Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
UKASH (Cheshire Police) virus help needed
Message
<blockquote data-quote="nukeboy" data-source="post: 107942" data-attributes="member: 6288"><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2013</p><p>Ran by SYSTEM at 28-02-2013 19:46:27</p><p>Running from G:\</p><p>Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) </p><p>The current controlset is ControlSet002</p><p></p><p>==================== Registry (Whitelisted) ===================</p><p></p><p>HKLM\...\Run: [] [x]</p><p>HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12459112 2012-03-15] (Realtek Semiconductor)</p><p>HKLM\...\Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h [223180 2012-03-22] ()</p><p>HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)</p><p>HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1548208 2011-11-24] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)</p><p>HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-09] (Toshiba Europe GmbH)</p><p>HKLM\...\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-05-11] (Toshiba Europe GmbH)</p><p>HKLM\...\Run: [csmsr] "C:\Windows\System32\rundll32.exe" "C:\Users\The Harris PC\AppData\Roaming\csmsr.dll",create_info_struct [300544 2013-02-10] ()</p><p>HKLM\...\Run: [dosfp] rundll32.exe "C:\Users\The Harris PC\AppData\Roaming\dosfp.dll",ASetPlayParameters [142336 2013-02-09] (PCMCIA)</p><p>HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart [1492264 2011-11-18] (Nero AG)</p><p>HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1535112 2012-09-12] (McAfee, Inc.)</p><p>HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [80840 2011-04-01] (TOSHIBA CORPORATION)</p><p>HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-05] (Intel Corporation)</p><p>HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)</p><p>HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA)</p><p>HKU\Default User\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA)</p><p>HKU\The Harris PC\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA)</p><p>HKU\The Harris PC\...\Run: [dosfp] rundll32.exe "C:\Users\The Harris PC\AppData\Roaming\dosfp.dll",ASetPlayParameters [142336 2013-02-09] (PCMCIA)</p><p>HKU\The Harris PC\...\Run: [HotKeysCmds] C:\Users\THEHAR~1\AppData\Local\Temp\E11B.EXE [x]</p><p>HKU\The Harris PC\...\Run: [Windows Update Server] C:\Users\The Harris PC\f89y12auti75-3259.exe [199680 2013-02-20] ()</p><p>HKU\The Harris PC\...\Winlogon: [Shell] explorer.exe,C:\Users\The Harris PC\AppData\Roaming\skype.dat [110592 2011-11-16] ()</p><p>HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\1606203.bat [x ] ()</p><p>Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\830\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.254</p><p>Startup: C:\ProgramData\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk</p><p>ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba)</p><p>Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk</p><p>ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)</p><p>Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk</p><p>ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)</p><p>Startup: C:\Users\The Harris PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk</p><p>ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe)</p><p></p><p>==================== Services (Whitelisted) ===================</p><p></p><p>2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()</p><p>2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()</p><p>2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)</p><p>3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.)</p><p>2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)</p><p>2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)</p><p>2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)</p><p>2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)</p><p>3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-09-10] (McAfee, Inc.)</p><p>2 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)</p><p>2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)</p><p>2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-07-17] (McAfee, Inc.)</p><p>2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-07-17] (McAfee, Inc.)</p><p>2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-07-17] (McAfee, Inc.)</p><p>2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.)</p><p>3 TemproMonitoringService; "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe" [112080 2011-02-09] (Toshiba Europe GmbH)</p><p></p><p>==================== Drivers (Whitelisted) =====================</p><p></p><p>3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-07-17] (McAfee, Inc.)</p><p>3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)</p><p>3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.)