Run under the working XP system (SP2 - Drive C) with FRST.EXE resident on the infected drive (SP3 - Drive E). Generated FRST File ------------------------------- Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014 Ran by Gerry (administrator) on IBMPC on 23-06-2014 11:03:23 Running from E:\ Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe (Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe (Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe (Seagate) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2009-05-26] (Apple Inc.) Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com) HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0 Startup: C:\Documents and Settings\Gerry\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT Registry BU\AUTOBACK.EXE () HKLM\...\AppCertDlls: [rasplace] -> C:\WINDOWS\system32\igfxexec.dll BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restartlsdelete ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/ HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKCU - SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.) SearchScopes: HKCU - {91EBC6E5-4330-4CE2-844D-B2E7C1228DDE} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=667323&p={searchTerms} BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.) BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s2.work4sure.com/c/ge/w4sgeen9.exe DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350787723968 DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.) Handler: AutorunsDisabled\linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) Filter: text/html - {161e2552-9334-4002-bb72-ffe13ad9460b} - No File ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com) Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Gerry\Application Data\Mozilla\Firefox\Profiles\xcmy4qn3.default FF Homepage: hxxp://www.cnn.com/ FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ () FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-08-20] FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack [2012-08-29] ========================== Services (Whitelisted) ================= S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.) S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed] R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-06-21] (Sun Microsystems, Inc.) S4 KSafeSvc; C:\Program files\Kingsoft\PCDoctor\KSafeSvc.exe [290720 2012-04-10] (Kingsoft Corporation) R2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [951632 2009-03-09] (Lavasoft) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2008-04-08] (Motive Communications, Inc.) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [237008 2011-06-17] (McAfee, Inc.) R2 Net Driver HPZ12; C:\WINDOWS\System32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed] S2 PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed] R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.) R2 Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed] R2 SgtSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [845808 2011-06-30] (Seagate) S3 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206552 2005-01-21] (Symantec Corporation) ==================== Drivers (Whitelisted) ==================== S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2004-08-03] (Microsoft Corporation) S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1759584 2010-09-30] (Atheros Communications, Inc.) R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [17005 2003-05-28] (Adaptec) [File not signed] R3 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSFilter; C:\WINDOWS\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. ) R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. ) R3 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. ) R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [237408 2012-07-26] (AVG Technologies CZ, s.r.o.) R1 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [301920 2012-08-24] (AVG Technologies CZ, s.r.o.) R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed] S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2010-03-15] (Brother Industries Ltd.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation) R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [9336 2007-03-07] (Sonic Solutions) R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [9464 2007-03-07] (Sonic Solutions) R1 cdudf_xp; C:\WINDOWS\system32\Drivers\cdudf_xp.sys [241280 2009-06-23] (Roxio) [File not signed] R3 cmuda3; C:\WINDOWS\System32\drivers\cmudax3.sys [1516672 2009-06-19] (C-Media Inc) R3 dvd_2K; C:\WINDOWS\system32\Drivers\dvd_2K.sys [25930 2009-06-23] (Roxio) [File not signed] S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13192 2009-08-26] () [File not signed] S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [8456 2009-09-16] () [File not signed] R0 hotcore3; C:\WINDOWS\System32\DRIVERS\hotcore3.sys [40496 2008-12-13] (Paragon Software Group) R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2005-10-20] (HP) R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-20] (HP) R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-20] (HP) R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64160 2009-03-09] (Lavasoft AB) R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH) [File not signed] R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-23] (Malwarebytes Corporation) S3 mmc_2K; C:\WINDOWS\system32\Drivers\mmc_2K.sys [30662 2009-06-23] (Roxio) [File not signed] S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed] S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation) S3 P17; C:\WINDOWS\System32\drivers\P17.sys [1389056 2005-07-07] (Creative Technology Ltd.) R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed] R1 pwd_2K; C:\WINDOWS\system32\Drivers\pwd_2K.sys [144250 2009-06-23] (Roxio) [File not signed] R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [8944 2009-01-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed] S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2009-01-15] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed] R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [55024 