Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-10-2012 Ran by SYSTEM at 03-11-2012 14:15:39 Running from D:\ Microsoft Windows XP (X86) OS Language: English(US) The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.) HKLM\...\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe [77824 2005-10-14] (Intel Corporation) HKLM\...\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe [114688 2005-10-14] (Intel Corporation) HKLM\...\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe" [63048 2010-05-31] (LogMeIn, Inc.) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-09-23] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated) HKLM\...\Run: [Sophos AutoUpdate Monitor] C:\Program Files\Sophos\AutoUpdate\almon.exe [439536 2010-09-21] (Sophos Plc) HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard) HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947176 2012-09-12] (Microsoft Corporation) HKLM\...\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide [866584 2006-11-03] (Microsoft Corporation) HKU\admin\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation) HKU\Administrator\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [1695232 2008-04-14] (Microsoft Corporation) HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-14] (Microsoft Corporation) Winlogon\Notify\LMIinit: LMIinit.dll (LogMeIn, Inc.) Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation) ==================== Services (Whitelisted) =================== 2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation) 2 SAVAdminService; "C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe" [163056 2010-10-08] (Sophos Plc) 2 SAVService; "C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe" [97520 2010-06-04] (Sophos Plc) 2 Sophos AutoUpdate Service; "C:\Program Files\Sophos\AutoUpdate\ALsvc.exe" [232472 2012-04-11] (Sophos Plc) 2 swi_service; "C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe" [1543704 2012-02-21] (Sophos Plc) 2 WinDefend; "C:\Program Files\Windows Defender\MsMpEng.exe" [13592 2006-11-03] (Microsoft Corporation) 3 FontCache3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [x] 3 idsvc; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [x] 2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x] 2 MsMpSvc; "c:\Program Files\Microsoft Security Client\MsMpEng.exe" [x] 4 NetTcpPortSharing; "c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [x] ==================== Drivers (Whitelisted) ==================== 3 ati2mtag; C:\Windows\System32\DRIVERS\ati2mtag.sys [701440 2004-08-04] (ATI Technologies Inc.) 3 b57w2k; C:\Windows\System32\DRIVERS\b57xp32.sys [132608 2005-03-17] (Broadcom Corporation) 3 E1000; C:\Windows\System32\DRIVERS\e1000325.sys [163840 2005-06-29] (Intel Corporation) 3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2009-08-27] (HP) 3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2009-08-27] (HP) 3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2009-08-27] (HP) 3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [1302812 2005-10-14] (Intel Corporation) 0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [193552 2012-08-30] (Microsoft Corporation) 1 SAVOnAccessControl; C:\Windows\System32\DRIVERS\savonaccesscontrol.sys [153344 2010-10-08] (Sophos Plc) 1 SAVOnAccessFilter; C:\Windows\System32\DRIVERS\savonaccessfilter.sys [24064 2010-10-08] (Sophos Plc) 3 senfilt; C:\Windows\System32\drivers\senfilt.sys [732928 2004-09-17] (Creative Technology Ltd.) 4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [14976 2008-05-23] (Sophos Plc) 1 wvcgffsy; \??