</p><p>3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-07-17] (McAfee, Inc.)</p><p>3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-07-17] (McAfee, Inc.)</p><p>0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.)</p><p>3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-07-17] (McAfee, Inc.)</p><p>0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.)</p><p>3 RtkBtFilter; C:\Windows\System32\Drivers\RtkBtFilter.sys [21096 2012-01-05] (Realtek Microelectronics)</p><p>3 mfeavfk01; [x]</p><p>3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x]</p><p>3 Tosrfcom; [x]</p><p></p><p>==================== NetSvcs (Whitelisted) ====================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-02-28 19:46 - 2013-02-28 19:46 - 00000000 ____D C:\FRST</p><p>2013-02-27 13:36 - 2013-02-27 13:36 - 00548864 ____A () C:\Users\The Harris PC\AppData\Roaming\insri.dll</p><p>2013-02-27 13:15 - 2013-02-27 13:15 - 00000000 ____D C:\Windows\pss</p><p>2013-02-26 11:26 - 2013-02-27 14:25 - 00000004 ____A C:\Users\The Harris PC\AppData\Roaming\skype.ini</p><p>2013-02-26 11:26 - 2013-02-26 12:34 - 95023320 ___AT C:\ProgramData\1606203.pad</p><p>2013-02-26 11:26 - 2013-02-26 11:26 - 00095232 ____A C:\Users\The Harris PC\3026061.dll</p><p>2013-02-26 11:26 - 2013-02-26 11:26 - 00002803 ____A C:\ProgramData\1606203.js</p><p>2013-02-26 11:26 - 2013-02-26 11:26 - 00000153 ____A C:\ProgramData\1606203.reg</p><p>2013-02-26 11:26 - 2013-02-26 11:26 - 00000063 ____A C:\ProgramData\1606203.bat</p><p>2013-02-26 11:25 - 2013-02-26 11:25 - 00000000 ____D C:\Windows\Sun</p><p>2013-02-25 08:35 - 2013-02-25 08:46 - 365108532 ____A C:\Users\The Harris PC\Downloads\TWD S03E11.avi</p><p>2013-02-20 08:11 - 2013-02-20 08:11 - 00199680 ___SH C:\Users\The Harris PC\f89y12auti75-3259.exe</p><p>2013-02-20 08:09 - 2013-02-20 08:09 - 01480192 ____A (MagicISO, Inc.) C:\Users\The Harris PC\AppData\Roaming\pdoubrhgfjkxeiqndts.exe</p><p>2013-02-18 12:18 - 2013-02-18 15:03 - 497690366 ____A C:\Users\The Harris PC\Downloads\TWD S03E10.mp4</p><p>2013-02-14 00:05 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll</p><p>2013-02-14 00:05 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll</p><p>2013-02-14 00:05 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll</p><p>2013-02-14 00:05 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll</p><p>2013-02-14 00:05 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll</p><p>2013-02-14 00:05 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl</p><p>2013-02-14 00:05 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll</p><p>2013-02-14 00:05 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll</p><p>2013-02-14 00:05 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll</p><p>2013-02-14 00:05 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll</p><p>2013-02-14 00:05 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe</p><p>2013-02-14 00:05 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll</p><p>2013-02-14 00:05 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll</p><p>2013-02-14 00:05 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</p><p>2013-02-14 00:05 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll</p><p>2013-02-14 00:05 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll</p><p>2013-02-14 00:05 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2013-02-14 00:05 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2013-02-14 00:05 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2013-02-14 00:05 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl</p><p>2013-02-14 00:05 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2013-02-14 00:05 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2013-02-14 00:05 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll</p><p>2013-02-14 00:05 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2013-02-14 00:05 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe</p><p>2013-02-14 00:05 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</p><p>2013-02-14 00:05 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll</p><p>2013-02-14 00:05 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2013-02-14 00:05 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2013-02-14 00:05 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2013-02-14 00:05 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll</p><p>2013-02-14 00:05 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2013-02-13 17:57 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe</p><p>2013-02-13 17:57 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe</p><p>2013-02-13 17:57 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe</p><p>2013-02-13 17:56 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll</p><p>2013-02-13 