Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Virulent Police ecrime virus
Message
<blockquote data-quote="pete284" data-source="post: 119435" data-attributes="member: 8044"><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2013</p><p>Ran by SYSTEM on 07-05-2013 01:56:34</p><p>Running from D:\</p><p>Microsoft Windows XP (X86) OS Language: English(US)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Recovery</p><p>The current controlset is ControlSet002</p><p><strong>ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.</strong></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [32768 2004-06-29] (Cyberlink Corp.)</p><p>HKLM\...\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] ()</p><p>HKLM\...\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [57344 2003-08-19] (Lexmark International, Inc.)</p><p>HKLM\...\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon [866816 2004-01-26] (THOMSON Telecom Belgium)</p><p>HKLM\...\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [x]</p><p>HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x]</p><p>HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [1800464 2009-11-21] (COMODO)</p><p>HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)</p><p>HKLM\...\Winlogon: [System] </p><p>HKU\ron\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-13] (Microsoft Corporation)</p><p>HKU\ron\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x]</p><p>HKU\ron\...\Run: [Google Update] "C:\Documents and Settings\ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [ 2011-07-09] (Google Inc.)</p><p>HKU\ron\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2006-10-18] (Microsoft Corporation)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk</p><p>ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk</p><p>ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk</p><p>ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company)</p><p>Startup: C:\Documents and Settings\ron\Start Menu\Programs\Startup\msconfig.lnk</p><p>ShortcutTarget: msconfig.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\8edolo.dat (?????????? ??????????2)</p><p>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>S2 btwdins; C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe [266295 2006-06-07] (Broadcom Corporation.)</p><p>S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [723632 2009-11-21] (COMODO)</p><p>S2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-08-18] (Lexmark International, Inc.)</p><p>S2 SLService; C:\Windows\System32\slserv.exe [57344 2004-11-01] ( )</p><p>S2 winmgmt; C:\DOCUME~1\ALLUSE~1\APPLIC~1\8edolo.dat [148992 2013-05-04] (?????????? ??????????2)</p><p>S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S3 alcan5wn; C:\Windows\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON)</p><p>S3 alcaudsl; C:\Windows\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON)</p><p>S3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.)</p><p>S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [329901 2006-06-07] (Broadcom Corporation.)</p><p>S3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30459 2006-06-07] (Broadcom Corporation.)</p><p>S3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [855018 2006-06-07] (Broadcom Corporation.)</p><p>S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [149028 2006-06-07] (Broadcom Corporation.)</p><p>S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [47811 2006-06-07] (Broadcom Corporation.)</p><p>S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [67384 2006-06-07] (Broadcom Corporation.)