Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Ukash
Message
<blockquote data-quote="Sparks" data-source="post: 117620" data-attributes="member: 7672"><p>Hi,</p><p></p><p>Thanks for your reply i have done as you have asked, please see flash drive info.</p><p>I did turn the infected computer off was that ok. Hope so.</p><p>Hope you can help please.Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-04-2013 02</p><p>Ran by SYSTEM on 22-04-2013 10:01:22</p><p>Running from D:\</p><p>Microsoft Windows XP (X86) OS Language: English(US)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Recovery</p><p>The current controlset is ControlSet002</p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [SigmatelSysTrayApp] stsystra.exe [x]</p><p>HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [8491008 2008-03-30] (NVIDIA Corporation)</p><p>HKLM\...\Run: [nwiz] nwiz.exe /install [x]</p><p>HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [81920 2008-03-30] (NVIDIA Corporation)</p><p>HKLM\...\Run: [PMX Daemon] ICO.EXE [x]</p><p>HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.)</p><p>HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [30248 2007-01-29] (Nuance Communications, Inc.)</p><p>HKLM\...\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [46632 2007-01-29] (Nuance Communications, Inc.)</p><p>HKLM\...\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini [309 2013-04-21] ()</p><p>HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [413696 2009-01-05] (Apple Inc.)</p><p>HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [644696 2007-05-14] (CANON INC.)</p><p>HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1603152 2007-04-03] (CANON INC.)</p><p>HKLM\...\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [79400 2007-02-04] (Nuance Communications, Inc.)</p><p>HKLM\...\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()</p><p>HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)</p><p>HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2010-01-27] (LogMeIn, Inc.)</p><p>HKLM\...\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow [951592 2009-12-15] (Trend Micro Inc.)</p><p>HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [273544 2011-06-02] (RealNetworks, Inc.)</p><p>HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.)</p><p>HKLM\...\Winlogon: [System] </p><p>Winlogon\Notify\LMIinit: LMIinit.dll (LogMeIn, Inc.)</p><p>Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)</p><p>HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess</p><p>HKU\Administrator\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation)</p><p>HKU\Anyone\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation)</p><p>HKU\Anyone\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation)</p><p>HKU\Anyone\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Anyone\Application Data\skype.dat [x]</p><p>HKU\Default User\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation)</p><p>HKU\LogMeInRemoteUser\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk</p><p>ShortcutTarget: PHOTOfunSTUDIO HD Edition.lnk -> C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk</p><p>ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)</p><p>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)</p><p>S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2009-03-05] (Apple Inc.)</p><p>S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [65536 2006-03-17] (Broadcom Corporation)</p><p>S2 bgsvcgen; C:\WINDOWS\system32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)</p><p>S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] ()</p><p>S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)</p><p>S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)</p><p>S2 ntrtscan; C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1299752 2009-12-11] (Trend Micro Inc.)</p><p>S2 svcGenericHost; C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-06-24] (Trend Micro Inc.)</p><p>S2 tmlisten; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1337488 2009-12-11] (Trend Micro Inc.)</p><p>S3 TmPfw; C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497008 2009-07-15] (Trend Micro Inc.)</p><p>S3 TmProxy; C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689416 2009-07-15] (Trend Micro Inc.)</p><p>S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)</p><p>S1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)</p><p>S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2008-03-30] (Broadcom Corporation)</p><p>S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [6025 2003-04-24] (Broadcom Corporation)</p><p>S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)</p><p>S1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)</p><p>S2 DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio)</p><p>S2 DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio)</p><p>S2 DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio)</p><p>S2 DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio)</p><p>S2 DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio)</p><p>S2 DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio)</p><p>S2 DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio)</p><p>S2 DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio)</p><p>S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)</p><p>S2 LMIInfo; C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2010-01-27] (LogMeIn, Inc.)