17:56 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll</p><p>2013-02-13 17:56 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys</p><p>2013-02-13 17:56 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe</p><p>2013-02-13 17:56 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll</p><p>2013-02-13 17:56 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe</p><p>2013-02-13 17:56 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe</p><p>2013-02-13 17:56 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys</p><p>2013-02-13 17:56 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS</p><p>2013-02-11 10:55 - 2013-02-11 11:45 - 363559342 ____A C:\Users\The Harris PC\Downloads\TWD S03E09.avi</p><p>2013-02-10 01:28 - 2013-02-10 01:28 - 00300544 ____A () C:\Users\The Harris PC\AppData\Roaming\csmsr.dll</p><p>2013-02-10 01:27 - 2013-02-27 12:47 - 00006526 ____A C:\Users\The Harris PC\AppData\Local\423f1111-bcad-4877-b419-1d536ea5ba9b.crx</p><p>2013-02-10 01:27 - 2013-02-10 01:27 - 00542720 ____A C:\Users\The Harris PC\AppData\Roaming\caufy.dll</p><p>2013-02-09 09:20 - 2013-02-09 09:47 - 482825108 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E03.HDTV.XviD-AFG.avi</p><p>2013-02-09 02:49 - 2013-02-09 02:49 - 00899072 ____A C:\Users\The Harris PC\AppData\Roaming\qsagopfmqosxptapojj.exe</p><p>2013-02-09 02:49 - 2013-02-09 02:49 - 00899072 ____A C:\Users\The Harris PC\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe</p><p>2013-02-09 02:49 - 2013-02-09 02:49 - 00142336 ____A (PCMCIA) C:\Users\The Harris PC\AppData\Roaming\dosfp.dll</p><p>2013-02-09 02:49 - 2013-02-09 02:49 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt</p><p>2013-02-04 07:35 - 2013-02-14 00:09 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>2013-02-02 04:46 - 2013-02-02 05:14 - 405111278 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E02.HDTV.x264-EVOLVE.mp4</p><p>2013-01-29 11:41 - 2013-01-29 11:41 - 00007597 ____A C:\Users\The Harris PC\AppData\Local\Resmon.ResmonCfg</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-02-27 14:25 - 2013-02-26 11:26 - 00000004 ____A C:\Users\The Harris PC\AppData\Roaming\skype.ini</p><p>2013-02-27 14:24 - 2012-05-11 10:52 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-02-27 14:24 - 2009-07-13 21:13 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-02-27 14:23 - 2012-08-29 08:46 - 01088617 ____A C:\Windows\WindowsUpdate.log</p><p>2013-02-27 14:23 - 2012-05-11 10:58 - 00001839 ____A C:\Users\Public\Desktop\McAfee Internet Security.lnk</p><p>2013-02-27 14:22 - 2012-05-11 10:47 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2013-02-27 14:22 - 2012-05-11 10:47 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2013-02-27 14:22 - 2012-05-11 10:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2013-02-27 14:19 - 2012-05-11 10:52 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-02-27 14:18 - 2012-08-29 08:49 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job</p><p>2013-02-27 14:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-02-27 14:18 - 2009-07-13 20:51 - 00045189 ____A C:\Windows\setupact.log</p><p>2013-02-27 13:36 - 2013-02-27 13:36 - 00548864 ____A () C:\Users\The Harris PC\AppData\Roaming\insri.dll</p><p>2013-02-27 13:15 - 2013-02-27 13:15 - 00000000 ____D C:\Windows\pss</p><p>2013-02-27 13:02 - 2010-11-20 19:47 - 00017762 ____A C:\Windows\PFRO.log</p><p>2013-02-27 12:47 - 2013-02-10 01:27 - 00006526 ____A C:\Users\The Harris PC\AppData\Local\423f1111-bcad-4877-b419-1d536ea5ba9b.crx</p><p>2013-02-26 12:34 - 2013-02-26 11:26 - 95023320 ___AT C:\ProgramData\1606203.pad</p><p>2013-02-26 11:51 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-02-26 11:51 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-02-26 11:26 - 2013-02-26 11:26 - 00095232 ____A C:\Users\The Harris PC\3026061.dll</p><p>2013-02-26 11:26 - 2013-02-26 11:26 - 00002803 ____A C:\ProgramData\1606203.js</p><p>2013-02-26 11:26 - 2013-02-26 11:26 - 00000153 ____A C:\ProgramData\1606203.reg</p><p>2013-02-26 11:26 - 2013-02-26 11:26 - 00000063 ____A C:\ProgramData\1606203.bat</p><p>2013-02-26 11:26 - 2012-11-22 12:52 - 00000000 ____D C:\users\The Harris PC</p><p>2013-02-26 11:25 - 2013-02-26 11:25 - 00000000 ____D C:\Windows\Sun</p><p>2013-02-26 10:02 - 2012-08-29 08:49 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job</p><p>2013-02-26 00:06 - 2012-05-11 10:52 - 00002194 ____A C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2013-02-25 08:46 - 2013-02-25 08:35 - 365108532 ____A C:\Users\The Harris PC\Downloads\TWD S03E11.avi</p><p>2013-02-20 08:11 - 2013-02-20 08:11 - 00199680 ___SH C:\Users\The Harris PC\f89y12auti75-3259.exe</p><p>2013-02-20 08:09 - 2013-02-20 08:09 - 01480192 ____A (MagicISO, Inc.) C:\Users\The Harris