</p><p>S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [133064 2009-11-25] (COMODO)</p><p>S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [25160 2009-11-21] (COMODO)</p><p>S3 cmuda; C:\Windows\System32\drivers\cmuda.sys [1373120 2006-06-09] (C-Media Inc)</p><p>S3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation)</p><p>S0 Inspect; C:\Windows\System32\DRIVERS\inspect.sys [87104 2009-11-21] (COMODO)</p><p>S3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation)</p><p>S3 Mtlmnt5; C:\Windows\System32\DRIVERS\Mtlmnt5.sys [229720 2004-11-01] ( )</p><p>S3 Mtlstrm; C:\Windows\System32\DRIVERS\Mtlstrm.sys [1396048 2004-11-01] ( )</p><p>S0 RecAgent; C:\Windows\System32\DRIVERS\RecAgent.sys [14520 2004-11-01] ( )</p><p>S3 SiS315; C:\Windows\System32\DRIVERS\sisgrp.sys [217600 2004-05-14] (Silicon Integrated Systems Corporation)</p><p>S0 SiSide; C:\Windows\System32\DRIVERS\SISIDE.SYS [4096 2003-03-25] (Silicon Integrated Systems Corp.)</p><p>S1 SiSkp; C:\Windows\System32\DRIVERS\srvkp.sys [12416 2004-05-12] (Silicon Integrated Systems Corporation)</p><p>S3 SISNIC; C:\Windows\System32\DRIVERS\sisnic.sys [32256 2002-07-10] (SiS Corporation)</p><p>S3 Slntamr; C:\Windows\System32\DRIVERS\slntamr.sys [653960 2004-11-01] ( )</p><p>S3 SlNtHal; C:\Windows\System32\DRIVERS\Slnthal.sys [100176 2004-11-01] ( )</p><p>S3 SlWdmSup; C:\Windows\System32\DRIVERS\SlWdmSup.sys [13216 2004-11-01] ( )</p><p>S4 Abiosdsk; No ImagePath</p><p>S3 ALCXSENS; system32\drivers\ALCXSENS.SYS [x]</p><p>S4 Atdisk; No ImagePath</p><p>S1 Changer; No ImagePath</p><p>S1 lbrtfdc; No ImagePath</p><p>S1 PCIDump; No ImagePath</p><p>S3 PDCOMP; No ImagePath</p><p>S3 PDFRAME; No ImagePath</p><p>S3 PDRELI; No ImagePath</p><p>S3 PDRFRAME; No ImagePath</p><p>S4 Simbad; No ImagePath</p><p>S3 WDICA; No ImagePath</p><p>S1 WS2IFSL; </p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-05-07 01:56 - 2013-05-07 01:56 - 00000000 ____D C:\FRST</p><p>2013-05-06 18:58 - 2013-05-06 18:58 - 03151954 ____A C:\lx12core3162ng.bin</p><p>2013-05-06 18:57 - 2013-05-06 18:58 - 74336731 ____A C:\u12iavi5803yp.bin</p><p>2013-05-06 18:57 - 2013-05-06 18:57 - 00002605 ____A C:\avg12infolx.ctf</p><p>2013-05-06 18:57 - 2013-05-06 18:57 - 00000705 ____A C:\avg12infoavi.ctf</p><p>2013-05-06 18:17 - 2013-05-06 18:19 - 00000403 ____A C:\Windows\wmsetup.log</p><p>2013-05-06 17:45 - 2013-05-06 17:45 - 00033280 ____N (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\rundll32.exe</p><p>2013-05-06 17:26 - 2013-05-06 17:26 - 00018744 ____A C:\Documents and Settings\ron\My Documents\cc_20130506_222633.reg</p><p>2013-05-06 17:13 - 2013-05-06 17:44 - 00065536 ____A C:\Windows\System32\config\Doctor Web.evt</p><p>2013-05-06 16:49 - 2013-05-06 16:49 - 00000000 ____D C:\Documents and Settings\ron\Doctor Web</p><p>2013-05-06 16:48 - 2013-05-06 16:48 - 00065536 ____A C:\Windows\System32\config\Doctor W.evt</p><p>2013-05-04 06:30 - 2013-05-06 18:26 - 95023320 ___AT C:\Documents and Settings\All Users\Application Data\olode8.pad</p><p>2013-05-04 06:30 - 2013-05-06 18:26 - 00000000 ____A C:\Documents and Settings\All Users\Application Data\as98213.txt</p><p>2013-05-04 06:30 - 2013-05-04 06:30 - 00148992 ____A (?????????? ??????????2) C:\Documents and Settings\All Users\Application Data\8edolo.dat</p><p>2013-05-04 06:30 - 2013-05-04 06:30 - 00003062 ____A C:\Documents and Settings\All Users\Application Data\olode8.js</p><p>2013-04-10 10:08 - 2013-04-10 10:08 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$</p><p>2013-04-10 