\Documents and Settings\cpeed 2013-10-29 18:08 - 2008-08-21 10:17 - 00086491 ____C C:\WINDOWS\spupdsvc.log 2013-10-29 18:06 - 2013-10-29 17:43 - 00065536 _____ C:\WINDOWS\system32\config\WindowsPowerShell.evt 2013-10-29 18:06 - 2004-08-11 16:21 - 00000000 ____D C:\WINDOWS\Microsoft.NET 2013-10-29 17:50 - 2013-10-29 17:50 - 00000000 ____D C:\Documents and Settings\cpeed\Application Data\Oracle 2013-10-29 17:50 - 2008-08-21 10:11 - 00000000 ____D C:\Program Files\Java 2013-10-29 17:50 - 2008-08-21 10:11 - 00000000 ____D C:\Program Files\Common Files\Java 2013-10-29 17:49 - 2013-10-29 17:49 - 00000000 ____D C:\Documents and Settings\cpeed\Local Settings\Application Data\Sun 2013-10-29 17:48 - 2013-10-29 17:48 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe 2013-10-29 17:48 - 2013-10-29 17:48 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe 2013-10-29 17:48 - 2013-10-29 17:48 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe 2013-10-29 17:48 - 2013-10-29 17:48 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll 2013-10-29 17:48 - 2013-10-29 17:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java 2013-10-29 17:48 - 2008-08-21 10:12 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl 2013-10-29 17:44 - 2013-10-29 17:43 - 00030391 _____ C:\WINDOWS\KB926139-v2.log 2013-10-29 17:44 - 2004-08-11 16:07 - 02466629 _____ C:\WINDOWS\FaxSetup.log 2013-10-29 17:44 - 2004-08-11 16:07 - 01187547 _____ C:\WINDOWS\ocgen.log 2013-10-29 17:44 - 2004-08-11 16:07 - 01129699 _____ C:\WINDOWS\tsoc.log 2013-10-29 17:44 - 2004-08-11 16:07 - 00761672 _____ C:\WINDOWS\msmqinst.log 2013-10-29 17:44 - 2004-08-11 16:07 - 00697285 _____ C:\WINDOWS\iis6.log 2013-10-29 17:44 - 2004-08-11 16:07 - 00660390 _____ C:\WINDOWS\comsetup.log 2013-10-29 17:44 - 2004-08-11 16:07 - 00430753 _____ C:\WINDOWS\netfxocm.log 2013-10-29 17:44 - 2004-08-11 16:07 - 00399929 _____ C:\WINDOWS\ntdtcsetup.log 2013-10-29 17:44 - 2004-08-11 16:07 - 00169970 _____ C:\WINDOWS\MedCtrOC.log 2013-10-29 17:44 - 2004-08-11 16:07 - 00123984 _____ C:\WINDOWS\tabletoc.log 2013-10-29 17:44 - 2004-08-11 16:07 - 00123199 _____ C:\WINDOWS\msgsocm.log 2013-10-29 17:44 - 2004-08-11 16:07 - 00108762 _____ C:\WINDOWS\ocmsn.log 2013-10-29 17:44 - 2004-08-11 16:07 - 00001393 _____ C:\WINDOWS\imsins.log 2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB926139-v2$ 2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 ____D C:\WINDOWS\system32\windowspowershell 2013-10-29 17:43 - 2013-10-29 17:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0 2013-10-29 17:40 - 2004-08-11 16:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl 2013-10-23 20:06 - 2004-08-11 16:06 - 00214472 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2013-10-23 19:29 - 2013-10-23 19:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Citrix 2013-10-23 19:29 - 2013-01-29 09:44 - 00000000 ____D C:\Documents and Settings\cpeed\Local Settings\Application Data\Citrix 2013-10-23 19:29 - 2009-05-19 11:42 - 00000000 ____D C:\Program Files\Citrix 2013-10-23 14:00 - 2013-10-23 14:00 - 17226632 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe 2013-10-23 14:00 - 2013-06-24 14:37 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2013-10-23 14:00 - 2013-06-24 14:37 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2013-10-23 13:35 - 2004-08-11 16:07 - 00589442 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2013-10-23 13:33 - 2013-10-23 13:15 - 00021747 _____ C:\WINDOWS\KB2847311.log 2013-10-23 13:33 - 2004-08-11 16:07 - 00001393 _____ C:\WINDOWS\imsins.BAK 2013-10-23 13:32 - 2013-10-23 13:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$ 2013-10-23 13:32 - 2013-10-23 13:32 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$ 2013-10-23 13:32 - 2008-08-21 10:06 - 00271022 _____ C:\WINDOWS\updspapi.log 2013-10-23 13:29 - 2013-07-31 19:12 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-10-23 13:24 - 2013-10-23 13:24 - 00020531 _____ C:\WINDOWS\KB2868038.log 2013-10-23 13:24 - 2013-10-23 13:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$ 2013-10-23 13:24 - 2013-10-23 13:23 - 00018664 _____ C:\WINDOWS\KB2879017-IE8.log 2013-10-23 13:24 - 2011-10-07 08:34 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-10-23 13:23 - 2013-10-23 13:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$ 2013-10-23 13:23 - 2011-10-07 08:38 - 00000000 ____D C:\WINDOWS\ie8updates 2013-10-23 13:22 - 2013-10-23 13:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$ 2013-10-23 13:19 - 2013-10-23 13:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee 2013-10-23 13:18 - 2013-06-24 14:38 - 00001813 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2013-10-23 13:07 - 2008-09-11 14:25 - 00000000 __SHD C:\WINDOWS\CSC 2013-10-01 13:32 - 2013-10-01 13:32 - 00000000 ____D C:\_OTL Files to move or delete: ==================== C:\Documents and Settings\cpeed\g2ax_customer_downloadhelper_win32_x86.exe Some content of TEMP: ==================== C:\Documents and Settings\administrator.W11673DOM\Local Settings\Temp\jre-6u26-windows-i586-iftw-rv_5fb2d044.exe C:\Documents and Settings\cpeed\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top