Jump to content

FBI Ransom virus


Recommended Posts

My screen is locked with this persistent virus. They're asking for only $300!

 

I can not run in safe mode, so I installed the effected HDD as a slave and am using a working OS as a master so I can access the bad drive, but have not been abkle to fix it.

 

Is there a way i can run the diagnostics on the bad drive without using an external USB stick?

 

My old (broken) operating system is XP Pro SP3 and am using XP SP2 as the interim system.

 

Thanks for your help and the time you are dedicating to this forum. 

 

Gerry

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

  • Staff

This topic has been reopened at the OP's request.

 

GPK111:  This thread is obviously reopened, at your request. I have sent you a private message to that effect, but don't know if you know how to spot it.  In any event, good luck in getting your issue resolved!

Link to post
Share on other sites

Thanks for the prompt reply, but I can't make sense of the Kaspersky link. I'm still where I was when I first posted.

 

The virus presents a reddish screen and does not recognize any attempts at cursor movement or keyboard input unless a "ransom" is paid. Looking at the internet, seems this virus is a knwon one, but any attempts at fixing it has eluded me.    

 

I'm not that familiar with remote trouble shooting, so maybe we could start from the top?  

 

Thanks

 

Gerry

Link to post
Share on other sites

Here you go:

For XP and XP Pro:

These methods may help remove this malware: (XP is a little harder to work on)

This will work if you have a good system restore point and can get to the Command prompt: (If it doesn't work the first time keep trying...you may be able get it)

Step 1: Use F8 to Boot to SafeMode With Command Prompt or Command Prompt
Step 2: Type the word "explorer" in black screen > enter
Step 3: Then Navigate to:
Win XP: C:\windows\system32\restore\rstrui.exe and press Enter
Win Vista/Seven: C:\windows\system32\rstrui.exe and press Enter (double click rstrui.exe)
Step 4: Restore Computer to Date you know you were virus free
Step 5: See if it boots up normally.....post on the forum so we can ensure the computers clean

<=====><=====><=====><=====><=====><=====>

Use Kaspersky Rescue Disk and Unlocker:

  • Download Kaspersky Rescue Disk (iso)
  • Burn it to a cd or dvd, if you need a program to burn an ISO...use Active@ ISO Burner
  • Instructions for USB flash drive
  • Configure your computer to boot from CD/DVD
  • Note : If you do not know how to set your computer to boot from CD/DVD follow the steps HERE
  • Once you have the cd/DVD created, boot the computer up using it
  • Press any key to enter the menu
  • Select your language
  • Press 1 to accept the End User License Agreement
  • Select Kaspersky Rescue Disk. Graphic Mode
  • Click on the Start button located in the left bottom corner of the screen
  • Run Kaspersky WindowsUnlocker to remove Windows system and registry changes made by Metropolitan Police Virus

    krd5.jpg

    Note: If you can't find Kaspersky WindowsUnlocker, go to Terminal instead > type > windowsunlocker > choose 1 - Unlock Windows > Enter
  • When it's done, click on the Start button and start Kaspersky Rescue Disk utility
  • Click on My Update Center tab and press Start to download the latest update
  • Next, select the Object Scan tab
  • Put a check next to C:\ and any other local drives
  • Then click Start Objects Scan
  • Quarantine any malware found
  • Restart your computer and see if it boots up normally


    Good Luck.....MrC
  • Taken from here:
    http://support.kaspersky.com/viruses/disinfection/8005
Link to post
Share on other sites

ok. Cool little rescuse disk. I followed all the instructions (thanks) and Mr. Kaspersky is the first thing I tried which made a difference, but the outcome is still not correct. The boot programs now loops, even in safe mode. XP Pro (SP3) now goes through the boot sequence, including the XP window with its progress bar, and then goes back to the firmware booting screen without getting to the desktop.

Here are the current conditions ('before' Kaspersky status in parens)

- Boots 'normally' through XP progress bar (same before Kaspersky)

- Boots from any variation of safe mode (did not respond to safe mode command at all)

- Recycles boot sequence from firmware right after XP progress bar (went to desk top just prior to showing Winlock screen)

- Recycling also occurs from all options of safe mode (all options of safe mode not responsive prior to Kas[ersky)

- Access to all files on 'bad' XP partition from XP slave drive is still possible, (as before)

Additional thoughts very much appreciated.