09:59 - 2013-04-10 09:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$</p><p>2013-04-10 09:47 - 2013-04-10 09:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$</p><p>2013-04-10 09:38 - 2013-04-10 09:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$</p><p></p><p>==================== One Month Modified Files and Folders ========</p><p></p><p>2013-05-07 01:56 - 2013-05-07 01:56 - 00000000 ____D C:\FRST</p><p>2013-05-06 18:58 - 2013-05-06 18:58 - 03151954 ____A C:\lx12core3162ng.bin</p><p>2013-05-06 18:58 - 2013-05-06 18:57 - 74336731 ____A C:\u12iavi5803yp.bin</p><p>2013-05-06 18:57 - 2013-05-06 18:57 - 00002605 ____A C:\avg12infolx.ctf</p><p>2013-05-06 18:57 - 2013-05-06 18:57 - 00000705 ____A C:\avg12infoavi.ctf</p><p>2013-05-06 18:26 - 2013-05-04 06:30 - 95023320 ___AT C:\Documents and Settings\All Users\Application Data\olode8.pad</p><p>2013-05-06 18:26 - 2013-05-04 06:30 - 00000000 ____A C:\Documents and Settings\All Users\Application Data\as98213.txt</p><p>2013-05-06 18:26 - 2004-10-31 16:37 - 01940017 ____A C:\Windows\WindowsUpdate.log</p><p>2013-05-06 18:26 - 2004-10-31 09:32 - 00000159 ____A C:\Windows\wiadebug.log</p><p>2013-05-06 18:26 - 2004-10-31 09:32 - 00000050 ____A C:\Windows\wiaservc.log</p><p>2013-05-06 18:25 - 2011-04-30 06:42 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-05-06 18:25 - 2009-04-15 15:13 - 00000062 __ASH C:\Documents and Settings\ron\Local Settings\desktop.ini</p><p>2013-05-06 18:25 - 2004-10-31 16:43 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-05-06 18:25 - 2004-10-31 09:43 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini</p><p>2013-05-06 18:25 - 2004-10-31 09:43 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini</p><p>2013-05-06 18:19 - 2013-05-06 18:17 - 00000403 ____A C:\Windows\wmsetup.log</p><p>2013-05-06 18:18 - 2009-05-21 10:38 - 00150822 ____A C:\logfile</p><p>2013-05-06 17:45 - 2013-05-06 17:45 - 00033280 ____N (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\rundll32.exe</p><p>2013-05-06 17:45 - 2010-08-07 10:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware</p><p>2013-05-06 17:44 - 2013-05-06 17:13 - 00065536 ____A C:\Windows\System32\config\Doctor Web.evt</p><p>2013-05-06 17:44 - 2009-04-15 15:13 - 00000178 ___SH C:\Documents and Settings\ron\ntuser.ini</p><p>2013-05-06 17:44 - 2004-10-31 16:43 - 00032570 ____A C:\Windows\SchedLgU.Txt</p><p>2013-05-06 17:43 - 2010-09-18 06:13 - 00000000 __HDC C:\Windows\$NtUninstallKB2259922$</p><p>2013-05-06 17:40 - 2012-05-01 06:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\529C533F000033A5000022A1D151FC84</p><p>2013-05-06 17:37 - 2012-09-17 10:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2013-05-06 17:34 - 2011-07-09 05:41 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-05-06 17:32 - 2011-08-28 06:23 - 00000970 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638100101-2382298926-704877491-1007UA.job</p><p>2013-05-06 17:26 - 2013-05-06 17:26 - 00018744 ____A C:\Documents and Settings\ron\My Documents\cc_20130506_222633.reg</p><p>2013-05-06 17:23 - 2010-08-07 11:24 - 00000000 ____D C:\Documents and Settings\ron\Desktop\cleaning</p><p>2013-05-06 17:23 - 2010-08-07 10:16 - 00000000 ____D C:\Program Files\Defraggler</p><p>2013-05-06 17:18 - 2010-08-07 10:14 - 00000000 ____D C:\Program Files\CCleaner</p><p>2013-05-06 16:49 - 2013-05-06 16:49 - 00000000 ____D C:\Documents and Settings\ron\Doctor Web</p><p>2013-05-06 16:48 - 2013-05-06 16:48 - 00065536 ____A C:\Windows\System32\config\Doctor W.evt</p><p>2013-05-06 