\C:\WINDOWS\system32\drivers\wvcgffsy.sys [43600 2012-10-30] (Microsoft Corporation) 3 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\Windows\System32\drivers\ialmsbw.sys [113504 2003-04-15] (Intel Corporation) 3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\Windows\System32\drivers\ialmkchw.sys [78752 2003-04-15] (Intel Corporation) 4 Abiosdsk; [x] 4 abp480n5; [x] 4 adpu160m; [x] 3 aeaudio; C:\Windows\System32\drivers\aeaudio.sys [x] 4 Aha154x; [x] 4 aic78u2; [x] 4 aic78xx; [x] 4 AliIde; [x] 4 amsint; [x] 4 asc; [x] 4 asc3350p; [x] 4 asc3550; [x] 4 Atdisk; [x] 4 cd20xrnt; [x] 1 Changer; [x] 4 CmdIde; [x] 4 Cpqarray; [x] 4 dac2w2k; [x] 4 dac960nt; [x] 4 dpti2o; [x] 4 hpn; [x] 4 hpt3xx; [x] 1 i2omgmt; [x] 4 i2omp; [x] 4 ini910u; [x] 4 IntelIde; [x] 1 lbrtfdc; [x] 4 LMIRfsClientNP; [x] 4 mraid35x; [x] 1 PCIDump; [x] 3 PDCOMP; [x] 3 PDFRAME; [x] 3 PDRELI; [x] 3 PDRFRAME; [x] 4 perc2; [x] 4 perc2hib; [x] 4 ql1080; [x] 4 Ql10wnt; [x] 4 ql12160; [x] 4 ql1240; [x] 4 ql1280; [x] 4 Simbad; [x] 4 Sparrow; [x] 4 symc810; [x] 4 symc8xx; [x] 4 sym_hi; [x] 4 sym_u3; [x] 4 TosIde; [x] 4 ultra; [x] 4 ViaIde; [x] 3 WDICA; [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2012-11-03 14:15 - 2012-11-03 14:15 - 00000000 ____D C:\FRST 2012-11-03 06:44 - 2012-11-03 06:44 - 00002974 ____N C:\bootex.log 2012-10-30 10:11 - 2012-10-30 10:11 - 00000639 ____A C:\Windows\wmsetup.log 2012-10-30 10:11 - 2012-10-30 10:11 - 00000000 ____D C:\Documents and Settings\janet\Local Settings\Application Data\LogMeIn 2012-10-30 10:11 - 2004-08-04 03:56 - 00221184 ____A (Microsoft Corporation) C:\Windows\System32\wmpns.dll 2012-10-30 10:10 - 2012-10-30 10:13 - 00000178 __ASH C:\Documents and Settings\janet\ntuser.ini 2012-10-30 10:10 - 2012-10-30 10:10 - 00070368 ____A C:\Documents and Settings\janet\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-10-30 10:10 - 2012-10-30 10:10 - 00000062 __ASH C:\Documents and Settings\janet\Local Settings\desktop.ini 2012-10-30 10:10 - 2011-10-11 03:04 - 00000000 ___HD C:\Documents and Settings\janet\Local Settings\Application Data\Microsoft Help 2012-10-30 10:10 - 2010-11-10 04:00 - 00000000 __SHD C:\Documents and Settings\janet\IETldCache 2012-10-30 10:10 - 2005-04-11 10:05 - 00000062 __ASH C:\Documents and Settings\janet\Application Data\desktop.ini 2012-10-30 09:55 - 2012-10-30 09:56 - 10669952 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.65.1.1000.exe 2012-10-30 09:50 - 2012-10-30 09:50 - 00000000 ____D C:\Program Files\Windows Defender 2012-10-30 09:36 - 2012-10-30 09:36 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job 2012-10-30 09:36 - 2012-10-30 09:36 - 00000366 ___AH C:\Windows\Tasks\MpIdleTask.job 2012-10-30 09:30 - 2012-10-30 09:30 - 00043600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wvcgffsy.sys 2012-10-30 09:28 - 2012-05-31 12:25 - 00237072 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2012-10-30 09:26 - 2012-10-30 09:26 - 00001945 ____A C:\Windows\epplauncher.mif 2012-10-30 09:26 - 2012-10-30 09:26 - 00000000 ____D C:\Windows\LastGood 2012-10-30 09:25 - 2012-10-30 09:26 - 00000000 ____D C:\Program Files\Microsoft Security Client 2012-10-25 13:02 - 2012-10-25 13:02 - 00000368 ___AH C:\Documents and Settings\All Users\Application Data\gkU5shlaKelapZ 2012-10-25 13:02 - 2012-10-25 13:02 - 00000168 ___AH C:\Documents and Settings\All Users\Application Data\-gkU5shlaKelapZr 2012-10-25 13:02 - 2012-10-25 13:02 - 00000144 ___AH C:\Documents and Settings\All Users\Application Data\-gkU5shlaKelapZ 2012-10-21 01:16 - 2012-10-20 01:16 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121021-011640.backup 2012-10-20 01:16 - 2012-10-19 01:18 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121020-011630.backup 2012-10-19 01:18 - 2012-08-21 01:17 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20121019-011814.backup 2012-10-18 13:44 - 2012-10-18 14:26 - 00016769 ___AH C:\Documents and Settings\Administrator\Desktop\NAME TAGS ON FILE (preprinted) 10.18.12.xls.xlsx 2012-10-18 09:52 - 2012-10-21 09:46 - 00000000 ____D C:\Program Files\Mozilla Firefox 2012-10-16 09:29 - 2012-10-16 09:39 - 00143771 ___AH C:\Documents and Settings\Administrator\Desktop\Copy of Burlington Commercial Bus - small - midsize.xlsx 2012-10-11 15:52 - 2012-10-11 15:52 - 00000000 __HDC C:\Windows\$NtUninstallKB2724197$ 2012-10-11 15:48 - 2012-10-11 15:48 - 00004954 ___AH C:\Windows\KB2756822.log 2012-10-11 15:48 - 2012-10-11 15:48 - 00000000 __HDC C:\Windows\$NtUninstallKB2756822$ 2012-10-11 15:47 - 2012-10-11 15:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2749655$ 2012-10-11 15:47 - 2012-10-11 15:47 - 00000000 __HDC C:\Windows\$NtUninstallKB2661254-v2$ 2012-10-11 08:41 - 2012-10-11 15:52 - 00014804 ___AH C:\Windows\KB2724197.log 2012-10-11 08:40 - 2012-10-11 15:47 - 00013415 ___AH C:\Windows\KB2749655.log 2012-10-11 08:40 - 2012-10-11 15:47 - 00013308 ___AH C:\Windows\KB2661254-v2.log ==================== 3 Months Modified Files ================== 2012-11-03 06:44 - 2012-11-03 06:44 - 00002974 ____N C:\bootex.log 2012-10-30 10:13 - 2012-10-30 10:10 - 00000178 __ASH C:\Documents and Settings\janet\ntuser.ini 2012-10-30 10:13 - 2006-07-13 18:36 - 01794078 ___AH C:\Windows\WindowsUpdate.log 2012-10-30 10:13 - 2005-04-11 14:23 - 00032604 ___AH C:\Windows\SchedLgU.Txt 2012-10-30 10:13 - 2005-04-11 14:15 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2012-10-30 10:11 - 2012-10-30 10:11 - 00000639 ____A C:\Windows\wmsetup.log 2012-10-30 10:10 - 2012-10-30 10:10 - 00070368 ____A C:\Documents and Settings\janet\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-10-30 10:10 - 2012-10-30 10:10 - 00000062 __ASH C:\Documents and Settings\janet\Local Settings\desktop.ini 2012-10-30 10:10 - 2005-04-11 14:23 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini 2012-10-30 10:10 - 2002-06-25 15:34 - 00002206 ___AH C:\Windows\System32\wpa.dbl 2012-10-30 10:09 - 2010-10-15 18:48 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{1B691BCB-CB03-420E-AEBE-3972E42590E6}.job 2012-10-30 09:56 - 2012-10-30 09:55 - 10669952 ____A (Malwarebytes Corporation ) C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.65.1.1000.exe 2012-10-30 09:36 - 2012-10-30 09:36 - 00000384 ___AH C:\Windows\Tasks\Microsoft Antimalware Scheduled Scan.job 2012-10-30 09:36 - 2012-10-30 09:36 - 00000366 ___AH C:\Windows\Tasks\MpIdleTask.job 2012-10-30 09:30 - 2012-10-30 09:30 - 00043600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\wvcgffsy.sys 2012-10-30 09:26 - 2012-10-30 09:26 - 00001945 ____A C:\Windows\epplauncher.mif 2012-10-30 09:18 - 2010-10-22 16:18 - 00072792 ___AH C:\Windows\setupapi.log 2012-10-30 09:18 - 2010-09-21 13:58 - 00000438 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{82430B39-5619-42F3-87FB-FC9C20140316}.job 2012-10-30 09:14 - 2005-04-11 14:23 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2012-10-30 09:14 - 2005-04-11 14:23 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2012-10-30 