PC\AppData\Roaming\pdoubrhgfjkxeiqndts.exe</p><p>2013-02-18 15:03 - 2013-02-18 12:18 - 497690366 ____A C:\Users\The Harris PC\Downloads\TWD S03E10.mp4</p><p>2013-02-17 16:33 - 2012-12-11 03:56 - 00000000 ____D C:\Users\The Harris PC\AppData\Roaming\SoftGrid Client</p><p>2013-02-14 00:43 - 2009-07-13 20:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT</p><p>2013-02-14 00:09 - 2013-02-04 07:35 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>2013-02-11 11:45 - 2013-02-11 10:55 - 363559342 ____A C:\Users\The Harris PC\Downloads\TWD S03E09.avi</p><p>2013-02-10 01:28 - 2013-02-10 01:28 - 00300544 ____A () C:\Users\The Harris PC\AppData\Roaming\csmsr.dll</p><p>2013-02-10 01:27 - 2013-02-10 01:27 - 00542720 ____A C:\Users\The Harris PC\AppData\Roaming\caufy.dll</p><p>2013-02-09 09:47 - 2013-02-09 09:20 - 482825108 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E03.HDTV.XviD-AFG.avi</p><p>2013-02-09 02:49 - 2013-02-09 02:49 - 00899072 ____A C:\Users\The Harris PC\AppData\Roaming\qsagopfmqosxptapojj.exe</p><p>2013-02-09 02:49 - 2013-02-09 02:49 - 00899072 ____A C:\Users\The Harris PC\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe</p><p>2013-02-09 02:49 - 2013-02-09 02:49 - 00142336 ____A (PCMCIA) C:\Users\The Harris PC\AppData\Roaming\dosfp.dll</p><p>2013-02-09 02:49 - 2013-02-09 02:49 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt</p><p>2013-02-09 02:49 - 2012-11-22 12:55 - 00000000 ____D C:\Users\The Harris PC\AppData\Local\VirtualStore</p><p>2013-02-02 05:14 - 2013-02-02 04:46 - 405111278 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E02.HDTV.x264-EVOLVE.mp4</p><p>2013-01-29 15:57 - 2013-01-07 14:39 - 00025088 ____A C:\Users\The Harris PC\Documents\pattern.xls</p><p>2013-01-29 11:41 - 2013-01-29 11:41 - 00007597 ____A C:\Users\The Harris PC\AppData\Local\Resmon.ResmonCfg</p><p></p><p></p><p>==================== Known DLLs (Whitelisted) =================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points =========================</p><p></p><p>Restore point made on: 2013-02-08 11:51:37</p><p>Restore point made on: 2013-02-14 00:05:03</p><p>Restore point made on: 2013-02-21 17:07:49</p><p>Restore point made on: 2013-02-27 14:23:16</p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 15%</p><p>Total physical RAM: 3985.8 MB</p><p>Available physical RAM: 3360.12 MB</p><p>Total Pagefile: 3984 MB</p><p>Available Pagefile: 3350.74 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.9 MB</p><p></p><p>==================== Partitions =============================</p><p></p><p>1 Drive c: (TI30875400C) (Fixed) (Total:448.57 GB) (Free:378.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.22 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>5 Drive g: (JENS FLASH) (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32</p><p>6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</p><p></p><p> Disk ### Status Size Free Dyn Gpt</p><p> -------- ------------- ------- ------- --- ---</p><p> Disk 0 Online 465 GB 0 B </p><p> Disk 1 No Media 0 B 0 B </p><p> Disk 2 Online 7648 MB 0 B </p><p></p><p>Partitions of Disk 0:</p><p>===============</p><p></p><p>Disk ID: B0DE4F87</p><p></p><p> Partition ### Type Size Offset</p><p> ------------- ---------------- ------- -------</p><p> Partition 1 Recovery 1500 MB 1024 KB</p><p> Partition 2 Primary 448 GB 1501 MB</p><p> Partition 3 Primary 15 GB 450 GB</p><p></p><p>==================================================================================</p><p></p><p>Disk: 0</p><p>Partition 1</p><p>Type : 27</p><p>Hidden: Yes</p><p>Active: Yes</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 2 D System NTFS Partition 1500 MB Healthy Hidden </p><p></p><p>=========================================================</p><p></p><p>Disk: 0</p><p>Partition 2</p><p>Type : 07</p><p>Hidden: No</p><p>Active: No</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 1 C TI30875400C NTFS Partition 448 GB Healthy </p><p></p><p>=========================================================</p><p></p><p>Disk: 0</p><p>Partition 3</p><p>Type : 17 (Suspicious Type)</p><p>Hidden: Yes</p><p>Active: No</p><p></p><p>There is no volume associated with this partition.</p><p></p><p>=========================================================</p><p></p><p>Partitions of Disk 2:</p><p>===============</p><p></p><p>Disk ID: ABF5C5D3</p><p></p><p> Partition ### Type Size Offset</p><p> ------------- ---------------- ------- -------</p><p> Partition 1 Primary 7640 MB 31 KB</p><p></p><p>==================================================================================</p><p></p><p>Disk: 2</p><p>Partition 1</p><p>Type : 0B</p><p>Hidden: No</p><p>Active: Yes</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 4 G JENS FLASH FAT32 Removable 7640 MB Healthy </p><p></p><p>=========================================================</p><p></p><p>Last Boot: 2013-02-22 17:39</p><p></p><p>==================== End Of Log =============================</p></blockquote><p></p>