14:23 - 2004-10-31 16:22 - 00001170 ____A C:\Windows\System32\wpa.dbl</p><p>2013-05-04 08:32 - 2012-09-13 08:22 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638100101-2382298926-704877491-1007Core1cd91aa5678e4e6.job</p><p>2013-05-04 06:30 - 2013-05-04 06:30 - 00148992 ____A (?????????? ??????????2) C:\Documents and Settings\All Users\Application Data\8edolo.dat</p><p>2013-05-04 06:30 - 2013-05-04 06:30 - 00003062 ____A C:\Documents and Settings\All Users\Application Data\olode8.js</p><p>2013-04-27 09:37 - 2009-05-21 10:38 - 03213312 ___RA C:\Documents and Settings\All Users\Documents\ESBK.mbb</p><p>2013-04-27 09:37 - 2009-05-21 10:38 - 01879040 ___RA C:\Documents and Settings\All Users\Documents\ESBK.mb</p><p>2013-04-18 09:25 - 2005-02-18 14:40 - 00000595 ____A C:\Windows\lexstat.ini</p><p>2013-04-15 06:12 - 2004-10-31 09:30 - 00522638 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-04-10 10:38 - 2011-08-28 06:32 - 00002268 ____A C:\Documents and Settings\ron\Desktop\Google Chrome.lnk</p><p>2013-04-10 10:29 - 2004-10-31 09:29 - 00146808 ____A C:\Windows\System32\FNTCACHE.DAT</p><p>2013-04-10 10:18 - 2011-08-28 06:23 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638100101-2382298926-704877491-1007Core.job</p><p>2013-04-10 10:17 - 2009-05-26 10:39 - 00000000 ____D C:\Windows\ie8updates</p><p>2013-04-10 10:08 - 2013-04-10 10:08 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$</p><p>2013-04-10 10:08 - 2005-03-22 20:51 - 00000000 ___HD C:\Windows\$hf_mig$</p><p>2013-04-10 09:59 - 2013-04-10 09:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$</p><p>2013-04-10 09:47 - 2013-04-10 09:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$</p><p>2013-04-10 09:47 - 2009-05-12 08:33 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>2013-04-10 09:38 - 2013-04-10 09:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$</p><p></p><p>==================== Known DLLs (Whitelisted) ============</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points (XP) =====================</p><p></p><p>RP: -> 2013-04-13 08:36 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP173 </p><p></p><p>RP: -> 2013-04-10 09:28 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP172 </p><p></p><p>RP: -> 2013-04-09 07:22 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP171 </p><p></p><p>RP: -> 2013-03-30 08:00 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP170 </p><p></p><p>RP: -> 2013-03-16 08:00 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP169 </p><p></p><p>RP: -> 2013-03-12 07:54 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP168 </p><p></p><p>RP: -> 2013-02-16 07:21 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP167 </p><p></p><p>RP: -> 2013-02-09 09:52 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP166 </p><p></p><p>RP: -> 2013-01-16 08:00 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP165 </p><p></p><p>RP: -> 2013-01-10 09:09 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP164 </p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 44%</p><p>Total physical RAM: 479.48 MB</p><p>Available physical RAM: 265.73 MB</p><p>Total Pagefile: 383.29 MB</p><p>Available Pagefile: 291.7 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1993.54 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS</p><p>Drive c: () (Fixed) (Total:146.6 GB) (Free:133.44 GB) NTFS ==>[Drive with boot components (Windows XP)]</p><p>Drive d: (HITMANPRO) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32</p><p>Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS</p><p>============================== MBR & Partition Table ==================</p><p></p><p>====================================================================</p><p>Disk: 0 (Size: 149 GB) (Disk ID: 5AC4A8C5)</p><p>Partition 1: (Not Active) - (Size=2 GB) - (Type=12)</p><p>Partition 2: (Active) - (Size=147 GB) - (Type=07 NTFS)</p><p></p><p>====================================================================</p><p>Disk: 1 (Size: 4 GB) (Disk ID: 0BBA1D82)</p><p>Partition 1: (Active) - (Size=4 GB) - (Type=0B)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="pete284, post: 119435, member: 8044"] Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2013 Ran by SYSTEM on 07-05-2013 01:56:34 Running from D:\ Microsoft Windows XP (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet002 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [32768 2004-06-29] (Cyberlink Corp.) HKLM\...\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE [212992 2002-09-13] () HKLM\...\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe" [57344 2003-08-19] (Lexmark International, Inc.) HKLM\...\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon [866816 2004-01-26] (THOMSON Telecom Belgium) HKLM\...\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd [x] HKLM\...\Run: [SoundMan] SOUNDMAN.EXE [x] HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [1800464 2009-11-21] (COMODO) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.) HKLM\...\Winlogon: [System] HKU\ron\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2008-04-13] (Microsoft Corporation) HKU\ron\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [x] HKU\ron\...\Run: [Google Update] "C:\Documents and Settings\ron\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c [ 2011-07-09] (Google Inc.) HKU\ron\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [ 2006-10-18] (Microsoft Corporation) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Belkin\Bluetooth Software\BTTray.exe (Broadcom Corporation.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk ShortcutTarget: Kodak EasyShare software.lnk -> C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe (Eastman Kodak Company) Startup: C:\Documents and Settings\ron\Start Menu\Programs\Startup\msconfig.lnk ShortcutTarget: msconfig.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\8edolo.dat (?????????? ??????????2) SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) ========================== Services (Whitelisted) ================= S2 btwdins; C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe [266295 2006-06-07] (Broadcom Corporation.) S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [723632 2009-11-21] (COMODO) S2 LexBceS; C:\WINDOWS\system32\LEXBCES.EXE [303104 2003-08-18] (Lexmark International, Inc.) S2 SLService; C:\Windows\System32\slserv.exe [57344 2004-11-01] ( ) S2 winmgmt; C:\DOCUME~1\ALLUSE~1\APPLIC~1\8edolo.dat [148992 2013-05-04] (?????????? ??????????2) S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x] ==================== Drivers (Whitelisted) ==================== S3 alcan5wn; C:\Windows\System32\DRIVERS\alcan5wn.sys [53600 2003-12-08] (THOMSON) S3 alcaudsl; C:\Windows\System32\DRIVERS\alcaudsl.sys [70688 2003-12-08] (THOMSON) S3 ALCXWDM; C:\Windows\System32\drivers\ALCXWDM.SYS [4122368 2008-09-24] (Realtek Semiconductor Corp.) S3 btaudio; C:\Windows\System32\drivers\btaudio.sys [329901 2006-06-07] (Broadcom Corporation.) S3 BTDriver; C:\Windows\System32\DRIVERS\btport.sys [30459 2006-06-07] (Broadcom