2009-01-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed] S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] () R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [82136 2003-12-16] (Symantec Corporation) S3 SYMREDRV; C:\WINDOWS\system32\Drivers\SYMREDRV.SYS [26424 2005-01-21] (Symantec Corporation) R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [267384 2005-01-21] (Symantec Corporation) R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2009-06-17] (Acronis) R1 Udfreadr_xp; C:\WINDOWS\system32\Drivers\Udfreadr_xp.sys [206464 2009-06-23] (Roxio) [File not signed] R1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [32056 2008-12-13] (Windows ® 2000 DDK provider) R1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [129896 2008-12-13] (Paragon) R0 vididr; C:\WINDOWS\System32\DRIVERS\vididr.sys [125472 2012-09-06] (Acronis) R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [83392 2012-09-06] (Acronis) S4 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X] S4 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X] U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-03] (Microsoft Corporation) U5 UnlockerDriver5; C:\Program Files\File Unlocker\UnlockerDriver5.sys [4096 2009-10-26] () [File not signed] U1 WS2IFSL; S3 zlportio; \??\J:\_____DOWNLOADS\__SELECTED DOWNLOADS 03.05.04\DRIVER WIZARD - Good for set up\zlportio.sys [X] ========================== Drivers MD5 ======================= C:\WINDOWS\System32\DRIVERS\61883.sys 86D7B1E70661D754685B9AC6D749AAE5 C:\WINDOWS\System32\DRIVERS\ACPI.sys A10C7534F7223F4A73A948967D00E69B C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5 C:\WINDOWS\System32\drivers\aec.sys 841F385C6CFAF66B58FBD898722BB4F0 C:\WINDOWS\System32\drivers\afd.sys 5AC495F4CB807B2B98AD2AD591E6D92E C:\WINDOWS\System32\DRIVERS\athuw.sys 3BC98A53C0ABE3FEB3B2B9B3BD9E7AA5 C:\WINDOWS\System32\DRIVERS\arp1394.sys F0D692B0BFFB46E30EB3CEA168BBC49F C:\WINDOWS\system32\Drivers\Aspi32.sys ED8CEE58C1E4C5893F5B2FD686A272BF C:\WINDOWS\System32\DRIVERS\asyncmac.sys 02000ABF34AF4C218C35D257024807D6 C:\WINDOWS\System32\DRIVERS\atapi.sys CDFE4411A69C224BD1D11B2DA92DAC51 C:\WINDOWS\System32\DRIVERS\atmarpc.sys EC88DA854AB7D7752EC8BE11A741BB7F C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68 C:\WINDOWS\System32\DRIVERS\avc.sys 87C223ADB8F7596B31CAAE3C67B16DDD C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys 1074F787080068C71303B61FAE7E7CA4 C:\WINDOWS\System32\DRIVERS\avgidsfilterx.sys 61A7E0B02F82CFF3DB2445BBE50B3589 C:\WINDOWS\System32\DRIVERS\avgidshx.sys D63D83659EEDF60B3A3E620281A888E5 C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys BAF975B72062F53D327788E99D64197E C:\WINDOWS\System32\DRIVERS\avgldx86.sys DCB09125C8B4766A88C86914B65487C1 C:\WINDOWS\System32\DRIVERS\avgmfx86.sys CCDD61545AAEA265977E4B1EFDC74E8C C:\WINDOWS\System32\DRIVERS\avgrkx86.sys 1FD90B28D2C3100BF4500199C8AD6358 C:\WINDOWS\System32\DRIVERS\avgtdix.sys C0BC3B2E3FD625E7F55E1FF863E94592 C:\WINDOWS\System32\DRIVERS\b57xp32.sys 3A3A82FFD268BCFB7AE6A48CECF00AD9 C:\WINDOWS\System32\Drivers\BANTExt.sys 5D7BE7B19E827125E016325334E58FF1 C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9 C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys 92A964547B96D697E5E9ED43B4297F5A C:\WINDOWS\System32\DRIVERS\BrSerIb.sys 9F80879913DC2712FD0C4D734E3F519B C:\WINDOWS\System32\DRIVERS\BrUsbSIb.sys B67512DA42C0C90BF236D5485226C1C7 C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9 C:\WINDOWS\System32\DRIVERS\CCDECODE.sys 6163ED60B684BAB19D3352AB22FC48B2 C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B C:\WINDOWS\system32\Drivers\Cdfs.sys CD7D5152DF32B47F4E36F710B35AAE02 C:\WINDOWS\system32\Drivers\Cdr4_xp.sys 837EEF65AF62D4E8A37C41D3879F7274 C:\WINDOWS\system32\Drivers\Cdralw2k.sys 579DA2F9F5401F55DAE2CF8779D61DFC C:\WINDOWS\System32\DRIVERS\cdrom.sys AF9C19B3100FE010496B1A27181FBF72 C:\WINDOWS\system32\Drivers\cdudf_xp.sys 8C7746ACDE6225A46B58ED7AE09EC166 C:\WINDOWS\System32\drivers\cmudax3.sys 809980F0BFCEC2D3DDB3DBE8A2BD323B C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys 8DB84DE3AAB34A8B4C2F644EFF41CD76 C:\WINDOWS\System32\DRIVERS\disk.sys 00CA44E4534865F8A3B64F7C0984BFF0 C:\WINDOWS\System32\drivers\dmboot.sys C0FBB516E06E243F0CF31F597E7EBF7D C:\WINDOWS\System32\DRIVERS\dmio.sys F5E7B358A732D09F4BCF2824B88B9E28 C:\WINDOWS\system32\Drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F C:\WINDOWS\System32\drivers\DMusic.sys A6F881284AC1150E37D9AE47FF601267 C:\WINDOWS\System32\drivers\drmkaud.sys 1ED4DBBAE9F5D558DBBA4CC450E3EB2E C:\WINDOWS\system32\Drivers\dvd_2K.sys 800DE2DFA19DB3FD87AA95308BA0C17B C:\WINDOWS\System32\DRIVERS\e100b325.sys 3FCA03CBCA11269F973B70FA483C88EF C:\WINDOWS\system32\epmntdrv.sys F07BA56B0235F15EFF8F10DC6389C42E C:\WINDOWS\system32\EuGdiDrv.sys 1F2F4AB15CE03ECC257FEB2F6DC5A013 C:\WINDOWS\system32\Drivers\Fastfat.sys 3117F595E9615E04F05A54FC15A03B20 C:\WINDOWS\System32\DRIVERS\fdc.sys CED2E8396A8838E59D8FD529C680E02C C:\WINDOWS\system32\Drivers\Fips.sys E153AB8A11DE5452BCF5AC7652DBF3ED C:\WINDOWS\System32\DRIVERS\flpydisk.sys 0DD1DE43115B93F4D85E889D7A86F548 C:\WINDOWS\System32\drivers\fltmgr.sys 157754F0DF355A9E0A6F54721914F9C6 C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D C:\WINDOWS\System32\DRIVERS\msgpc.sys C0F1D4A21DE5A415DF8170616703DEBF C:\WINDOWS\System32\DRIVERS\hidusb.sys 1DE6783B918F540149AA69943BDFEBA8 C:\WINDOWS\System32\DRIVERS\hotcore3.sys 9E05F872290E5595AFD4871CDEE550A3 C:\WINDOWS\System32\DRIVERS\HPZid412.sys D03D10F7DED688FECF50F8FBF1EA9B8A C:\WINDOWS\System32\DRIVERS\HPZipr12.sys 89F41658929393487B6B7D13C8528CE3 C:\WINDOWS\System32\DRIVERS\HPZius12.sys ABCB05CCDBF03000354B9553820E39F8 C:\WINDOWS\System32\Drivers\HTTP.sys C19B522A9AE0BBC3293397F3055E80A1 C:\WINDOWS\System32\DRIVERS\i8042prt.sys 5502B58EEF7486EE6F93F3F164DCB808 C:\WINDOWS\System32\DRIVERS\ialmnt5.sys DA91F5385CFC8BA0F110F2FDE112B563 C:\WINDOWS\System32\drivers\Imapi.sys F8AA320C6A0409C0380E5D8A99D76EC6 C:\WINDOWS\System32\DRIVERS\intelide.sys 2D722B2B54AB55B2FA475EB58D7B2AAD C:\WINDOWS\System32\DRIVERS\intelppm.sys 279FB78702454DFF2BB445F238C048D2 C:\WINDOWS\System32\drivers\ip6fw.sys 