[QUOTE="nukeboy, post: 107942, member: 6288"] Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-02-2013 Ran by SYSTEM at 28-02-2013 19:46:27 Running from G:\ Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US) The current controlset is ControlSet002 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [] [x] HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12459112 2012-03-15] (Realtek Semiconductor) HKLM\...\Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe" /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h [223180 2012-03-22] () HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated) HKLM\...\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-22] (TOSHIBA Corporation) HKLM\...\Run: [TCrdMain] %ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe [989056 2011-12-13] (TOSHIBA Corporation) HKLM\...\Run: [Teco] "%ProgramFiles%\TOSHIBA\TECO\Teco.exe" /r [1548208 2011-11-24] (TOSHIBA Corporation) HKLM\...\Run: [TosWaitSrv] %ProgramFiles%\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation) HKLM\...\Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-11-25] (TOSHIBA Corporation) HKLM\...\Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation) HKLM\...\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [1546720 2011-02-09] (Toshiba Europe GmbH) HKLM\...\Run: [Toshiba Registration] C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [150992 2012-05-11] (Toshiba Europe GmbH) HKLM\...\Run: [csmsr] "C:\Windows\System32\rundll32.exe" "C:\Users\The Harris PC\AppData\Roaming\csmsr.dll",create_info_struct [300544 2013-02-10] () HKLM\...\Run: [dosfp] rundll32.exe "C:\Users\The Harris PC\AppData\Roaming\dosfp.dll",ASetPlayParameters [142336 2013-02-09] (PCMCIA) HKLM-x32\...\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart [1492264 2011-11-18] (Nero AG) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-02] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [1535112 2012-09-12] (McAfee, Inc.) HKLM-x32\...\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START [80840 2011-04-01] (TOSHIBA CORPORATION) HKLM-x32\...\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [291608 2012-01-05] (Intel Corporation) HKLM-x32\...\Run: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60 [1298816 2011-07-11] (TOSHIBA Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.) HKU\Default\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA) HKU\Default User\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA) HKU\The Harris PC\...\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STAR [846936 2011-05-15] (TOSHIBA) HKU\The Harris PC\...\Run: [dosfp] rundll32.exe "C:\Users\The Harris PC\AppData\Roaming\dosfp.dll",ASetPlayParameters [142336 2013-02-09] (PCMCIA) HKU\The Harris PC\...\Run: [HotKeysCmds] C:\Users\THEHAR~1\AppData\Local\Temp\E11B.EXE [x] HKU\The Harris PC\...\Run: [Windows Update Server] C:\Users\The Harris PC\f89y12auti75-3259.exe [199680 2013-02-20] () HKU\The Harris PC\...\Winlogon: [Shell] explorer.exe,C:\Users\The Harris PC\AppData\Roaming\skype.dat [110592 2011-11-16] () HKLM-x32\...\Winlogon: [Shell] C:\PROGRA~3\1606203.bat [x ] () Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\830\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Startup: C:\ProgramData\Start Menu\Programs\Startup\Toshiba Places Icon Utility.lnk ShortcutTarget: Toshiba Places Icon Utility.lnk -> C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe (Toshiba) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) Startup: C:\Users\The Harris PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\TRDCReminder.lnk ShortcutTarget: TRDCReminder.lnk -> C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (TOSHIBA Europe) ==================== Services (Whitelisted) =================== 2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] () 2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] () 2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation) 3 McAWFwk; C:\PROGRA~1\mcafee\msc\mcawfwk.exe [225216 2011-01-28] (McAfee, Inc.) 2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 mcmscsvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 McNASvc; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 3 McODS; "C:\Program Files\mcafee\VirusScan\mcods.exe" [383608 2012-09-10] (McAfee, Inc.) 2 McOobeSv; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 McProxy; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 2 McShield; "C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe" [237920 2012-07-17] (McAfee, Inc.) 2 mfefire; "C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe" [218320 2012-07-17] (McAfee, Inc.) 2 mfevtp; "C:\Windows\system32\mfevtps.exe" [177144 2012-07-17] (McAfee, Inc.) 2 MSK80Service; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [201304 2012-08-31] (McAfee, Inc.) 3 TemproMonitoringService; "C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe" [112080 2011-02-09] (Toshiba Europe GmbH) ==================== Drivers (Whitelisted) ===================== 3 cfwids; C:\Windows\System32\Drivers\cfwids.sys [69672 2012-07-17] (McAfee, Inc.) 3 HipShieldK; C:\Windows\System32\Drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.) 