Corporation.) S3 BTKRNL; C:\Windows\System32\DRIVERS\btkrnl.sys [855018 2006-06-07] (Broadcom Corporation.) S3 BTWDNDIS; C:\Windows\System32\DRIVERS\btwdndis.sys [149028 2006-06-07] (Broadcom Corporation.) S3 btwhid; C:\Windows\System32\DRIVERS\btwhid.sys [47811 2006-06-07] (Broadcom Corporation.) S3 BTWUSB; C:\Windows\System32\Drivers\btwusb.sys [67384 2006-06-07] (Broadcom Corporation.) S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [133064 2009-11-25] (COMODO) S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [25160 2009-11-21] (COMODO) S3 cmuda; C:\Windows\System32\drivers\cmuda.sys [1373120 2006-06-09] (C-Media Inc) S3 EL90XBC; C:\Windows\System32\DRIVERS\el90xbc5.sys [66591 2001-08-17] (3Com Corporation) S0 Inspect; C:\Windows\System32\DRIVERS\inspect.sys [87104 2009-11-21] (COMODO) S3 ms_mpu401; C:\Windows\System32\drivers\msmpu401.sys [2944 2001-08-17] (Microsoft Corporation) S3 Mtlmnt5; C:\Windows\System32\DRIVERS\Mtlmnt5.sys [229720 2004-11-01] ( ) S3 Mtlstrm; C:\Windows\System32\DRIVERS\Mtlstrm.sys [1396048 2004-11-01] ( ) S0 RecAgent; C:\Windows\System32\DRIVERS\RecAgent.sys [14520 2004-11-01] ( ) S3 SiS315; C:\Windows\System32\DRIVERS\sisgrp.sys [217600 2004-05-14] (Silicon Integrated Systems Corporation) S0 SiSide; C:\Windows\System32\DRIVERS\SISIDE.SYS [4096 2003-03-25] (Silicon Integrated Systems Corp.) S1 SiSkp; C:\Windows\System32\DRIVERS\srvkp.sys [12416 2004-05-12] (Silicon Integrated Systems Corporation) S3 SISNIC; C:\Windows\System32\DRIVERS\sisnic.sys [32256 2002-07-10] (SiS Corporation) S3 Slntamr; C:\Windows\System32\DRIVERS\slntamr.sys [653960 2004-11-01] ( ) S3 SlNtHal; C:\Windows\System32\DRIVERS\Slnthal.sys [100176 2004-11-01] ( ) S3 SlWdmSup; C:\Windows\System32\DRIVERS\SlWdmSup.sys [13216 2004-11-01] ( ) S4 Abiosdsk; No ImagePath S3 ALCXSENS; system32\drivers\ALCXSENS.SYS [x] S4 Atdisk; No ImagePath S1 Changer; No ImagePath S1 lbrtfdc; No ImagePath S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 Simbad; No ImagePath S3 WDICA; No ImagePath S1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-07 01:56 - 2013-05-07 01:56 - 00000000 ____D C:\FRST 2013-05-06 18:58 - 2013-05-06 18:58 - 03151954 ____A C:\lx12core3162ng.bin 2013-05-06 18:57 - 2013-05-06 18:58 - 74336731 ____A C:\u12iavi5803yp.bin 2013-05-06 18:57 - 2013-05-06 18:57 - 00002605 ____A C:\avg12infolx.ctf 2013-05-06 18:57 - 2013-05-06 18:57 - 00000705 ____A C:\avg12infoavi.ctf 2013-05-06 18:17 - 2013-05-06 18:19 - 00000403 ____A C:\Windows\wmsetup.log 2013-05-06 17:45 - 2013-05-06 17:45 - 00033280 ____N (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\rundll32.exe 2013-05-06 17:26 - 2013-05-06 17:26 - 00018744 ____A C:\Documents and Settings\ron\My Documents\cc_20130506_222633.reg 2013-05-06 17:13 - 2013-05-06 17:44 - 00065536 ____A C:\Windows\System32\config\Doctor Web.evt 2013-05-06 16:49 - 2013-05-06 16:49 - 00000000 ____D C:\Documents and Settings\ron\Doctor Web 2013-05-06 16:48 - 2013-05-06 16:48 - 00065536 ____A C:\Windows\System32\config\Doctor W.evt 2013-05-04 06:30 - 2013-05-06 18:26 - 95023320 ___AT C:\Documents and Settings\All Users\Application Data\olode8.pad 2013-05-04 06:30 - 2013-05-06 18:26 - 00000000 ____A C:\Documents and Settings\All Users\Application Data\as98213.txt 2013-05-04 06:30 - 2013-05-04 06:30 - 00148992 ____A (?????????? ??????????2) C:\Documents and Settings\All Users\Application Data\8edolo.dat 2013-05-04 06:30 - 2013-05-04 06:30 - 00003062 ____A C:\Documents and Settings\All Users\Application Data\olode8.js 2013-04-10 10:08 - 2013-04-10 10:08 