4448006B6BC60E6C027932CFC38D6855 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182 C:\WINDOWS\System32\DRIVERS\ipinip.sys E1EC7F5DA720B640CD8FB8424F1B14BB C:\WINDOWS\System32\DRIVERS\ipnat.sys B5A8E215AC29D24D60B4D1250EF05ACE C:\WINDOWS\System32\DRIVERS\ipsec.sys 64537AA5C003A6AFEEE1DF819062D0D1 C:\WINDOWS\System32\DRIVERS\irenum.sys 50708DAA1B1CBB7D6AC1CF8F56A24410 C:\WINDOWS\System32\DRIVERS\isapnp.sys E504F706CCB699C2596E9A3DA1596E87 C:\WINDOWS\System32\DRIVERS\kbdclass.sys EBDEE8A2EE5393890A1ACEE971C4C246 C:\WINDOWS\System32\drivers\kmixer.sys D93CAD07C5683DB066B0B2D2D3790EAD C:\WINDOWS\system32\Drivers\KSecDD.sys EB7FFE87FD367EA8FCA0506F74A87FBB C:\WINDOWS\System32\DRIVERS\Lbd.sys 52320254D74EA11B6F129E7DF1016975 C:\WINDOWS\System32\DRIVERS\MarvinBus.sys A3E700D78EEC390F1208098CDCA5C6B6 C:\WINDOWS\system32\drivers\mbam.sys 8683C1B450F4B3872839308D836E0F92 C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 12E71DA845D76665B56753AD149E32B3 C:\WINDOWS\system32\Drivers\mmc_2K.sys 0A35AD036DE912858A1C5E9637840724 C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6 C:\WINDOWS\system32\Drivers\Modem.sys 6FC6F9D7ACC36DCA9B914565A3AEDA05 C:\WINDOWS\System32\DRIVERS\mouclass.sys 34E1F0031153E491910E12551400192C C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685 C:\WINDOWS\system32\Drivers\MountMgr.sys 65653F3B4477F3C63E68A9659F85EE2E C:\Program Files\Common Files\Motive\MREMP50.sys 9BD4DCB5412921864A7AACDEDFBD1923 C:\Program Files\Common Files\Motive\MRESP50.sys 07C02C892E8E1A72D6BF35004F0E9C5E C:\WINDOWS\System32\DRIVERS\mrxdav.sys 46EDCC8F2DB2F322C24F48785CB46366 C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 1FD607FC67F7F7C633C3DA65BFC53D18 C:\WINDOWS\System32\DRIVERS\msdv.sys 6DD721DFD2648F3F6D5808B5BA6CB095 C:\WINDOWS\system32\Drivers\Msfs.sys 561B3A4333CA2DBDBA28B5B956822519 C:\WINDOWS\System32\drivers\MSKSSRV.sys AE431A8DD3C1D0D0610CDBAC16057AD0 C:\WINDOWS\System32\drivers\MSPCLOCK.sys 13E75FEF9DFEB08EEDED9D0246E1F448 C:\WINDOWS\System32\drivers\MSPQM.sys 1988A33FF19242576C3D0EF9CE785DA7 C:\WINDOWS\System32\DRIVERS\mssmbios.sys 469541F8BFD2B32659D5D463A6714BCE C:\WINDOWS\System32\drivers\MSTEE.sys BF13612142995096AB084F2DB7F40F77 C:\WINDOWS\system32\Drivers\Mup.sys 82035E0F41C2DD05AE41D27FE6CF7DE1 C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys 5C8DC6429C43DC6177C1FA5B76290D1A C:\WINDOWS\system32\Drivers\NDIS.sys 558635D3AF1C7546D26067D5D9B6959E C:\WINDOWS\System32\DRIVERS\NdisIP.sys 520CE427A8B298F54112857BCF6BDE15 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 08D43BBDACDF23F34D79E44ED35C1B4C C:\WINDOWS\System32\DRIVERS\ndisuio.sys 34D6CD56409DA9A7ED573E1C90A308BF C:\WINDOWS\System32\DRIVERS\ndiswan.sys 0B90E255A9490166AB368CD55A529893 C:\WINDOWS\system32\Drivers\NDProxy.sys 59FC3FB44D2669BC144FD87826BB571F C:\WINDOWS\System32\DRIVERS\netbios.sys 3A2ACA8FC1D7786902CA434998D7CEB4 C:\WINDOWS\System32\DRIVERS\netbt.sys 0C80E410CD2F47134407EE7DD19CC86B C:\WINDOWS\System32\DRIVERS\nic1394.sys 5C5C53DB4FEF16CF87B9911C7E8C6FBC C:\WINDOWS\system32\Drivers\Npfs.sys 4F601BCB8F64EA3AC0994F98FED03F8E C:\WINDOWS\system32\Drivers\Ntfs.sys B78BE402C3F63DD55521F73876951CDD C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57 C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9 C:\WINDOWS\System32\DRIVERS\ohci1394.sys 0951DB8E5823EA366B0E408D71E1BA2A C:\WINDOWS\System32\DRIVERS\ctoss2k.sys 103A9B117A7D9903111955CDAFE65AC6 C:\WINDOWS\System32\drivers\P17.sys 1DB419CB76493F6292CCFBDC3466F5FF C:\WINDOWS\System32\DRIVERS\parport.sys 29744EB4CE659DFE3B4122DEB45BC478 C:\WINDOWS\system32\Drivers\PartMgr.sys 3334430C29DC338092F79C38EF7B4CD0 C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1 C:\WINDOWS\System32\DRIVERS\pci.sys 8086D9979234B603AD5BC2F5D890B234 C:\WINDOWS\system32\Drivers\PCIIde.sys CCF5F451BB1A5A2A522A76E670000FF0 C:\WINDOWS\system32\Drivers\Pcmcia.sys 82A087207DECEC8456FBE8537947D579 C:\WINDOWS\System32\drivers\pfc.sys 444F122E68DB44C0589227781F3C8B3F C:\WINDOWS\System32\DRIVERS\raspptp.sys 1C5CC65AAC0783C344F16353E60B72AC C:\WINDOWS\System32\DRIVERS\processr.sys 0D97D88720A4087EC93AF7DBB303B30A C:\WINDOWS\System32\DRIVERS\psched.sys 48671F327553DCF1D27F6197F622A668 C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD C:\WINDOWS\system32\Drivers\pwd_2K.sys 1840112F3F3B7ECE84DBBD93A70C4135 C:\WINDOWS\System32\Drivers\PxHelp20.sys E42E3433DBB4CFFE8FDD91EAB29AEA8E C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 98FAEB4A4DCF812BA1C6FCA4AA3E115C C:\WINDOWS\System32\DRIVERS\raspppoe.sys 7306EEED8895454CBED4669BE9F79FAA C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242 C:\WINDOWS\System32\DRIVERS\rdbss.sys 29D66245ADBA878FFF574CD66ABD2884 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332 C:\WINDOWS\System32\DRIVERS\rdpdr.sys A2CAE2C60BC37E0751EF9DDA7CEAF4AD C:\WINDOWS\system32\Drivers\RDPWD.sys D4F5643D7714EF499AE9527FDCD50894 C:\WINDOWS\System32\DRIVERS\redbook.sys B31B4588E4086D8D84ADBF9845C2402B C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS C030C9A39E85B6F04A8DD25D1A50258A C:\Program Files\SUPERAntiSpyware\SASENUM.SYS E9C2D75C748C3F0A4C34D6CF2AE1D754 C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 64C100DBF57C6CB6E7D5D24153F5E444 C:\WINDOWS\System32\DRIVERS\secdrv.sys D26E26EA516450AF9D072635C60387F4 C:\WINDOWS\System32\DRIVERS\serenum.sys A2D868AEEFF612E70E213C451A70CAFB C:\WINDOWS\System32\DRIVERS\serial.sys CD9404D115A00D249F70A371B46D5A26 C:\WINDOWS\system32\Drivers\Sfloppy.sys 0D13B6DF6E9E101013A7AFB0CE629FE0 C:\WINDOWS\System32\DRIVERS\SLIP.sys 5CAEED86821FA2C6139E32E9E05CCDC9 C:\WINDOWS\System32\drivers\smwdm.sys 1319EA66A96250D59665D133C0FF7CD0 C:\WINDOWS\System32\DRIVERS\snapman.sys 98B44C15B4EED76AA8DCCB64A4CA11AF C:\WINDOWS\System32\drivers\splitter.sys 8E186B8F23295D1E42C573B82B80D548 C:\WINDOWS\System32\DRIVERS\sr.sys E41B6D037D6CD08461470AF04500DC24 C:\WINDOWS\System32\DRIVERS\srv.sys 20B7E396720353E4117D64D9DCB926CA C:\WINDOWS\System32\DRIVERS\StreamIP.sys 284C57DF5DC7ABCA656BC2B96A667AFB C:\WINDOWS\System32\DRIVERS\swenum.sys 03C1BAE4766E2450219D20B993D6E046 C:\WINDOWS\System32\drivers\swmidi.sys 