3 mfeapfk; C:\Windows\System32\Drivers\mfeapfk.sys [169320 2012-07-17] (McAfee, Inc.) 3 mfeavfk; C:\Windows\System32\Drivers\mfeavfk.sys [300392 2012-07-17] (McAfee, Inc.) 3 mfefirek; C:\Windows\System32\Drivers\mfefirek.sys [513456 2012-07-17] (McAfee, Inc.) 0 mfehidk; C:\Windows\System32\Drivers\mfehidk.sys [752672 2012-07-17] (McAfee, Inc.) 3 mferkdet; C:\Windows\System32\Drivers\mferkdet.sys [106112 2012-07-17] (McAfee, Inc.) 0 mfewfpk; C:\Windows\System32\Drivers\mfewfpk.sys [335784 2012-07-17] (McAfee, Inc.) 3 RtkBtFilter; C:\Windows\System32\Drivers\RtkBtFilter.sys [21096 2012-01-05] (Realtek Microelectronics) 3 mfeavfk01; [x] 3 TDEIO; \??\C:\Windows\SysWOW64\sysprep\BOOTPRIO\tdeio64.sys [x] 3 Tosrfcom; [x] ==================== NetSvcs (Whitelisted) ==================== ==================== One Month Created Files and Folders ======== 2013-02-28 19:46 - 2013-02-28 19:46 - 00000000 ____D C:\FRST 2013-02-27 13:36 - 2013-02-27 13:36 - 00548864 ____A () C:\Users\The Harris PC\AppData\Roaming\insri.dll 2013-02-27 13:15 - 2013-02-27 13:15 - 00000000 ____D C:\Windows\pss 2013-02-26 11:26 - 2013-02-27 14:25 - 00000004 ____A C:\Users\The Harris PC\AppData\Roaming\skype.ini 2013-02-26 11:26 - 2013-02-26 12:34 - 95023320 ___AT C:\ProgramData\1606203.pad 2013-02-26 11:26 - 2013-02-26 11:26 - 00095232 ____A C:\Users\The Harris PC\3026061.dll 2013-02-26 11:26 - 2013-02-26 11:26 - 00002803 ____A C:\ProgramData\1606203.js 2013-02-26 11:26 - 2013-02-26 11:26 - 00000153 ____A C:\ProgramData\1606203.reg 2013-02-26 11:26 - 2013-02-26 11:26 - 00000063 ____A C:\ProgramData\1606203.bat 2013-02-26 11:25 - 2013-02-26 11:25 - 00000000 ____D C:\Windows\Sun 2013-02-25 08:35 - 2013-02-25 08:46 - 365108532 ____A C:\Users\The Harris PC\Downloads\TWD S03E11.avi 2013-02-20 08:11 - 2013-02-20 08:11 - 00199680 ___SH C:\Users\The Harris PC\f89y12auti75-3259.exe 2013-02-20 08:09 - 2013-02-20 08:09 - 01480192 ____A (MagicISO, Inc.) C:\Users\The Harris PC\AppData\Roaming\pdoubrhgfjkxeiqndts.exe 2013-02-18 12:18 - 2013-02-18 15:03 - 497690366 ____A C:\Users\The Harris PC\Downloads\TWD S03E10.mp4 2013-02-14 00:05 - 2013-01-08 17:48 - 17812992 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-02-14 00:05 - 2013-01-08 17:22 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-02-14 00:05 - 2013-01-08 17:19 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-02-14 00:05 - 2013-01-08 17:12 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-02-14 00:05 - 2013-01-08 17:12 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-02-14 00:05 - 2013-01-08 17:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-02-14 00:05 - 2013-01-08 17:10 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-02-14 00:05 - 2013-01-08 17:09 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-02-14 00:05 - 2013-01-08 17:07 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-02-14 00:05 - 2013-01-08 17:07 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-02-14 00:05 - 2013-01-08 17:07 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-02-14 00:05 - 2013-01-08 17:06 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-02-14 00:05 - 2013-01-08 17:05 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-02-14 00:05 - 2013-01-08 17:04 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-02-14 00:05 - 2013-01-08 17:04 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-02-14 00:05 - 2013-01-08 17:00 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-02-14 00:05 - 2013-01-08 14:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-02-14 00:05 - 2013-01-08 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-02-14 00:05 - 2013-01-08 14:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-02-14 00:05 - 2013-01-08 14:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-02-14 00:05 - 2013-01-08 14:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-02-14 00:05 - 2013-01-08 14:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-02-14 00:05 - 2013-01-08 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-02-14 00:05 - 2013-01-08 14:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-02-14 00:05 - 2013-01-08 13:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-02-14 00:05 - 2013-01-08 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-02-14 