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$ 2013-04-10 09:59 - 2013-04-10 09:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$ 2013-04-10 09:47 - 2013-04-10 09:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$ 2013-04-10 09:38 - 2013-04-10 09:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$ ==================== One Month Modified Files and Folders ======== 2013-05-07 01:56 - 2013-05-07 01:56 - 00000000 ____D C:\FRST 2013-05-06 18:58 - 2013-05-06 18:58 - 03151954 ____A C:\lx12core3162ng.bin 2013-05-06 18:58 - 2013-05-06 18:57 - 74336731 ____A C:\u12iavi5803yp.bin 2013-05-06 18:57 - 2013-05-06 18:57 - 00002605 ____A C:\avg12infolx.ctf 2013-05-06 18:57 - 2013-05-06 18:57 - 00000705 ____A C:\avg12infoavi.ctf 2013-05-06 18:26 - 2013-05-04 06:30 - 95023320 ___AT C:\Documents and Settings\All Users\Application Data\olode8.pad 2013-05-06 18:26 - 2013-05-04 06:30 - 00000000 ____A C:\Documents and Settings\All Users\Application Data\as98213.txt 2013-05-06 18:26 - 2004-10-31 16:37 - 01940017 ____A C:\Windows\WindowsUpdate.log 2013-05-06 18:26 - 2004-10-31 09:32 - 00000159 ____A C:\Windows\wiadebug.log 2013-05-06 18:26 - 2004-10-31 09:32 - 00000050 ____A C:\Windows\wiaservc.log 2013-05-06 18:25 - 2011-04-30 06:42 - 00000882 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-06 18:25 - 2009-04-15 15:13 - 00000062 __ASH C:\Documents and Settings\ron\Local Settings\desktop.ini 2013-05-06 18:25 - 2004-10-31 16:43 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-06 18:25 - 2004-10-31 09:43 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2013-05-06 18:25 - 2004-10-31 09:43 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2013-05-06 18:19 - 2013-05-06 18:17 - 00000403 ____A C:\Windows\wmsetup.log 2013-05-06 18:18 - 2009-05-21 10:38 - 00150822 ____A C:\logfile 2013-05-06 17:45 - 2013-05-06 17:45 - 00033280 ____N (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\rundll32.exe 2013-05-06 17:45 - 2010-08-07 10:55 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-05-06 17:44 - 2013-05-06 17:13 - 00065536 ____A C:\Windows\System32\config\Doctor Web.evt 2013-05-06 17:44 - 2009-04-15 15:13 - 00000178 ___SH C:\Documents and Settings\ron\ntuser.ini 2013-05-06 17:44 - 2004-10-31 16:43 - 00032570 ____A C:\Windows\SchedLgU.Txt 2013-05-06 17:43 - 2010-09-18 06:13 - 00000000 __HDC C:\Windows\$NtUninstallKB2259922$ 2013-05-06 17:40 - 2012-05-01 06:57 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\529C533F000033A5000022A1D151FC84 2013-05-06 17:37 - 2012-09-17 10:42 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-06 17:34 - 2011-07-09 05:41 - 00000886 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-06 17:32 - 2011-08-28 06:23 - 00000970 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638100101-2382298926-704877491-1007UA.job 2013-05-06 17:26 - 2013-05-06 17:26 - 00018744 ____A C:\Documents and Settings\ron\My Documents\cc_20130506_222633.reg 2013-05-06 17:23 - 2010-08-07 11:24 - 00000000 ____D C:\Documents and Settings\ron\Desktop\cleaning 2013-05-06 17:23 - 2010-08-07 10:16 - 00000000 ____D C:\Program Files\Defraggler 2013-05-06 17:18 - 2010-08-07 10:14 - 00000000 ____D C:\Program Files\CCleaner 2013-05-06 16:49 - 2013-05-06 16:49 - 00000000 ____D C:\Documents and Settings\ron\Doctor Web 2013-05-06 16:48 - 2013-05-06 16:48 - 00065536 ____A C:\Windows\System32\config\Doctor W.evt 2013-05-06 14:23 - 2004-10-31 16:22 - 00001170 ____A C:\Windows\System32\wpa.dbl 2013-05-04 08:32 - 2012-09-13 08:22 