94ABC808FC4B6D7D2BBF42B85E25BB4D C:\Program Files\Symantec\SYMEVENT.SYS 05D9613EFE7809E384C10DA26958DFA4 C:\WINDOWS\system32\Drivers\SYMREDRV.SYS F26E71125DA173D57CABA3457C5E48CF C:\WINDOWS\System32\Drivers\SYMTDI.SYS 23B6ADBAA7026C53B5EF102E56750B13 C:\WINDOWS\System32\drivers\sysaudio.sys 650AD082D46BAC0E64C9C0E0928492FD C:\WINDOWS\System32\DRIVERS\tcpip.sys 9F4B36614A0FC234525BA224957DE55C C:\WINDOWS\system32\Drivers\TDPIPE.sys 38D437CF2D98965F239B0ABCD66DCB0F C:\WINDOWS\system32\Drivers\TDTCP.sys ED0580AF02502D00AD8C4C066B156BE9 C:\WINDOWS\System32\DRIVERS\termdd.sys A540A99C281D933F3D69D55E48727F47 C:\WINDOWS\System32\DRIVERS\tifsfilt.sys B0B3122BFF3910E0BA97014045467778 C:\WINDOWS\System32\DRIVERS\timntr.sys D8A96D0E25D43FDAC3BED09ADF39FDE9 C:\WINDOWS\system32\Drivers\Udfreadr_xp.sys E1B5BFBA7F1CDE1FC28934639E83B3CF C:\WINDOWS\system32\Drivers\Udfs.sys 12F70256F140CD7D52C58C7048FDE657 C:\WINDOWS\System32\DRIVERS\UimBus.sys D0C236D113FBFE0B1B89B63AFE472349 C:\WINDOWS\System32\Drivers\Uim_IM.sys 8200DAB350CFCA0617DB28440294E5B4 C:\WINDOWS\System32\DRIVERS\update.sys AFF2E5045961BBC0A602BB6F95EB1345 C:\WINDOWS\System32\DRIVERS\usbccgp.sys BFFD9F120CC63BCBAA3D840F3EEF9F79 C:\WINDOWS\System32\DRIVERS\usbehci.sys 15E993BA2F6946B2BFBBFCD30398621E C:\WINDOWS\System32\DRIVERS\usbhub.sys C72F40947F92CEA56A8FB532EDF025F1 C:\WINDOWS\System32\DRIVERS\usbohci.sys BDFE799A8531BAD8A5A985821FE78760 C:\WINDOWS\System32\DRIVERS\usbprint.sys A42369B7CD8886CD7C70F33DA6FCBCF5 C:\WINDOWS\System32\DRIVERS\usbscan.sys A6BC71402F4F7DD5B77FD7F4A8DDBA85 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 6CD7B22193718F1D17A47A1CD6D37E75 C:\WINDOWS\System32\DRIVERS\usbuhci.sys F8FD1400092E23C8F2F31406EF06167B C:\WINDOWS\System32\drivers\vga.sys 8A60EDD72B4EA5AEA8202DAF0E427925 C:\WINDOWS\System32\DRIVERS\vididr.sys 149EC3E217F9D11E9CA6C54CE3D70C73 C:\WINDOWS\System32\DRIVERS\vsflt53.sys E31E9CD40677B84B3ADAA7A0D80DC439 C:\WINDOWS\system32\Drivers\VolSnap.sys EE4660083DEBA849FF6C485D944B379B C:\WINDOWS\System32\DRIVERS\wanarp.sys 984EF0B9788ABF89974CFED4BFBAACBC C:\WINDOWS\System32\drivers\wdmaud.sys 2797F33EBF50466020C430EE4F037933 C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS D5842484F05E12121C511AA93F6439EC ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-23 01:40 - 2014-06-23 10:58 - 00000000 _____ () C:\Documents and Settings\Gerry\ntuser.tmp 2014-06-22 23:49 - 2014-06-23 01:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Active@ ISO Burner 2014-06-22 23:49 - 2014-06-22 23:49 - 00000000 ____D () C:\Program Files\ISO BURNER - LSoft Technologies 2014-06-18 21:34 - 2014-06-18 21:35 - 00002416 _____ () C:\Documents and Settings\Gerry\Desktop\Rkill.txt 2014-06-16 03:14 - 2014-06-16 03:14 - 00000293 _____ () C:\WINDOWS\wmsetup.log 2014-06-16 02:23 - 2014-06-16 02:23 - 00000846 _____ () C:\Documents and Settings\Gerry\Desktop\SyncBack.exe.lnk 2014-06-12 14:46 - 2014-06-23 11:03 - 00000000 ____D () C:\FRST 2014-06-12 12:57 - 2014-06-12 12:57 - 00000885 _____ () C:\Documents and Settings\Gerry\Desktop\Creatr50.exe.lnk 2014-06-12 12:45 - 2014-06-12 12:45 - 00221408 _____ (Adaptec) C:\WINDOWS\system32\Drivers\cdudf.sys 2014-06-12 12:45 - 2014-06-12 12:45 - 00045056 _____ (Adaptec) C:\WINDOWS\system32\cdr4dll.dll 2014-06-12 12:25 - 2014-06-12 12:35 - 00000000 ____D () C:\Program Files\Registrar Registry Manager 2014-06-12 08:20 - 2014-06-12 08:20 - 00000000 ____D () C:\WINDOWS\ERDNT 2014-06-12 07:15 - 2014-06-12 07:15 - 00030584 _____ () C:\Documents and Settings\Gerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-06-12 06:51 - 2014-06-12 06:52 - 00000000 ____D () C:\Program Files\ERUNT Registry BU 2014-06-12 06:51 - 2014-06-12 06:51 - 00000699 _____ () C:\Documents and Settings\Gerry\Desktop\NTREGOPT.lnk 2014-06-12 06:51 - 2014-06-12 06:51 - 00000680 _____ () C:\Documents and Settings\Gerry\Desktop\ERUNT.lnk 2014-06-12 06:51 - 2014-06-12 06:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT 2014-06-12 00:19 - 2014-06-23 11:02 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-12 00:18 - 2014-06-12 00:18 - 00000801 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-12 00:18 - 2014-06-12 00:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-06-12 00:18 - 2014-06-12 00:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-06-12 00:18 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-06-12 00:18 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys ==================== One Month Modified Files and Folders ======= 2014-06-23 11:03 - 2014-06-12 14:46 - 00000000 ____D () C:\FRST 2014-06-23 11:03 - 2009-06-16 23:44 - 00000000 ____D () C:\Documents and Settings\Gerry\Local Settings\Temp 2014-06-23 11:02 - 2014-06-12 00:19 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-23 11:02 - 2009-06-17 06:58 - 00402774 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-23 11:01 - 2012-10-20 00:06 - 00011048 _____ () C:\aaw7boot.log 2014-06-23 11:01 - 2012-08-27 01:36 - 00000282 _____ () C:\WINDOWS\Tasks\KsafeDelay.job 2014-06-23 11:01 - 2009-08-16 00:25 - 00000000 __SHD () C:\WINDOWS\CSC 2014-06-23 11:01 - 2009-08-02 21:08 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-23 11:01 - 2009-06-16 23:40 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-06-23 11:01 - 2009-06-16 19:24 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-06-23 11:01 - 2009-06-16 19:24 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-06-23 10:58 - 2014-06-23 01:40 - 00000000 _____ () C:\Documents and Settings\Gerry\ntuser.tmp 2014-06-23 10:56 - 2009-11-09 23:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-06-23 10:47 - 2009-06-16 23:44 - 00001531 _____ () C:\Documents and Settings\Gerry\Desktop\Notepad.lnk 2014-06-23 10:31 - 2009-08-02 21:08 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-23 10:28 - 2009-06-16 19:23 - 00474832 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-06-23 09:07 - 2001-08-23 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-06-23 01:34 - 2014-06-22 23:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Active@ ISO Burner 2014-06-23 01:33 - 2009-09-18 17:35 - 00003054 _____ () C:\devicetable.log 2014-06-22 