09:14 - 2005-04-11 14:23 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini 2012-10-25 13:02 - 2012-10-25 13:02 - 00000368 ___AH C:\Documents and Settings\All Users\Application Data\gkU5shlaKelapZ 2012-10-25 13:02 - 2012-10-25 13:02 - 00000168 ___AH C:\Documents and Settings\All Users\Application Data\-gkU5shlaKelapZr 2012-10-25 13:02 - 2012-10-25 13:02 - 00000144 ___AH C:\Documents and Settings\All Users\Application Data\-gkU5shlaKelapZ 2012-10-25 12:58 - 2010-10-15 16:03 - 00131072 ___AH C:\Windows\System32\config\OAlerts.evt 2012-10-25 10:00 - 2010-10-15 16:03 - 00002459 ___AH C:\Documents and Settings\Administrator\Desktop\Microsoft Excel 2010.lnk 2012-10-23 13:02 - 2010-10-15 16:03 - 00002501 ___AH C:\Documents and Settings\Administrator\Desktop\Microsoft Word 2010.lnk 2012-10-21 01:16 - 2010-10-15 16:52 - 00000346 ___AH C:\Windows\Tasks\Spybot - Search & Destroy - Scheduled Task.job 2012-10-21 00:30 - 2010-10-15 16:52 - 00000330 ___AH C:\Windows\Tasks\Spybot - Search & Destroy Updater - Scheduled Task.job 2012-10-20 23:06 - 2010-10-15 21:30 - 00000518 ___AH C:\Windows\Tasks\Auslogics Disk Defrag Disk Defrag Console Defragmentation.job 2012-10-20 01:16 - 2012-10-21 01:16 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121021-011640.backup 2012-10-19 01:18 - 2012-10-20 01:16 - 00444586 __RAH C:\Windows\System32\Drivers\etc\hosts.20121020-011630.backup 2012-10-18 15:29 - 2010-10-22 15:56 - 00000216 ___AH C:\Windows\wiadebug.log 2012-10-18 15:29 - 2010-10-22 15:56 - 00000050 ___AH C:\Windows\wiaservc.log 2012-10-18 14:26 - 2012-10-18 13:44 - 00016769 ___AH C:\Documents and Settings\Administrator\Desktop\NAME TAGS ON FILE (preprinted) 10.18.12.xls.xlsx 2012-10-16 11:22 - 2012-03-22 11:35 - 00000470 ___AH C:\Documents and Settings\Administrator\Desktop\shared documents on BACC President (Director).lnk 2012-10-16 09:39 - 2012-10-16 09:29 - 00143771 ___AH C:\Documents and Settings\Administrator\Desktop\Copy of Burlington Commercial Bus - small - midsize.xlsx 2012-10-11 15:52 - 2012-10-11 08:41 - 00014804 ___AH C:\Windows\KB2724197.log 2012-10-11 15:52 - 2010-10-15 21:56 - 00726852 ___AH C:\Windows\iis6.log 2012-10-11 15:52 - 2010-10-15 21:56 - 00680126 ___AH C:\Windows\FaxSetup.log 2012-10-11 15:52 - 2010-10-15 21:56 - 00325160 ___AH C:\Windows\ocgen.log 2012-10-11 15:52 - 2010-10-15 21:56 - 00310310 ___AH C:\Windows\tsoc.log 2012-10-11 15:52 - 2010-10-15 21:56 - 00223477 ___AH C:\Windows\comsetup.log 2012-10-11 15:52 - 2010-10-15 21:56 - 00205214 ___AH C:\Windows\msmqinst.log 2012-10-11 15:52 - 2010-10-15 21:56 - 00135578 ___AH C:\Windows\ntdtcsetup.log 2012-10-11 15:52 - 2010-10-15 21:56 - 00119130 ___AH C:\Windows\netfxocm.log 2012-10-11 15:52 - 2010-10-15 21:56 - 00046750 ___AH C:\Windows\MedCtrOC.log 2012-10-11 15:52 - 2010-10-15 21:56 - 00037620 ___AH C:\Windows\ocmsn.log 2012-10-11 15:52 - 2010-10-15 21:56 - 00034210 ___AH C:\Windows\tabletoc.log 2012-10-11 15:52 - 2010-10-15 21:56 - 00033990 ___AH C:\Windows\msgsocm.log 2012-10-11 15:52 - 2010-10-15 21:56 - 00001393 ___AH C:\Windows\imsins.log 2012-10-11 15:48 - 2012-10-11 15:48 - 00004954 ___AH C:\Windows\KB2756822.log 2012-10-11 15:48 - 2010-10-15 21:56 - 00001393 ___AH C:\Windows\imsins.BAK 2012-10-11 15:48 - 2007-02-23 19:53 - 00737562 __AHC C:\Windows\System32\TZLog.log 2012-10-11 15:47 - 2012-10-11 08:40 - 00013415 ___AH C:\Windows\KB2749655.log 2012-10-11 15:47 - 2012-10-11 08:40 - 00013308 ___AH C:\Windows\KB2661254-v2.log 2012-10-11 15:47 - 2010-10-15 21:56 - 