00:05 - 2013-01-08 13:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-02-14 00:05 - 2013-01-08 13:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-02-14 00:05 - 2013-01-08 13:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-02-14 00:05 - 2013-01-08 13:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-02-14 00:05 - 2013-01-08 13:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-02-14 00:05 - 2013-01-08 13:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-02-13 17:57 - 2013-01-04 21:53 - 05553512 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-02-13 17:57 - 2013-01-04 21:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-02-13 17:57 - 2013-01-04 21:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-02-13 17:56 - 2013-01-03 21:46 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-02-13 17:56 - 2013-01-03 20:51 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-02-13 17:56 - 2013-01-03 19:26 - 03153408 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-02-13 17:56 - 2013-01-03 18:47 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-02-13 17:56 - 2013-01-03 18:47 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-02-13 17:56 - 2013-01-03 18:47 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-02-13 17:56 - 2013-01-03 18:47 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-02-13 17:56 - 2013-01-02 22:00 - 01913192 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-02-13 17:56 - 2013-01-02 22:00 - 00288088 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2013-02-11 10:55 - 2013-02-11 11:45 - 363559342 ____A C:\Users\The Harris PC\Downloads\TWD S03E09.avi 2013-02-10 01:28 - 2013-02-10 01:28 - 00300544 ____A () C:\Users\The Harris PC\AppData\Roaming\csmsr.dll 2013-02-10 01:27 - 2013-02-27 12:47 - 00006526 ____A C:\Users\The Harris PC\AppData\Local\423f1111-bcad-4877-b419-1d536ea5ba9b.crx 2013-02-10 01:27 - 2013-02-10 01:27 - 00542720 ____A C:\Users\The Harris PC\AppData\Roaming\caufy.dll 2013-02-09 09:20 - 2013-02-09 09:47 - 482825108 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E03.HDTV.XviD-AFG.avi 2013-02-09 02:49 - 2013-02-09 02:49 - 00899072 ____A C:\Users\The Harris PC\AppData\Roaming\qsagopfmqosxptapojj.exe 2013-02-09 02:49 - 2013-02-09 02:49 - 00899072 ____A C:\Users\The Harris PC\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe 2013-02-09 02:49 - 2013-02-09 02:49 - 00142336 ____A (PCMCIA) C:\Users\The Harris PC\AppData\Roaming\dosfp.dll 2013-02-09 02:49 - 2013-02-09 02:49 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt 2013-02-04 07:35 - 2013-02-14 00:09 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-02-02 04:46 - 2013-02-02 05:14 - 405111278 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E02.HDTV.x264-EVOLVE.mp4 2013-01-29 11:41 - 2013-01-29 11:41 - 00007597 ____A C:\Users\The Harris PC\AppData\Local\Resmon.ResmonCfg ==================== One Month Modified Files and Folders ======= 2013-02-27 14:25 - 2013-02-26 11:26 - 00000004 ____A C:\Users\The Harris PC\AppData\Roaming\skype.ini 2013-02-27 14:24 - 2012-05-11 10:52 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-02-27 14:24 - 2009-07-13 21:13 - 00727182 ____A C:\Windows\System32\PerfStringBackup.INI 2013-02-27 14:23 - 2012-08-29 08:46 - 01088617 ____A C:\Windows\WindowsUpdate.log 2013-02-27 14:23 - 2012-05-11 10:58 - 00001839 ____A C:\Users\Public\Desktop\McAfee Internet Security.lnk 2013-02-27 14:22 - 2012-05-11 10:47 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-02-27 14:22 - 2012-05-11 10:47 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-02-27 14:22 - 2012-05-11 10:47 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-02-27 14:19 - 2012-05-11 10:52 - 00000908 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-02-27 14:18 - 2012-08-29 08:49 - 00000828 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job 2013-02-27 14:18 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-02-27 14:18 - 2009-07-13 20:51 - 00045189 ____A C:\Windows\setupact.log 2013-02-27 13:36 - 2013-02-27 13:36 - 00548864 ____A () C:\Users\The Harris PC\AppData\Roaming\insri.dll 2013-02-27 13:15 - 2013-02-27 13:15 - 00000000 ____D C:\Windows\pss 2013-02-27 13:02 - 2010-11-20 19:47 - 00017762 ____A C:\Windows\PFRO.log 2013-02-27 12:47 - 2013-02-10 01:27 - 00006526 ____A C:\Users\The Harris PC\AppData\Local\423f1111-bcad-4877-b419-1d536ea5ba9b.crx 2013-02-26 12:34 - 2013-02-26 11:26 - 95023320 ___AT C:\ProgramData\1606203.pad 2013-02-26 11:51 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-02-26 11:51 - 2009-07-13 20:45 - 00024608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-02-26 11:26 - 2013-02-26 11:26 - 00095232 ____A C:\Users\The Harris PC\3026061.dll 2013-02-26 11:26 - 2013-02-26 11:26 - 00002803 ____A C:\ProgramData\1606203.js 2013-02-26 11:26 - 