23:49 - 2014-06-22 23:49 - 00000000 ____D () C:\Program Files\ISO BURNER - LSoft Technologies 2014-06-22 08:41 - 2009-06-16 23:38 - 00000000 ____D () C:\Program Files\Outlook Express 2014-06-22 08:37 - 2012-08-20 16:01 - 00000026 _____ () C:\WINDOWS\Zone.Identifier 2014-06-22 01:20 - 2009-06-16 23:44 - 00000278 ___SH () C:\Documents and Settings\Gerry\ntuser.ini 2014-06-22 01:20 - 2009-06-16 23:42 - 00032498 _____ () C:\WINDOWS\SchedLgU.Txt 2014-06-22 01:19 - 2009-06-16 23:44 - 00000000 ____D () C:\Documents and Settings\Gerry 2014-06-21 18:06 - 2012-10-21 01:32 - 00213630 _____ () C:\WINDOWS\setupapi.log 2014-06-21 12:53 - 2009-06-25 23:11 - 00000000 ____D () C:\Documents and Settings\Gerry\Application Data\Image Zone Express 2014-06-21 12:38 - 2009-06-25 23:23 - 00000000 ____D () C:\Documents and Settings\Gerry\My Documents\My Scans 2014-06-18 21:35 - 2014-06-18 21:34 - 00002416 _____ () C:\Documents and Settings\Gerry\Desktop\Rkill.txt 2014-06-18 21:16 - 2009-06-16 19:17 - 00000000 ____D () C:\WINDOWS\Help 2014-06-18 13:56 - 2009-06-18 17:33 - 00190464 _____ () C:\Documents and Settings\Gerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-06-18 08:17 - 2009-06-17 07:33 - 00000000 ____D () C:\Documents and Settings\Gerry\Local Settings\Application Data\CutePDF Writer 2014-06-16 22:39 - 2012-10-19 22:40 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job 2014-06-16 03:14 - 2014-06-16 03:14 - 00000293 _____ () C:\WINDOWS\wmsetup.log 2014-06-16 03:14 - 2009-06-16 23:44 - 00000816 _____ () C:\Documents and Settings\Gerry\Start Menu\Programs\Windows Media Player.lnk 2014-06-16 02:23 - 2014-06-16 02:23 - 00000846 _____ () C:\Documents and Settings\Gerry\Desktop\SyncBack.exe.lnk 2014-06-13 05:52 - 2009-06-16 19:17 - 00000000 ____D () C:\WINDOWS\security 2014-06-12 12:57 - 2014-06-12 12:57 - 00000885 _____ () C:\Documents and Settings\Gerry\Desktop\Creatr50.exe.lnk 2014-06-12 12:45 - 2014-06-12 12:45 - 00221408 _____ (Adaptec) C:\WINDOWS\system32\Drivers\cdudf.sys 2014-06-12 12:45 - 2014-06-12 12:45 - 00045056 _____ (Adaptec) C:\WINDOWS\system32\cdr4dll.dll 2014-06-12 12:35 - 2014-06-12 12:25 - 00000000 ____D () C:\Program Files\Registrar Registry Manager 2014-06-12 08:20 - 2014-06-12 08:20 - 00000000 ____D () C:\WINDOWS\ERDNT 2014-06-12 07:15 - 2014-06-12 07:15 - 00030584 _____ () C:\Documents and Settings\Gerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2014-06-12 06:52 - 2014-06-12 06:51 - 00000000 ____D () C:\Program Files\ERUNT Registry BU 2014-06-12 06:51 - 2014-06-12 06:51 - 00000699 _____ () C:\Documents and Settings\Gerry\Desktop\NTREGOPT.lnk 2014-06-12 06:51 - 2014-06-12 06:51 - 00000680 _____ () C:\Documents and Settings\Gerry\Desktop\ERUNT.lnk 2014-06-12 06:51 - 2014-06-12 06:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT 2014-06-12 02:12 - 2009-09-13 14:53 - 00000000 ____D () C:\Program Files\Shared 2014-06-12 00:18 - 2014-06-12 00:18 - 00000801 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-06-12 00:18 - 2014-06-12 00:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-06-12 00:18 - 2014-06-12 00:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-06-11 22:43 - 2009-06-18 14:29 - 00000000 ____D () C:\Documents and Settings\Gerry\Local Settings\Application Data\Google 2014-06-11 22:19 - 2009-06-16 23:38 - 00000000 ____D () C:\WINDOWS\system32\Restore ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================ Generated ADDITION file ---------------------------------------- Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-06-2014 Ran by Gerry at 2014-06-23 11:04:22 Running from E:\ Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF} ==================== Installed Programs ====================== 1-Click YouTubeAssistant (HKLM\...\{3EEAB819-BF2D-4F43-85DE-66B7D6FC2F56}) (Version: 2.3.4 - Eurekr.com) 1ClickDownloader (HKLM\...\1ClickDownload) (Version: 2.7 Build 26473 - 1ClickDownload) <==== ATTENTION 32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden 5700_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House) Active@ Hard Disk Monitor (HKLM\...\{CC5C266E-83E8-43B5-A387-E001E0AD1795}) (Version: 1.2.650 - LSoft Technologies Inc) Active@ ISO Burner 3.0 (HKLM\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc) Ad-Aware (HKLM\...\Ad-Aware) (Version: - Lavasoft) Ad-Aware (Version: 8.0.0 - Lavasoft) Hidden Adebis Photo Sorter 1.0 (HKLM\...\Adebis Photo Sorter_is1) (Version: - ) Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated) Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.4.402.265 - Adobe Systems Incorporated) Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated) Advanced Outlook Express Repair v2.1 (HKLM\...\Advanced Outlook Express Repair v2.1) (Version: - ) Agent Ransack 2010 (HKLM\...\Agent Ransack_is1) (Version: - ) Aid4Mail2 (Remove only) (HKLM\...\Aid4Mail2_is1) (Version: 2.5.0.108 - Fookes Holding Ltd) Altysoft Free DVD 2.0 (HKLM\...\{8A5F87F6-D2DA-4058-9891-60A7950C9E96}_is1) (Version: - Altysoft, Inc.) AnVir Task Manager (HKLM\...\AnVir Task Manager) (Version: 6.1.0 - AnVir Software) Any Video Converter 2.7.6 (HKLM\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.) ArcSoft Software Suite (HKLM\...\{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}) (Version: - ) ATT-PRT22 (HKLM\...\ATT-PRT22) (Version: - ) ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version: - ) Attribute Changer 5.23 (HKLM\...\Attribute Changer) (Version: 5.23 - Romain Petges) Audacity 1.2.3 (HKLM\...\Audacity_is1) (Version: - ) Auslogics Duplicate File Finder (HKLM\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 2.4 - Auslogics Software Pty Ltd) AVG 2012 (HKLM\...\AVG) (Version: 2012.0.2221 - AVG Technologies) AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden AVG 2012 (Version: 12.0.2441 - AVG Technologies) Hidden Awesome Duplicate Photo Finder v. 1.0.1 (HKLM\...\Awesome Duplicate Photo Finder_is1) (Version: - Duplicate-Finder.com) Belarc Advisor 7.2 (HKLM\...