00050558 ___AH C:\Windows\updspapi.log 2012-09-29 19:54 - 2010-10-15 16:19 - 00022856 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-09-28 00:32 - 2006-07-13 19:40 - 62968832 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2012-09-25 15:08 - 2012-09-25 15:06 - 00015859 ___AH C:\Windows\KB2744842-IE8.log 2012-09-12 16:43 - 2012-09-12 16:42 - 00006706 ___AH C:\Windows\KB2736233.log 2012-09-11 08:34 - 2007-01-29 04:58 - 00046080 ___AH (Microsoft Corporation) C:\Windows\System32\tzchange.exe 2012-08-30 22:03 - 2012-08-30 22:03 - 00193552 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\MpFilter.sys 2012-08-28 20:44 - 2007-06-27 10:34 - 11111424 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ieframe.dll 2012-08-28 20:44 - 2006-11-08 01:03 - 11111424 ___AH (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2012-08-28 11:14 - 2012-06-14 09:59 - 00521728 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\jsdbgui.dll 2012-08-28 11:14 - 2010-09-21 13:38 - 00743424 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\iedvtool.dll 2012-08-28 11:14 - 2010-09-21 13:38 - 00247808 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ieproxy.dll 2012-08-28 11:14 - 2010-09-21 13:38 - 00012800 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\xpshims.dll 2012-08-28 11:14 - 2007-06-27 10:34 - 02000384 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\iertutil.dll 2012-08-28 11:14 - 2007-06-27 10:34 - 00630272 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\msfeeds.dll 2012-08-28 11:14 - 2007-06-27 10:34 - 00055296 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\msfeedsbs.dll 2012-08-28 11:14 - 2006-11-08 01:03 - 00630272 ___AH (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2012-08-28 11:14 - 2006-11-08 01:03 - 00055296 ___AH (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2012-08-28 11:14 - 2006-11-07 07:27 - 00387584 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\iedkcs32.dll 2012-08-28 11:14 - 2006-10-17 16:05 - 01469440 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\inetcpl.cpl 2012-08-28 11:14 - 2006-10-17 16:05 - 00105984 __AHC (Microsoft Corporation) C:\Windows\System32\dllcache\url.dll 2012-08-28 11:14 - 2006-10-17 16:04 - 00206848 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\occache.dll 2012-08-28 11:14 - 2006-10-17 15:57 - 02000384 ___AH (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2012-08-28 11:14 - 2006-05-19 11:08 - 06008832 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtml.dll 2012-08-28 11:14 - 2006-05-10 01:23 - 01212416 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\urlmon.dll 2012-08-28 11:14 - 2006-05-10 01:23 - 00916992 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\wininet.dll 2012-08-28 11:14 - 2006-05-10 01:23 - 00611840 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\mstime.dll 2012-08-28 11:14 - 2006-05-10 01:23 - 00067072 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\mshtmled.dll 2012-08-28 11:14 - 2006-05-10 01:22 - 00184320 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\iepeers.dll 2012-08-28 11:14 - 2006-05-10 01:22 - 00025600 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\jsproxy.dll 2012-08-28 11:14 - 2005-04-11 15:27 - 06008832 ___AH (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2012-08-28 11:14 - 2005-04-11 15:27 - 01469440 ____H (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2012-08-28 11:14 - 2005-04-11 15:27 - 00611840 ____H (Microsoft Corporation) C:\Windows\System32\mstime.dll 