</p><p>S2 LMIRfsDriver; C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [47640 2010-01-27] (LogMeIn, Inc.)</p><p>S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)</p><p>S0 nvatabus; C:\Windows\System32\drivers\nvatabus.sys [105472 2007-12-19] (NVIDIA Corporation)</p><p>S0 nvgts; C:\Windows\System32\drivers\nvgts.sys [102400 2008-06-10] (NVIDIA Corporation)</p><p>S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1171464 2007-12-02] (SigmaTel, Inc.)</p><p>S3 tmcfw; C:\Windows\System32\DRIVERS\TM_CFW.sys [339984 2009-07-15] (Trend Micro Inc.)</p><p>S2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [158224 2010-05-18] (Trend Micro Inc.)</p><p>S2 TmFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [230928 2010-05-10] (Trend Micro Inc.)</p><p>S2 TmPreFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36368 2010-05-10] (Trend Micro Inc.)</p><p>S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-07-15] (Trend Micro Inc.)</p><p>S2 VSApiNt; C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1322808 2010-05-10] (Trend Micro Inc.)</p><p>S1 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Corporation)</p><p>S4 Abiosdsk; No ImagePath</p><p>S4 Atdisk; No ImagePath</p><p>S1 Changer; No ImagePath</p><p>S1 lbrtfdc; No ImagePath</p><p>S4 LMIRfsClientNP; No ImagePath</p><p>S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [x]</p><p>S1 PCIDump; No ImagePath</p><p>S3 PDCOMP; No ImagePath</p><p>S3 PDFRAME; No ImagePath</p><p>S3 PDRELI; No ImagePath</p><p>S3 PDRFRAME; No ImagePath</p><p>S4 Simbad; No ImagePath</p><p>S3 WDICA; No ImagePath</p><p>S1 WS2IFSL; </p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-04-22 10:01 - 2013-04-22 10:01 - 00000000 ____D C:\FRST</p><p>2013-04-21 10:32 - 2013-04-21 11:23 - 00006208 ____A C:\Windows\setupapi.log</p><p>2013-04-17 13:24 - 2013-04-21 14:07 - 00000004 ____A C:\Documents and Settings\Anyone\Application Data\skype.ini</p><p>2013-04-11 04:05 - 2013-04-11 04:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$</p><p>2013-04-11 04:04 - 2013-04-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$</p><p>2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$</p><p>2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$</p><p></p><p>==================== One Month Modified Files and Folders ========</p><p></p><p>2013-04-22 10:01 - 2013-04-22 10:01 - 00000000 ____D C:\FRST</p><p>2013-04-22 03:52 - 2010-06-09 03:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn</p><p>2013-04-22 03:52 - 2008-04-25 17:32 - 00032570 ____A C:\Windows\SchedLgU.Txt</p><p>2013-04-22 03:52 - 2008-04-25 17:32 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini</p><p>2013-04-22 03:52 - 2008-04-25 17:32 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini</p><p>2013-04-22 03:52 - 2008-04-25 17:32 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-04-22 03:52 - 2008-04-25 17:28 - 01061630 ____A C:\Windows\WindowsUpdate.log</p><p>2013-04-22 03:52 - 2008-04-25 05:25 - 00000275 ____A C:\Windows\wiadebug.log</p><p>2013-04-22 03:52 - 2008-04-25 05:25 - 00000050 ____A C:\Windows\wiaservc.log</p><p>2013-04-21 14:08 - 2011-01-04 10:48 - 00233788 ____A C:\Windows\System32\TmInstall.log</p><p>2013-04-21 14:07 - 2013-04-17 13:24 - 00000004 ____A C:\Documents and Settings\Anyone\Application Data\skype.ini</p><p>2013-04-21 14:07 - 2008-04-25 12:16 - 00002206 ____A C:\Windows\System32\wpa.dbl</p><p>2013-04-21 14:06 - 2011-01-05 11:17 - 00000280 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3915953210-1411050872-365619372-1007.job</p><p>2013-04-21 14:06 - 2010-07-14 06:49 - 00000236 ____A C:\Windows\Tasks\OGALogon.job</p><p>2013-04-21 14:06 - 2008-11-19 11:45 - 00000062 __ASH C:\Documents and Settings\Anyone\Local Settings\desktop.ini</p><p>2013-04-21 14:00 - 2011-01-04 10:52 - 00000031 ____A C:\tmuninst.ini</p><p>2013-04-21 11:23 - 2013-04-21 10:32 - 00006208 ____A C:\Windows\setupapi.log</p><p>2013-04-21 08:24 - 2012-03-13 06:27 - 00000000 __SHD C:\Windows\CSC</p><p>2013-04-17 14:16 - 2008-11-19 11:45 - 00000278 __SHC C:\Documents and Settings\Anyone\ntuser.ini</p><p>2013-04-17 13:20 - 2011-01-05 11:17 - 00000288 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3915953210-1411050872-365619372-1007.job</p><p>2013-04-16 08:33 - 2009-01-05 12:31 - 00000000 ____D C:\Program