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638100101-2382298926-704877491-1007Core1cd91aa5678e4e6.job 2013-05-04 06:30 - 2013-05-04 06:30 - 00148992 ____A (?????????? ??????????2) C:\Documents and Settings\All Users\Application Data\8edolo.dat 2013-05-04 06:30 - 2013-05-04 06:30 - 00003062 ____A C:\Documents and Settings\All Users\Application Data\olode8.js 2013-04-27 09:37 - 2009-05-21 10:38 - 03213312 ___RA C:\Documents and Settings\All Users\Documents\ESBK.mbb 2013-04-27 09:37 - 2009-05-21 10:38 - 01879040 ___RA C:\Documents and Settings\All Users\Documents\ESBK.mb 2013-04-18 09:25 - 2005-02-18 14:40 - 00000595 ____A C:\Windows\lexstat.ini 2013-04-15 06:12 - 2004-10-31 09:30 - 00522638 ____A C:\Windows\System32\PerfStringBackup.INI 2013-04-10 10:38 - 2011-08-28 06:32 - 00002268 ____A C:\Documents and Settings\ron\Desktop\Google Chrome.lnk 2013-04-10 10:29 - 2004-10-31 09:29 - 00146808 ____A C:\Windows\System32\FNTCACHE.DAT 2013-04-10 10:18 - 2011-08-28 06:23 - 00000918 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3638100101-2382298926-704877491-1007Core.job 2013-04-10 10:17 - 2009-05-26 10:39 - 00000000 ____D C:\Windows\ie8updates 2013-04-10 10:08 - 2013-04-10 10:08 - 00000000 __HDC C:\Windows\$NtUninstallKB2808735$ 2013-04-10 10:08 - 2005-03-22 20:51 - 00000000 ___HD C:\Windows\$hf_mig$ 2013-04-10 09:59 - 2013-04-10 09:59 - 00000000 __HDC C:\Windows\$NtUninstallKB2820917$ 2013-04-10 09:47 - 2013-04-10 09:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2813345$ 2013-04-10 09:47 - 2009-05-12 08:33 - 70490256 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-04-10 09:38 - 2013-04-10 09:38 - 00000000 __HDC C:\Windows\$NtUninstallKB2813170$ ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points (XP) ===================== RP: -> 2013-04-13 08:36 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP173 RP: -> 2013-04-10 09:28 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP172 RP: -> 2013-04-09 07:22 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP171 RP: -> 2013-03-30 08:00 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP170 RP: -> 2013-03-16 08:00 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP169 RP: -> 2013-03-12 07:54 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP168 RP: -> 2013-02-16 07:21 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP167 RP: -> 2013-02-09 09:52 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP166 RP: -> 2013-01-16 08:00 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP165 RP: -> 2013-01-10 09:09 - 024576 _restore{56A8C224-54F6-4B5D-94C2-563CBEC264A0}\RP164 ==================== Memory info =========================== Percentage of memory in use: 44% Total physical RAM: 479.48 MB Available physical RAM: 265.73 MB Total Pagefile: 383.29 MB Available Pagefile: 291.7 MB Total Virtual: 2047.88 MB Available Virtual: 1993.54 MB ==================== Drives ================================ Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS Drive c: () (Fixed) (Total:146.6 GB) (Free:133.44 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (HITMANPRO) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32 Drive x: (ReatogoPE) (CDROM) (Total:0.28 GB) (Free:0 GB) CDFS ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (Size: 149 GB) (Disk ID: 5AC4A8C5) Partition 1: (Not Active) - (Size=2 GB) - (Type=12) Partition 2: (Active) - (Size=147 GB) - (Type=07 NTFS) ==================================================================== Disk: 1 (Size: 4 GB) (Disk ID: 0BBA1D82) Partition 1: (Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