2013-02-26 11:26 - 00000153 ____A C:\ProgramData\1606203.reg 2013-02-26 11:26 - 2013-02-26 11:26 - 00000063 ____A C:\ProgramData\1606203.bat 2013-02-26 11:26 - 2012-11-22 12:52 - 00000000 ____D C:\users\The Harris PC 2013-02-26 11:25 - 2013-02-26 11:25 - 00000000 ____D C:\Windows\Sun 2013-02-26 10:02 - 2012-08-29 08:49 - 00000830 ____A C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job 2013-02-26 00:06 - 2012-05-11 10:52 - 00002194 ____A C:\Users\Public\Desktop\Google Chrome.lnk 2013-02-25 08:46 - 2013-02-25 08:35 - 365108532 ____A C:\Users\The Harris PC\Downloads\TWD S03E11.avi 2013-02-20 08:11 - 2013-02-20 08:11 - 00199680 ___SH C:\Users\The Harris PC\f89y12auti75-3259.exe 2013-02-20 08:09 - 2013-02-20 08:09 - 01480192 ____A (MagicISO, Inc.) C:\Users\The Harris PC\AppData\Roaming\pdoubrhgfjkxeiqndts.exe 2013-02-18 15:03 - 2013-02-18 12:18 - 497690366 ____A C:\Users\The Harris PC\Downloads\TWD S03E10.mp4 2013-02-17 16:33 - 2012-12-11 03:56 - 00000000 ____D C:\Users\The Harris PC\AppData\Roaming\SoftGrid Client 2013-02-14 00:43 - 2009-07-13 20:45 - 00275712 ____A C:\Windows\System32\FNTCACHE.DAT 2013-02-14 00:09 - 2013-02-04 07:35 - 70004024 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-02-11 11:45 - 2013-02-11 10:55 - 363559342 ____A C:\Users\The Harris PC\Downloads\TWD S03E09.avi 2013-02-10 01:28 - 2013-02-10 01:28 - 00300544 ____A () C:\Users\The Harris PC\AppData\Roaming\csmsr.dll 2013-02-10 01:27 - 2013-02-10 01:27 - 00542720 ____A C:\Users\The Harris PC\AppData\Roaming\caufy.dll 2013-02-09 09:47 - 2013-02-09 09:20 - 482825108 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E03.HDTV.XviD-AFG.avi 2013-02-09 02:49 - 2013-02-09 02:49 - 00899072 ____A C:\Users\The Harris PC\AppData\Roaming\qsagopfmqosxptapojj.exe 2013-02-09 02:49 - 2013-02-09 02:49 - 00899072 ____A C:\Users\The Harris PC\AppData\Roaming\nMNtfaARw2l97e30p5ev.exe 2013-02-09 02:49 - 2013-02-09 02:49 - 00142336 ____A (PCMCIA) C:\Users\The Harris PC\AppData\Roaming\dosfp.dll 2013-02-09 02:49 - 2013-02-09 02:49 - 00000761 ____A C:\Windows\System32\Drivers\etc\hosts.txt 2013-02-09 02:49 - 2012-11-22 12:55 - 00000000 ____D C:\Users\The Harris PC\AppData\Local\VirtualStore 2013-02-02 05:14 - 2013-02-02 04:46 - 405111278 ____A C:\Users\The Harris PC\Downloads\Spartacus.S03E02.HDTV.x264-EVOLVE.mp4 2013-01-29 15:57 - 2013-01-07 14:39 - 00025088 ____A C:\Users\The Harris PC\Documents\pattern.xls 2013-01-29 11:41 - 2013-01-29 11:41 - 00007597 ____A C:\Users\The Harris PC\AppData\Local\Resmon.ResmonCfg ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-02-08 11:51:37 Restore point made on: 2013-02-14 00:05:03 Restore point made on: 2013-02-21 17:07:49 Restore point made on: 2013-02-27 14:23:16 ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 3985.8 MB Available physical RAM: 3360.12 MB Total Pagefile: 3984 MB Available Pagefile: 3350.74 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Partitions ============================= 1 Drive c: (TI30875400C) (Fixed) (Total:448.57 GB) (Free:378.27 GB) NTFS ==>[System with boot components (obtained from reading drive)] 2 Drive d: (System) (Fixed) (Total:1.46 GB) (Free:1.22 GB) NTFS ==>[System with boot components (obtained from reading drive)] 5 Drive g: (JENS FLASH) (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32 6 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Disk ### Status Size Free Dyn Gpt -------- ------------- ------- ------- --- --- Disk 0 Online 465 GB 0 B Disk 1 No Media 0 B 0 B Disk 2 Online 7648 MB 0 B Partitions of Disk 0: =============== Disk ID: B0DE4F87 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Recovery 1500 MB 1024 KB Partition 2 Primary 448 GB 1501 MB Partition 3 Primary 15 GB 450 GB ================================================================================== Disk: 0 Partition 1 Type : 27 Hidden: Yes Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 D System NTFS Partition 1500 MB Healthy Hidden ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C TI30875400C NTFS Partition 448 GB Healthy ========================================================= Disk: 0 Partition 3 Type : 17 (Suspicious Type) Hidden: Yes Active: No There is no volume associated with this partition. ========================================================= Partitions of Disk 2: =============== Disk ID: ABF5C5D3 Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 7640 MB 31 KB ================================================================================== Disk: 2 Partition 1 Type : 0B Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 G JENS FLASH FAT32 Removable 7640 MB Healthy ========================================================= Last Boot: 2013-02-22 17:39 ==================== End Of Log ============================= [/QUOTE]
Insert quotes…
Verification
Post reply
Top