\Belarc Advisor) (Version: - ) Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation) BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden BPD_Scan (Version: 2.00.0000 - Hewlett-Packard) Hidden BPDfax (Version: 70.0.184.000 - Hewlett-Packard) Hidden BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden Broadcom TPM Driver Installer (HKLM\...\{9576B4EE-5E87-4C14-AFCE-2F6FC2B276B8}) (Version: 9.01.02 - Broadcom Corporation) Brother MFL-Pro Suite MFC-J6710DW (HKLM\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 1.0.27.0 - Brother Industries, Ltd.) BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden Burn4Free CD and DVD (HKLM\...\Burn4Free) (Version: - ) CamStudio (HKLM\...\CamStudio) (Version: - ) Canon MP Drivers (HKLM\...\{58F8C6D9-5B55-486A-A322-4E8D87670031}) (Version: - ) CCleaner (remove only) (HKLM\...\CCleaner) (Version: - Piriform) CDex extraction audio (HKLM\...\CDex) (Version: - ) CodeStuff Starter (HKLM\...\CodeStuff Starter) (Version: - ) Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated) CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version: - ) Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden DISKdata (HKLM\...\DISKdata) (Version: - ) DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC) DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden Dupe Remover for Outlook Express and Windows Mail version 3.5 (HKLM\...\{B262EDF7-B16C-447E-B203-FAD286B61F90}_is1) (Version: 3.5 - Topalt.com) DVDx 2 (HKLM\...\{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1) (Version: 2.20 - labDV®) EASEUS Partition Master 4.1.1 Professional (HKLM\...\EASEUS Partition Master Professional Edition_is1) (Version: - EASEUS) Easy CD Creator 5 Platinum (HKLM\...\{8851E12C-0EF9-11D4-A788-009027ABA5D0}) (Version: 5.0.0.0000 - Roxio Inc) Easy Duplicate Finder v. 2.2.1 (HKLM\...\Easy Duplicate Finder_is1) (Version: - EasyDuplicateFinder.com) Easy Video Splitter 1.28 (HKLM\...\Easy Video Splitter_is1) (Version: - DoEasier Tech Inc) eBay Icon (HKLM\...\eBay Icon) (Version: 1.0 - AD ON Multimedia Advertising GmbH) Epson Copy Utility 3.5 (HKLM\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - ) Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation) EPSON Perfection V500 Photo Scanner Driver Update (HKLM\...\{25653817-9502-41A5-A24D-FED750611E98}) (Version: - ) EPSON Perfection V500P User's Guide (HKLM\...\Silent Package Run-Time Sample) (Version: - ) EPSON Scan (HKLM\...\EPSON Scanner) (Version: - ) ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version: - Lars Hederer) eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden Eudora Converter (HKLM\...\Eudora Converter_is1) (Version: - ) Eudora OSE (1.0) (HKLM\...\Eudora OSE (1.0)) (Version: 1.0 (en-US) - Mozilla) Extra CD DVD Ripper 6.49 (HKLM\...\Extra CD DVD Ripper_is1) (Version: - Extra Software, Inc.) File & Folder Lister 2.00 (HKLM\...\File & Folder Lister_is1) (Version: - TriSun Software Inc.) Folder Marker v 1.4 (HKLM\...\Folder Marker_is1) (Version: 1.4 - ArcticLine Software) Free Mp3 Wma Converter V 1.8.0 (HKLM\...\Free Mp3 Wma Converter_is1) (Version: - ) Free Sound Recorder v9.3.1 (HKLM\...\Free Sound Recorder_is1) (Version: - Copyright© 2005-2012 FreeSoundRecorder Technologies, Inc.) Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google) Google Quick Search Box (HKLM\...\Quick Search Box) (Version: 1.2.1151.245 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP) HP Officejet All-In-One Series (HKLM\...\HP Officejet All-In-One Series) (Version: 1.0 - HP) HP Photosmart Essential (HKLM\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version: 1.9.1.3 - HP) HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden HP Solution Center 7.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 7.0 - HP) HPProductAssistant (Version: 70.0.170.000 - Hewlett-Packard) Hidden IMAPSize 0.3.7 (HKLM\...\IMAPSize_is1) (Version: - Broobles) ImgBurn (HKLM\...\ImgBurn) (Version: 2.4.2.0 - LIGHTNING UK!) Indeo® Software (HKLM\...\Indeo® Software) (Version: - ) Inpaint 2.0 (HKLM\...\{30283233-3BE6-473D-A47C-ED964A2F78B4}_is1) (Version: - Teorex) Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4497 - ) IrfanView (remove only) (HKLM\...\IrfanView) (Version: - ) J5700 (Version: 50.0.165.000 - Hewlett-Packard) Hidden Java 6 Update 14 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.) Karen's Computer Profiler (HKLM\...\Karen's Computer Profiler) (Version: 2.5.0.3 - Karen Kenworthy) KC Softwares VideoInspector (HKLM\...\KC Softwares VideoInspector_is1) (Version: - KC Softwares) Kingsoft PC Doctor 3.7.0.47 (HKLM\...\Kingsoft PC Doctor) (Version: 3.7.0.47 - Kingsoft PC Doctor) LimeWire 4.18.8 (HKLM\...\LimeWire) (Version: 4.18.8 - Lime Wire, LLC) LiveUpdate 1.90 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 1.90.15.0 - Symantec Corporation) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.207.4 - McAfee, Inc.) Media Player Codec Pack 3.6.0 (HKLM\...\Media Player - Codec Pack) (Version: - Media Player Codec Pack) <==== ATTENTION Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version: - Microsoft Corporation) Microsoft .NET Framework 2.0 (Version: 2.0.50727 - Microsoft Corporation) Hidden Microsoft Office Converter Pack (HKLM\...\{6EECB283-E65F-40EF-86D3-D51BF02A8D43}) (Version: 11.0.0.0 - Microsoft Corporation - Office Resource Kit Group) Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Mozilla Firefox 16.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 16.0.1 (x86 en-US)) (Version: 16.0.1 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 16.0.1 - Mozilla) MP3 Boss (HKLM\...\MP3 Boss) (Version: - ) MP3Boss (HKLM\...\MP3Boss) (Version: - ) MPower Version 1.2 (HKLM\...\MPower Version 1.2_is1) (Version: - ) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation) NirSoft SysExporter (HKLM\...\NirSoft SysExporter) (Version: - ) Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.) Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc) OCR Software by I.R.I.S 7.0 (HKLM\...\HPOCR) (Version: 7.0 - HP) Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version: - ) Outlook Express Quick Backup (HKLM\...\ST6UNST #1) (Version: - ) Paint Shop Pro 7 Anniversary Edition (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc) PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.) Paragon Drive Backup™ 9 Professional (HKLM\...