Files\EasyCert</p><p>2013-04-16 03:26 - 2012-08-20 10:07 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2013-04-16 03:26 - 2012-08-20 10:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware</p><p>2013-04-15 11:09 - 2009-05-06 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM</p><p>2013-04-11 04:21 - 2008-04-25 05:21 - 00273376 ____A C:\Windows\System32\FNTCACHE.DAT</p><p>2013-04-11 04:05 - 2013-04-11 04:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$</p><p>2013-04-11 04:05 - 2010-07-14 06:52 - 00000000 ____D C:\Windows\ie8updates</p><p>2013-04-11 04:05 - 2008-10-20 13:29 - 00000000 ___HD C:\Windows\$hf_mig$</p><p>2013-04-11 04:04 - 2013-04-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$</p><p>2013-04-11 04:01 - 2008-10-25 09:30 - 70490256 ___AC (Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$</p><p>2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$</p><p>2013-04-04 09:50 - 2012-08-20 10:07 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys</p><p>2013-04-03 02:42 - 2008-04-25 05:22 - 00573294 ___AC C:\Windows\System32\PerfStringBackup.INI</p><p></p><p>==================== Known DLLs (ALL) =========================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points (XP) =====================</p><p></p><p>RP: -> 2013-04-14 05:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP999 </p><p></p><p>RP: -> 2013-04-13 04:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP998 </p><p></p><p>RP: -> 2013-04-12 04:06 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP997 </p><p></p><p>RP: -> 2013-04-11 04:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP996 </p><p></p><p>RP: -> 2013-04-10 09:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP995 </p><p></p><p>RP: -> 2013-04-09 09:11 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP994 </p><p></p><p>RP: -> 2013-04-08 07:21 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP993 </p><p></p><p>RP: -> 2013-04-07 06:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP992 </p><p></p><p>RP: -> 2013-04-06 06:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP991 </p><p></p><p>RP: -> 2013-04-05 04:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP990 </p><p></p><p>RP: -> 2013-04-04 04:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP989 </p><p></p><p>RP: -> 2013-04-03 02:58 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP988 </p><p></p><p>RP: -> 2013-03-30 10:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP987 </p><p></p><p>RP: -> 2013-03-29 10:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP986 </p><p></p><p>RP: -> 2013-03-28 09:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP985 </p><p></p><p>RP: -> 2013-03-27 08:32 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP984 </p><p></p><p>RP: -> 2013-03-26 08:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP983 </p><p></p><p>RP: -> 2013-03-25 07:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP982 </p><p></p><p>RP: -> 2013-03-24 06:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP981 </p><p></p><p>RP: -> 2013-03-23 05:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP980 </p><p></p><p>RP: -> 2013-03-22 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP979 </p><p></p><p>RP: -> 2013-03-21 11:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP978 </p><p></p><p>RP: -> 2013-03-20 10:26 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP977 </p><p></p><p>RP: -> 2013-03-19 09:50 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP976 </p><p></p><p>RP: -> 2013-03-18 08:10 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP975 </p><p></p><p>RP: -> 2013-03-17 06:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP974 </p><p></p><p>RP: -> 2013-03-16 06:01 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP973 </p><p></p><p>RP: -> 2013-03-15 05:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP972 </p><p></p><p>RP: -> 2013-03-14 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP971 </p><p></p><p>RP: -> 2013-03-13 17:54 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP970 </p><p></p><p>RP: -> 2013-03-12 15:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP969 </p><p></p><p>RP: -> 2013-03-11 14:32 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP968 </p><p></p><p>RP: -> 2013-03-10 13:13 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP967 </p><p></p><p>RP: -> 2013-03-09 12:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP966 </p><p></p><p>RP: -> 2013-03-08 11:37 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP965 </p><p></p><p>RP: -> 2013-03-06 16:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP964 </p><p></p><p>RP: -> 2013-03-05 15:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP963 </p><p></p><p>RP: -> 2013-03-04 15:31 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP962 </p><p></p><p>RP: -> 2013-03-03 12:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP961 </p><p></p><p>RP: -> 2013-03-02 12:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP960 </p><p></p><p>RP: -> 2013-03-01 11:48 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP959 </p><p></p><p>RP: -> 2013-02-28 11:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP958 </p><p></p><p>RP: -> 2013-02-27 10:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP957 </p><p></p><p>RP: -> 2013-02-25 14:34 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP956 </p><p></p><p>RP: -> 2013-02-24 14:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP955 </p><p></p><p>RP: -> 2013-02-23 13:35 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP954 </p><p></p><p>RP: -> 2013-02-22 13:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP953 </p><p></p><p>RP: -> 2013-02-21 12:56 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP952 </p><p></p><p>RP: -> 2013-02-20 11:31 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP951 </p><p></p><p>RP: -> 2013-02-19 10:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP950 </p><p></p><p>RP: -> 2013-02-18 09:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP949 </p><p></p><p>RP: -> 2013-02-17 08:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP948 </p><p></p><p>RP: -> 2013-02-16 06:03 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP947 </p><p></p><p>RP: -> 2013-02-15 05:28 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP946 </p><p></p><p>RP: -> 2013-02-14 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP945 </p><p></p><p>RP: -> 2013-02-13 15:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP944 </p><p></p><p>RP: -> 2013-02-12 13:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP943 </p><p></p><p>RP: -> 2013-02-11 09:50 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP942 </p><p></p><p>RP: -> 2013-02-10 09:02 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP941 </p><p></p><p>RP: -> 2013-02-09 08:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP940 </p><p></p><p>RP: -> 2013-02-08 06:02 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP939 </p><p></p><p>RP: -> 2013-02-07 05:06 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP938 </p><p></p><p>RP: -> 2013-02-06 05:04 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP937 </p><p></p><p>RP: -> 2013-02-05 04:15 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP936 </p><p></p><p>RP: -> 2013-02-01 05:04 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP935 </p><p></p><p>RP: -> 2013-01-31 04:48 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP934 </p><p></p><p>RP: -> 2013-01-29 20:47 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP933 </p><p></p><p>RP: -> 2013-01-28 19:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP932 </p><p></p><p>RP: -> 2013-01-27 18:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP931 </p><p></p><p>RP: -> 2013-01-26 17:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP930 </p><p></p><p>RP: -> 2013-01-25 17:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP929 </p><p></p><p>RP: -> 2013-01-24 16:46 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP928 </p><p></p><p>RP: -> 2013-01-23 16:15 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP927 </p><p></p><p>RP: -> 2013-01-22 15:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP926 </p><p></p><p>RP: -> 2013-01-22 13:52 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP925 </p><p></p><p>RP: -> 2013-04-17 08:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1002 </p><p></p><p>RP: -> 2013-04-16 07:35 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1001 </p><p></p><p>RP: -> 2013-04-15 06:59 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1000 </p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 13%</p><p>Total physical RAM: 1982.36 MB</p><p>Available physical RAM: 1712.07 MB</p><p>Total Pagefile: 1813.46 MB</p><p>Available Pagefile: 1742.18 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1993.54 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS</p><p>Drive c: () (Fixed) (Total:148.93 GB) (Free:105.03 GB) NTFS ==>[Drive with boot components (Windows XP)]</p><p>Drive d: (HITMANPRO) (Removable) (Total:14.88 GB) (Free:14.88 GB) FAT32</p><p>Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS</p><p></p><p> Disk ### Status Size Free Dyn Gpt</p><p> -------- ---------- ------- ------- --- ---</p><p> Disk 0 Online 149 GB 0 B </p><p></p><p>Partitions of Disk 0:</p><p>===============</p><p></p><p> Partition ### Type Size Offset</p><p> ------------- ---------------- ------- -------</p><p> Partition 1 OEM 78 MB 32 KB</p><p> Partition 2 Primary 149 GB 78 MB</p><p>==================================================================================</p><p></p><p>Disk: 0</p><p>Partition 1</p><p>Type : DE</p><p>Hidden: Yes</p><p>Active: No</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 1 FAT Partition 78 MB Healthy </p><p>=========================================================</p><p></p><p>Disk: 0</p><p>Partition 2</p><p>Type : 07</p><p>Hidden: No</p><p>Active: Yes</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 2 C NTFS Partition 149 GB Healthy </p><p>=========================================================</p><p>============================== MBR & Partition Table ==================</p><p></p><p>====================================================================</p><p>Disk: 0 (MBR Code: Windows Vista) (Size: 149 GB) (Disk ID: A42D04A3)</p><p></p><p>Partition 1: (Not Active) - (Size=78 MB) - (Type=DE)</p><p></p><p>Partition 2: (Active) - (Size=149 GB) - (Type=07) (NTFS)</p><p></p><p>====================================================================</p><p>Disk: 1 (Size: 15 GB) (Disk ID: 8E9D0B2D)</p><p></p><p>Partition 1: (Active) - (Size=15 GB) - (Type=0B)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="Sparks, post: 117620, member: 7672"] Hi, Thanks for your reply i have done as you have asked, please see flash drive info. I did turn the infected computer off was that ok. Hope so. Hope you can help please.Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-04-2013 02 Ran by SYSTEM on 22-04-2013 10:01:22 Running from D:\ Microsoft Windows XP (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet002 ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SigmatelSysTrayApp] stsystra.exe [x] HKLM\...\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup [8491008 2008-03-30] (NVIDIA Corporation) HKLM\...\Run: [nwiz] nwiz.exe /install [x] HKLM\...\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit [81920 2008-03-30] (NVIDIA Corporation) HKLM\...\Run: [PMX Daemon] ICO.EXE [x] HKLM\...\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot [210472 2006-10-25] (Nuance Communications, Inc.) HKLM\...\Run: [PaperPort PTD] "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [30248 2007-01-29] (Nuance Communications, Inc.) HKLM\...\Run: [IndexSearch] "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [46632 2007-01-29] (Nuance Communications, Inc.) HKLM\...\Run: [PPort11reminder] "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini [309 2013-04-21] () HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [413696 2009-01-05] (Apple Inc.) HKLM\...\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon [644696 2007-05-14] (CANON INC.) HKLM\...\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon [1603152 2007-04-03] (CANON INC.) HKLM\...\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [79400 2007-02-04] (Nuance Communications, Inc.) HKLM\...\Run: [WrtMon.exe] C:\WINDOWS\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] () HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.) HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2010-01-27] (LogMeIn, Inc.) HKLM\...\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\Client Server Security Agent\pccntmon.exe" -HideWindow [951592 2009-12-15] (Trend Micro Inc.) HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [273544 2011-06-02] (RealNetworks, Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [40368 2011-08-30] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-03-29] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-04-08] (Sun Microsystems, Inc.) HKLM\...\Winlogon: [System] Winlogon\Notify\LMIinit: LMIinit.dll (LogMeIn, Inc.) Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] fastprox.dll ATTENTION! ====> ZeroAccess HKU\Administrator\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation) HKU\Anyone\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation) HKU\Anyone\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-14] (Microsoft Corporation) HKU\Anyone\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Anyone\Application Data\skype.dat [x] HKU\Default User\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation) HKU\LogMeInRemoteUser\...\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler [ 2007-08-30] (Macrovision Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk ShortcutTarget: PHOTOfunSTUDIO HD Edition.lnk -> C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) ========================== Services (Whitelisted) ================= S2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) S2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2009-03-05] (Apple Inc.) S2 ASFIPmon; C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe [65536 2006-03-17] (Broadcom Corporation) S2 bgsvcgen; C:\WINDOWS\system32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation) S3 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [97432 2007-04-13] () S2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) S2 ntrtscan; C:\Program Files\Trend Micro\Client Server Security