2012-08-28 11:14 - 2005-04-11 15:27 - 00387584 ____H (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2012-08-28 11:14 - 2005-04-11 15:27 - 00184320 ___AH (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2012-08-28 11:14 - 2005-04-11 15:27 - 00067072 ____H (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2012-08-28 11:14 - 2005-04-11 15:27 - 00043520 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\licmgr10.dll 2012-08-28 11:14 - 2005-04-11 15:27 - 00043520 ____H (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2012-08-28 11:14 - 2005-04-11 15:26 - 01212416 ___AH (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2012-08-28 11:14 - 2005-04-11 15:26 - 00916992 ___AH (Microsoft Corporation) C:\Windows\System32\wininet.dll 2012-08-28 11:14 - 2005-04-11 15:26 - 00105984 ___AH (Microsoft Corporation) C:\Windows\System32\url.dll 2012-08-28 11:14 - 2002-06-25 15:20 - 00206848 ____H (Microsoft Corporation) C:\Windows\System32\occache.dll 2012-08-28 11:14 - 2002-06-25 15:09 - 00025600 ___AH (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2012-08-28 08:07 - 2006-11-07 07:26 - 00174080 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ie4uinit.exe 2012-08-28 08:07 - 2006-07-13 18:24 - 00385024 ___AH (Microsoft Corporation) C:\Windows\System32\html.iec 2012-08-28 08:07 - 2005-04-11 15:27 - 00174080 ____H (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2012-08-24 09:53 - 2009-12-24 02:59 - 00177664 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\wintrust.dll 2012-08-24 09:53 - 2002-06-25 15:33 - 00177664 ___AH (Microsoft Corporation) C:\Windows\System32\wintrust.dll 2012-08-21 09:33 - 2008-10-24 09:16 - 02148864 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlmp.exe 2012-08-21 09:33 - 2002-06-25 15:19 - 02148864 ___AH (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2012-08-21 09:29 - 2008-10-24 09:16 - 02192896 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ntoskrnl.exe 2012-08-21 08:58 - 2008-10-24 09:16 - 02069632 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrnlpa.exe 2012-08-21 08:58 - 2008-10-24 09:16 - 02027520 ___HC (Microsoft Corporation) C:\Windows\System32\dllcache\ntkrpamp.exe 2012-08-21 08:58 - 2002-06-25 15:19 - 02027520 ___AH (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2012-08-21 01:17 - 2012-10-19 01:18 - 00444056 __RAH C:\Windows\System32\Drivers\etc\hosts.20121019-011814.backup 2012-08-20 10:39 - 2005-04-11 10:04 - 00269392 ___AH C:\Windows\System32\FNTCACHE.DAT 2012-08-16 15:12 - 2012-08-16 09:11 - 00018018 ___AH C:\Windows\KB2712808.log 2012-08-16 15:11 - 2012-08-16 15:11 - 00012937 ___AH C:\Windows\KB2731847.log 2012-08-16 15:09 - 2012-08-16 09:10 - 00017612 ___AH C:\Windows\KB2705219.log 2012-08-16 15:08 - 2012-08-16 15:08 - 00011546 ___AH C:\Windows\KB2723135.log 2012-08-16 15:05 - 2012-08-16 15:04 - 00015910 ___AH C:\Windows\KB2722913-IE8.log 2012-08-16 14:07 - 2010-10-15 16:03 - 00002507 ___AH C:\Documents and Settings\Administrator\Desktop\Microsoft Publisher 2010.lnk 2012-08-07 12:04 - 2012-06-28 11:18 - 00183819 ___AH C:\Documents and Settings\Administrator\Desktop\Burlington Commercial Bus Rev 6.28.12 by noempl.xls.xlsx ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points (XP) ===================== RP: -> 2012-10-30 09:51 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP564 RP: -> 2012-10-30 09:50 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP563 RP: -> 2012-10-30 09:28 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP562 RP: -> 2012-10-24 14:27 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP561 RP: -> 2012-10-23 10:11 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP560 RP: -> 2012-10-20 15:24 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP559 RP: -> 2012-10-19 14:00 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP558 RP: -> 2012-10-18 11:52 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP557 RP: -> 2012-10-16 11:46 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP556 RP: -> 2012-10-11 15:46 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP555 RP: -> 2012-10-11 12:33 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP554 RP: -> 2012-10-04 09:55 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP553 RP: -> 2012-09-25 15:06 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP552 RP: -> 2012-09-25 12:43 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP551 RP: -> 2012-09-20 13:01 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP550 RP: -> 2012-09-18 12:03 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP549 RP: -> 2012-09-12 16:38 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP548 RP: -> 2012-09-11 12:46 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP547 RP: -> 2012-09-10 12:15 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP546 RP: -> 2012-09-07 13:44 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP545 RP: -> 2012-08-30 11:48 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP544 RP: -> 2012-08-28 10:26 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP543 RP: -> 2012-08-23 11:52 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP542 RP: -> 2012-08-21 11:39 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP541 RP: -> 2012-08-20 11:03 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP540 RP: -> 2012-08-16 15:03 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP539 RP: -> 2012-08-16 12:44 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP538 RP: -> 2012-08-14 11:44 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP537 RP: -> 2012-08-09 12:06 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP536 RP: -> 2012-08-07 12:27 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP535 RP: -> 2012-07-31 12:43 - 036864 _restore{5D9254FF-3847-4F96-A863-420E2FEC8E35}\RP534 ==================== Memory info =========================== Percentage of memory in use: 12% Total physical RAM: 2038.07 MB Available physical RAM: 1773.14 MB Total Pagefile: 1868.77 MB Available Pagefile: 1806.97 MB Total Virtual: 2047.88 MB Available Virtual: 2001.54 MB ==================== Partitions ============================= 2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS 3 Drive c: () (Fixed) (Total:74.5 GB) (Free:57.97 GB) NTFS ==>[Drive with boot components (Windows XP)] 4 Drive d: (TOUGHDRIVE) (Removable) (Total:1.87 GB) (Free:1.84 GB) FAT 5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 75 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 Primary 74 GB 32 KB Partition 2 Unknown 9 MB 74 GB ========================================================= Disk: 0 Partition 1 Type : 07 Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 C NTFS Partition 74 GB Healthy ========================================================= Disk: 0 Partition 2 Type : 17 (Suspicious Type) Hidden: Yes Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 Partition 9 MB Healthy ========================================================= ==================== End Of Log ============================