\{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}) (Version: 90.00.0003 - Paragon Software) PCVITA Outlook Magic v3.1 (HKLM\...\{ECEB18DA-A736-4681-B6C9-1DE3CA159543}_is1) (Version: - PCVITA) PDF to Word 3 (HKLM\...\PDF to Word 3) (Version: - ) Peck's Power Join (HKLM\...\ST4UNST #1) (Version: - ) Phelix 1.0.0 (HKLM\...\Phelix 1.0.0) (Version: - Phonome Labs) Pinnacle Bender 32-bit (HKLM\...\{92A63804-501A-44B2-8EC3-8B8DFA2E97B2}) (Version: 2.0.19 - Pinnacle Systems) Pinnacle Instant DVD Recorder (HKLM\...\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}) (Version: 2.00.088 - ) ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden QuickTime (HKLM\...\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}) (Version: 7.62.14.0 - Apple Inc.) Recover Data for Outlook Express (Trial Version) (HKLM\...\Recover Data for Outlook Express (Trial Version)_is1) (Version: - Recover Data) RecoveryFix for Outlook Express Evaluation ver 4.02.01 (HKLM\...\RecoveryFix for Outlook Express (Evaluation version)_is1) (Version: - Chily Softech Pvt Ltd) Scan (Version: 7.0.0.0 - Hewlett-Packard) Hidden Scansoft PDF Professional (Version: - ) Hidden Seagate DiscWizard (HKLM\...\{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}) (Version: 13.0.14387 - Seagate) Search Settings 1.2.2 (HKLM\...\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}) (Version: - Spigot, Inc.) <==== ATTENTION Software Informer 1.0 BETA (HKLM\...\Software Informer_is1) (Version: - Informer Technologies, Inc.) SolutionCenter (Version: 70.0.170.000 - Hewlett-Packard) Hidden Sound Blaster Audigy (HKLM\...\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}) (Version: 1.0 - ) SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5410 - Analog Devices) Status (Version: 70.0.170.000 - Hewlett-Packard) Hidden Studio 11 (HKLM\...\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}) (Version: 11.0 - Pinnacle Systems) Studio 11 (Version: 11.0.0.0 - Pinnacle Systems) Hidden SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.25.0.1012 - SUPERAntiSpyware.com) Symantec Network Drivers Update (Version: 5.4.4.17 - Symantec Corporation) Hidden SyncBack (HKLM\...\SyncBack_is1) (Version: - 2BrightSparks) SysTools Outlook Express Restore (HKLM\...\SysTools Outlook Express Restore - Demo Version_is1) (Version: - ) Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden TrayApp (Version: 70.0.170.000 - Hewlett-Packard) Hidden TreeSize Free V2.7 (HKLM\...\TreeSize Free_is1) (Version: 2.7 - JAM Software) Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version: - ) Unlocker 1.8.8 (HKLM\...\Unlocker) (Version: 1.8.8 - Cedrick Collomb) Update for Windows XP (KB932823-v3) (HKLM\...\KB932823-v3) (Version: 3 - Microsoft Corporation) VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden VLC media player 1.0.0 (HKLM\...\VLC media player) (Version: 1.0.0 - VideoLAN Team) WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden Winamp (remove only) (HKLM\...\Winamp) (Version: - ) WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version: - ) Windows Driver Package - Pinnacle Systems (BENDER) Media (11/21/2005 2.0.19.0) (HKLM\...\4D5F871C34C0AB20CA5FCF9A9AC7409418F77328) (Version: 11/21/2005 2.0.19.0 - Pinnacle Systems) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Tools 4.0 (HKLM\...\Microsoft NetShow Tools 2.0) (Version: - ) WinMerge 2.12.4 (HKLM\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software) WinUtilities 10.53 Free Edition (HKLM\...\{FC274982-5AAD-4C20-848D-4424A5043010}_is1) (Version: - YL Computing, Inc) WinX DVD Ripper Platinum 5.1 (HKLM\...\WinX DVD Ripper Platinum GOTD Special Edition_is1) (Version: - Digiarty Software, Inc.) Wondershare Photo Story Gold GAOTD Edition 3.4.2.0 (HKLM\...\Wondershare Photo Story Gold GAOTD Edition_is1) (Version: 3.4.2.0 - Wondershare Software Co.,Ltd.) Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi)) Yahoo! Desktop Login (Version: 1.00.0001 - Pinnacle Systems) Hidden Zoner Photo Studio 14 (HKLM\...\ZonerPhotoStudio14_EN_is1) (Version: 14.0.1.7 - ZONER software) ==================== Restore Points ========================= 12-06-2014 11:55:21 System Checkpoint 13-06-2014 12:08:56 System Checkpoint 16-06-2014 01:23:18 System Checkpoint 17-06-2014 03:03:08 System Checkpoint 18-06-2014 16:18:33 System Checkpoint 19-06-2014 23:13:54 System Checkpoint 21-06-2014 15:52:38 System Checkpoint 22-06-2014 18:16:44 System Checkpoint ==================== Hosts content: ========================== 2001-08-23 08:00 - 2001-08-23 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\KsafeDelay.job => C:\Program Files\Kingsoft\PCDoctor\KSafeTray.exe Task: C:\WINDOWS\Tasks\Symantec NetDetect.job => C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE ==================== Loaded Modules (whitelisted) ============= 2009-03-09 15:06 - 2009-03-09 15:06 - 00212848 _____ () C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll 2009-03-09 15:06 - 2009-03-09 15:06 - 01626976 _____ () C:\Program Files\Lavasoft\Ad-Aware\Resources.dll 2008-09-10 18:00 - 2008-09-10 18:00 - 00168960 _____ () C:\Program Files\Lavasoft\Ad-Aware\unrar.dll 2009-06-17 07:06 - 2007-07-12 22:33 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll 2009-01-10 18:15 - 2009-01-10 18:15 - 00159744 _____ () C:\WINDOWS\system32\mmfinfo.dll 2009-01-10 18:14 - 2009-01-10 18:14 - 00023552 _____ () C:\WINDOWS\system32\mkunicode.