Agent\ntrtscan.exe [1299752 2009-12-11] (Trend Micro Inc.) S2 svcGenericHost; C:\Program Files\Trend Micro\Client Server Security Agent\HostedAgent\svcGenericHost.exe [45056 2010-06-24] (Trend Micro Inc.) S2 tmlisten; C:\Program Files\Trend Micro\Client Server Security Agent\tmlisten.exe [1337488 2009-12-11] (Trend Micro Inc.) S3 TmPfw; C:\Program Files\Trend Micro\Client Server Security Agent\TmPfw.exe [497008 2009-07-15] (Trend Micro Inc.) S3 TmProxy; C:\Program Files\Trend Micro\Client Server Security Agent\TmProxy.exe [689416 2009-07-15] (Trend Micro Inc.) S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== S3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.) S1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) S3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [161792 2008-03-30] (Broadcom Corporation) S2 BASFND; C:\Program Files\Broadcom\ASFIPMon\BASFND.sys [6025 2003-04-24] (Broadcom Corporation) S3 BrScnUsb; C:\Windows\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.) S1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation) S2 DLABMFSM; C:\Windows\System32\Drivers\DLABMFSM.SYS [37360 2007-07-23] (Roxio) S2 DLABOIOM; C:\Windows\System32\Drivers\DLABOIOM.SYS [32848 2007-07-23] (Roxio) S2 DLADResM; C:\Windows\System32\Drivers\DLADResM.SYS [9104 2007-07-23] (Roxio) S2 DLAIFS_M; C:\Windows\System32\Drivers\DLAIFS_M.SYS [108752 2007-07-23] (Roxio) S2 DLAOPIOM; C:\Windows\System32\Drivers\DLAOPIOM.SYS [27216 2007-07-23] (Roxio) S2 DLAPoolM; C:\Windows\System32\Drivers\DLAPoolM.SYS [16304 2007-07-23] (Roxio) S2 DLAUDFAM; C:\Windows\System32\Drivers\DLAUDFAM.SYS [93552 2007-07-23] (Roxio) S2 DLAUDF_M; C:\Windows\System32\Drivers\DLAUDF_M.SYS [98448 2007-07-23] (Roxio) S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider) S2 LMIInfo; C:\Program Files\LogMeIn\x86\RaInfo.sys [12856 2010-01-27] (LogMeIn, Inc.) S2 LMIRfsDriver; C:\WINDOWS\system32\drivers\LMIRfsDriver.sys [47640 2010-01-27] (LogMeIn, Inc.) S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation) S0 nvatabus; C:\Windows\System32\drivers\nvatabus.sys [105472 2007-12-19] (NVIDIA Corporation) S0 nvgts; C:\Windows\System32\drivers\nvgts.sys [102400 2008-06-10] (NVIDIA Corporation) S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1171464 2007-12-02] (SigmaTel, Inc.) S3 tmcfw; C:\Windows\System32\DRIVERS\TM_CFW.sys [339984 2009-07-15] (Trend Micro Inc.) S2 tmcomm; C:\WINDOWS\system32\drivers\tmcomm.sys [158224 2010-05-18] (Trend Micro Inc.) S2 TmFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmXPFlt.sys [230928 2010-05-10] (Trend Micro Inc.) S2 TmPreFilter; C:\Program Files\Trend Micro\Client Server Security Agent\TmPreFlt.sys [36368 2010-05-10] (Trend Micro Inc.) S1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [89872 2009-07-15] (Trend Micro Inc.) S2 VSApiNt; C:\Program Files\Trend Micro\Client Server Security Agent\VSApiNt.sys [1322808 2010-05-10] (Trend Micro Inc.) S1 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [31744 2008-04-13] (Microsoft Corporation) S4 Abiosdsk; No ImagePath S4 Atdisk; No ImagePath S1 Changer; No ImagePath S1 lbrtfdc; No ImagePath S4 LMIRfsClientNP; No ImagePath S1 mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys [x] S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 Simbad; No ImagePath S3 WDICA; No ImagePath S1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-04-22 10:01 - 2013-04-22 10:01 - 00000000 ____D C:\FRST 2013-04-21 10:32 - 2013-04-21 11:23 - 00006208 ____A C:\Windows\setupapi.log 2013-04-17 13:24 - 2013-04-21 14:07 - 00000004 ____A C:\Documents and Settings\Anyone\Application Data\skype.ini 2013-04-11 04:05 - 2013-04-11 04:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$ 2013-04-11 04:04 - 2013-04-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$ 2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$ 2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$ ==================== One Month Modified Files and Folders ======== 2013-04-22 10:01 - 2013-04-22 10:01 - 00000000 ____D C:\FRST 2013-04-22 03:52 - 2010-06-09 03:39 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\LogMeIn 2013-04-22 03:52 - 2008-04-25 17:32 - 00032570 ____A C:\Windows\SchedLgU.Txt 2013-04-22 03:52 - 2008-04-25 17:32 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2013-04-22 03:52 - 2008-04-25 17:32 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2013-04-22 03:52 - 2008-04-25 17:32 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-04-22 03:52 - 2008-04-25 17:28 - 01061630 ____A C:\Windows\WindowsUpdate.log 2013-04-22 03:52 - 2008-04-25 05:25 - 00000275 ____A C:\Windows\wiadebug.log 2013-04-22 03:52 - 2008-04-25 05:25 - 00000050 ____A C:\Windows\wiaservc.log 2013-04-21 14:08 - 2011-01-04 10:48 - 00233788 ____A C:\Windows\System32\TmInstall.log 2013-04-21 14:07 - 2013-04-17 13:24 - 00000004 ____A C:\Documents and Settings\Anyone\Application Data\skype.ini 2013-04-21 14:07 - 2008-04-25 12:16 - 00002206 ____A C:\Windows\System32\wpa.dbl 2013-04-21 14:06 - 2011-01-05 11:17 - 00000280 ____A C:\Windows\Tasks\RealUpgradeLogonTaskS-1-5-21-3915953210-1411050872-365619372-1007.job 2013-04-21 14:06 - 2010-07-14 06:49 - 00000236 ____A C:\Windows\Tasks\OGALogon.job 2013-04-21 14:06 - 2008-11-19 11:45 - 00000062 __ASH C:\Documents and Settings\Anyone\Local Settings\desktop.ini 2013-04-21 14:00 - 2011-01-04 10:52 - 00000031 ____A C:\tmuninst.ini 2013-04-21 11:23 - 2013-04-21 10:32 - 00006208 ____A C:\Windows\setupapi.log 2013-04-21 08:24 - 2012-03-13 06:27 - 00000000 __SHD C:\Windows\CSC 2013-04-17 14:16 - 2008-11-19 11:45 - 00000278 __SHC C:\Documents and Settings\Anyone\ntuser.ini 2013-04-17 13:20 - 2011-01-05 11:17 - 00000288 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-3915953210-1411050872-365619372-1007.job 2013-04-16 08:33 - 2009-01-05 12:31 - 00000000 ____D C:\Program Files\EasyCert 2013-04-16 03:26 - 2012-08-20 10:07 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2013-04-16 03:26 - 2012-08-20 10:07 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-04-15 11:09 - 2009-05-06 11:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2013-04-11 04:21 - 2008-04-25 05:21 - 00273376 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-11 04:05 - 2013-04-11 04:05 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$ 2013-04-11 04:05 - 2010-07-14 06:52 - 00000000 ____D C:\Windows\ie8updates 2013-04-11 04:05 - 2008-10-20 13:29 - 00000000 ___HD C:\Windows\$hf_mig$ 2013-04-11 04:04 - 2013-04-11 04:04 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$ 2013-04-11 04:01 - 2008-10-25 09:30 - 70490256 ___AC (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$ 2013-04-11 04:00 - 2013-04-11 04:00 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$ 2013-04-04 09:50 - 2012-08-20 10:07 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-04-03 02:42 - 2008-04-25 05:22 - 00573294 ___AC C:\Windows\System32\PerfStringBackup.INI ==================== Known DLLs (ALL) ========================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points (XP) ===================== RP: -> 2013-04-14 05:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP999 RP: -> 2013-04-13 04:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP998 RP: -> 2013-04-12 04:06 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP997 RP: -> 2013-04-11 04:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP996 RP: -> 2013-04-10 09:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP995 RP: -> 2013-04-09 09:11 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP994 RP: -> 2013-04-08 07:21 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP993 RP: -> 2013-04-07 06:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP992 RP: -> 2013-04-06 06:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP991 RP: -> 2013-04-05 04:44 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP990 RP: -> 2013-04-04 04:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP989 RP: -> 2013-04-03 02:58 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP988 RP: -> 2013-03-30 10:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP987 RP: -> 2013-03-29 10:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP986 RP: -> 2013-03-28 09:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP985 RP: -> 2013-03-27 08:32 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP984 RP: -> 2013-03-26 08:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP983 RP: -> 2013-03-25 07:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP982 RP: -> 2013-03-24 06:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP981 RP: -> 2013-03-23 05:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP980 RP: -> 2013-03-22 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP979 RP: -> 2013-03-21 11:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP978 RP: -> 2013-03-20 10:26 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP977 RP: -> 2013-03-19 09:50 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP976 RP: -> 2013-03-18 08:10 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP975 RP: -> 2013-03-17 06:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP974 RP: -> 2013-03-16 06:01 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP973 RP: -> 2013-03-15 05:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP972 RP: -> 2013-03-14 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP971 RP: -> 2013-03-13 17:54 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP970 RP: -> 2013-03-12 15:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP969 RP: -> 2013-03-11 14:32 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP968 RP: -> 2013-03-10 13:13 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP967 RP: -> 2013-03-09 12:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP966 RP: -> 2013-03-08 11:37 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP965 RP: -> 2013-03-06 16:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP964 RP: -> 2013-03-05 15:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP963 RP: -> 2013-03-04 15:31 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP962 RP: -> 2013-03-03 12:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP961 RP: -> 2013-03-02 12:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP960 RP: -> 2013-03-01 11:48 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP959 RP: -> 2013-02-28 11:39 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP958 RP: -> 2013-02-27 10:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP957 RP: -> 2013-02-25 14:34 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP956 RP: -> 2013-02-24 14:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP955 RP: -> 2013-02-23 13:35 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP954 RP: -> 2013-02-22 13:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP953 RP: -> 2013-02-21 12:56 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP952 RP: -> 2013-02-20 11:31 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP951 RP: -> 2013-02-19 10:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP950 RP: -> 2013-02-18 09:27 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP949 RP: -> 2013-02-17 08:51 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP948 RP: -> 2013-02-16 06:03 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP947 RP: -> 2013-02-15 05:28 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP946 RP: -> 2013-02-14 05:00 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP945 RP: -> 2013-02-13 15:07 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP944 RP: -> 2013-02-12 13:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP943 RP: -> 2013-02-11 09:50 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP942 RP: -> 2013-02-10 09:02 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP941 RP: -> 2013-02-09 08:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP940 RP: -> 2013-02-08 06:02 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP939 RP: -> 2013-02-07 05:06 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP938 RP: -> 2013-02-06 05:04 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP937 RP: -> 2013-02-05 04:15 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP936 RP: -> 2013-02-01 05:04 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP935 RP: -> 2013-01-31 04:48 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP934 RP: -> 2013-01-29 20:47 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP933 RP: -> 2013-01-28 19:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP932 RP: -> 2013-01-27 18:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP931 RP: -> 2013-01-26 17:42 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP930 RP: -> 2013-01-25 17:18 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP929 RP: -> 2013-01-24 16:46 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP928 RP: -> 2013-01-23 16:15 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP927 RP: -> 2013-01-22 15:20 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP926 RP: -> 2013-01-22 13:52 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP925 RP: -> 2013-04-17 08:25 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1002 RP: -> 2013-04-16 07:35 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1001 RP: -> 2013-04-15 06:59 - 032768 _restore{45B5E8B9-949A-471E-999D-F381DA56A2D3}\RP1000 ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 1982.36 MB Available physical RAM: 1712.07 MB Total Pagefile: 1813.46 MB Available Pagefile: 1742.18 MB Total Virtual: 2047.88 MB Available Virtual: 1993.54 MB ==================== Drives ================================ Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS Drive c: () (Fixed) (Total:148.93 GB) (Free:105.03 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (HITMANPRO) (Removable) (Total:14.88 GB) (Free:14.88 GB) FAT32 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 149 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 78 MB 32 KB Partition 2 Primary 149 GB 78 MB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 FAT Partition 78 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 149 GB Healthy ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (MBR Code: Windows Vista) (Size: 149 GB) (Disk ID: A42D04A3) Partition 1: (Not Active) - (Size=78 MB) - (Type=DE) Partition 2: (Active) - (Size=149 GB) - (Type=07) (NTFS) ==================================================================== Disk: 1 (Size: 15 GB) (Disk ID: 8E9D0B2D) Partition 1: (Active) - (Size=15 GB) - (Type=0B) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