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:24721E3C AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:39413AC3 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8EF7595F ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service" ==================== EXE Association (whitelisted) ============= ==================== MSCONFIG/TASK MANAGER disabled items ========= ==================== Faulty Device Manager Devices ============= Name: Description: Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/21/2014 00:50:22 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2014/06/21 12:50:22.000]: [00003600]: Initialize TwdsMain Class failed! Error: (06/21/2014 00:50:22 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2014/06/21 12:50:22.000]: [00003600]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (06/21/2014 00:48:42 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2014/06/21 12:48:42.046]: [00003516]: Initialize TwdsMain Class failed! Error: (06/21/2014 00:48:42 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2014/06/21 12:48:42.046]: [00003516]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (06/21/2014 00:33:58 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2014/06/21 12:33:58.984]: [00002196]: Initialize TwdsMain Class failed! Error: (06/21/2014 00:33:58 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWN BrtTWN: [2014/06/21 12:33:58.984]: [00002196]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (06/12/2014 00:45:43 PM) (Source: Userenv) (EventID: 1512) (User: NT AUTHORITY) Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. DETAIL - The file or directory is corrupted and unreadable. Error: (06/12/2014 08:27:45 AM) (Source: Ci) (EventID: 4126) (User: ) Description: Cleaning up corrupt content index metadata on e:\system volume information\catalog.wci. Index will be automatically restored by refiltering all documents. Error: (06/12/2014 07:18:39 AM) (Source: Ci) (EventID: 4124) (User: ) Description: Content index on e:\system volume information\catalog.wci is corrupt. Please shutdown and restart the Indexing Service (cisvc). Error: (06/11/2014 10:57:04 PM) (Source: Ci) (EventID: 4126) (User: ) Description: Cleaning up corrupt content index metadata on e:\system volume information\catalog.wci. Index will be automatically restored by refiltering all documents. System errors: ============= Error: (06/23/2014 11:02:31 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (06/23/2014 11:01:53 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The AVGIDSAgent service terminated with service-specific error 3758213660 (0xE001CA1C). Error: (06/23/2014 10:24:41 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The AVGIDSAgent service terminated with service-specific error 3758213660 (0xE001CA1C). Error: (06/23/2014 09:08:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (06/23/2014 09:07:24 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The AVGIDSAgent service terminated with service-specific error 3758213660 (0xE001CA1C). Error: (06/22/2014 08:25:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (06/22/2014 08:25:13 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The AVGIDSAgent service terminated with service-specific error 3758213660 (0xE001CA1C). Error: (06/21/2014 06:05:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (06/21/2014 06:04:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The AVGIDSAgent service terminated with service-specific error 3758213660 (0xE001CA1C). Error: (06/21/2014 09:59:17 AM) (Source: Service Control Manager) (EventID: 7024) (User: ) Description: The AVGIDSAgent service terminated with service-specific error 3758213660 (0xE001CA1C). Microsoft Office Sessions: ========================= Error: (06/21/2014 00:50:22 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWNBrtTWN: [2014/06/21 12:50:22.000]: [00003600]: Initialize TwdsMain Class failed! Error: (06/21/2014 00:50:22 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWNBrtTWN: [2014/06/21 12:50:22.000]: [00003600]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (06/21/2014 00:48:42 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWNBrtTWN: [2014/06/21 12:48:42.046]: [00003516]: Initialize TwdsMain Class failed! Error: (06/21/2014 00:48:42 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWNBrtTWN: [2014/06/21 12:48:42.046]: [00003516]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (06/21/2014 00:33:58 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWNBrtTWN: [2014/06/21 12:33:58.984]: [00002196]: Initialize TwdsMain Class failed! Error: (06/21/2014 00:33:58 PM) (Source: Brother BrLog) (EventID: 1001) (User: ) Description: TWNBrtTWN: [2014/06/21 12:33:58.984]: [00002196]: ##### Fatal ERROR!! Create STI-device failed! ##### Error: (06/12/2014 00:45:43 PM) (Source: Userenv) (EventID: 1512) (User: NT AUTHORITY) Description: The file or directory is corrupted and unreadable. Error: (06/12/2014 08:27:45 AM) (Source: Ci) (EventID: 4126) (User: ) Description: e:\system volume information\catalog.wci Error: (06/12/2014 07:18:39 AM) (Source: Ci) (EventID: 4124) (User: ) Description: e:\system volume information\catalog.wci Error: (06/11/2014 10:57:04 PM) (Source: Ci) (EventID: 4126) (User: ) Description: e:\system volume information\catalog.wci ==================== Memory info =========================== Percentage of memory in use: 55% Total physical RAM: 1014.48 MB Available physical RAM: 452.94 MB Total Pagefile: 2440.84 MB Available Pagefile: 1945.27 MB Total Virtual: 2047.88 MB Available Virtual: 1924.29 MB ==================== Drives ================================ Drive c: (80A - XP 10.20.12 (24GB)) (Fixed) (Total:24.41 GB) (Free:10.42 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive e: (61A - XP 10.20.12 (21GB)) (Fixed) (Total:21 GB) (Free:4.63 GB) NTFS Drive f: (61D - xx (312GB)) (Fixed) (Total:312.8 GB) (Free:306.66 GB) NTFS Drive i: (61E - BU ADDS (178GB)) (Fixed) (Total:178.71 GB) (Free:0.49 GB) NTFS Drive l: (80B - BU PROJ 03.21.14 (1.27TB)) (Fixed) (Total:1310.68 GB) (Free:7.16 GB) NTFS Drive m: (80C - BU MP3 03.06.14 (326GB)) (Fixed) (Total:327 GB) (Free:4.33 GB) NTFS Drive n: (80D - BU PIXDOCS (200GB)) (Fixed) (Total:200.93 GB) (Free:1.76 GB) NTFS Drive p: (61B - >>>>ACTIVE (288GB)) (Fixed) (Total:289 GB) (Free:5.77 GB) NTFS Drive q: (61C - xx (129GB)) (Fixed) (Total:130 GB) (Free:114.28 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 1863 GB) (Disk ID: BB3B48A5) Partition 1: (Active) - (Size=24 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=-224832676352) - (Type=05) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 81E00CE7) Partition 1: (Active) - (Size=21 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=911 GB) - (Type=OF Extended) ==================== End Of Log ============================