Link to post
Share on other sites

Download FRST.exe:

http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/

See if somehow you can get it to run and scan the system.

If you can get to a command prompt with FRST.exe on a usb flash drive.

For the next steps, you will need a flashdrive and a clean computer, to download and transfer tools to that flashdrive...and then transfer those tools again to the infected machine:

Please download Farbar Recovery Scan Tool and save it to the flash drive.

Note: Your version should be the 32-bit version!

Now plug the flash drive into the infected PC, and boot into safemode with command prompt.

Once in the Command Prompt:

In the command window type in notepad and press Enter.

The notepad opens. Under File menu select Open.

Select "Computer" and find your flash drive letter and close the notepad.

In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter

Note: Replace letter e with the drive letter of your flash drive.

The tool will start to run.

When the tool opens click Yes to disclaimer.

Press Scan button.

On it's first run FRST will make 2 logs (FRST.txt, and Attach.txt) on the flash drive. Please copy and paste both logs to your next reply.

MrC

Link to post
Share on other sites

Mr Charlie,

My setup is a single desktop with two 1TB hard drive volumes. Each volume contains an XP partition. The infected XP parttiion (XP Pro SP3) is currently on the slave drive. The working XP partition (XP Pro SP2) is on the master drive.

I was able to download the FRST program to the master drive and I checled to make sure it loads.

I also copied the FRST program to the infected drivem since I can "see" it with utilities from the good XP partition.

Can the log files be created with the present setup?

Thanks

Link to post
Share on other sites

Run under the working XP system (SP2 - Drive C) with FRST.EXE resident on the infected drive (SP3 - Drive E).

 

Generated FRST File

-------------------------------

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:22-06-2014
Ran by Gerry (administrator) on IBMPC on 23-06-2014 11:03:23
Running from E:\
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Seagate) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2009-05-26] (Apple Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
Startup: C:\Documents and Settings\Gerry\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT Registry BU\AUTOBACK.EXE ()
HKLM\...\AppCertDlls: [rasplace] -> C:\WINDOWS\system32\igfxexec.dll
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restartlsdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
SearchScopes: HKCU - {91EBC6E5-4330-4CE2-844D-B2E7C1228DDE} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=667323&p={searchTerms}
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350787723968
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: AutorunsDisabled\linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Filter: text/html - {161e2552-9334-4002-bb72-ffe13ad9460b} -  No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Gerry\Application Data\Mozilla\Firefox\Profiles\xcmy4qn3.default
FF Homepage: hxxp://www.cnn.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-08-20]
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack [2012-08-29]

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-06-21] (Sun Microsystems, Inc.)
S4 KSafeSvc; C:\Program files\Kingsoft\PCDoctor\KSafeSvc.exe [290720 2012-04-10] (Kingsoft Corporation)
R2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [951632 2009-03-09] (Lavasoft)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2008-04-08] (Motive Communications, Inc.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [237008 2011-06-17] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\WINDOWS\System32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
S2 PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 SgtSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [845808 2011-06-30] (Seagate)
S3 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206552 2005-01-21] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2004-08-03] (Microsoft Corporation)
S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1759584 2010-09-30] (Atheros Communications, Inc.)
R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [17005 2003-05-28] (Adaptec) [File not signed]
R3 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\WINDOWS\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [237408 2012-07-26] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [301920 2012-08-24] (AVG Technologies CZ, s.r.o.)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed]
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2010-03-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation)
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [9336 2007-03-07] (Sonic Solutions)
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [9464 2007-03-07] (Sonic Solutions)
R1 cdudf_xp; C:\WINDOWS\system32\Drivers\cdudf_xp.sys [241280 2009-06-23] (Roxio) [File not signed]
R3 cmuda3; C:\WINDOWS\System32\drivers\cmudax3.sys [1516672 2009-06-19] (C-Media Inc)
R3 dvd_2K; C:\WINDOWS\system32\Drivers\dvd_2K.sys [25930 2009-06-23] (Roxio) [File not signed]
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13192 2009-08-26] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [8456 2009-09-16] () [File not signed]
R0 hotcore3; C:\WINDOWS\System32\DRIVERS\hotcore3.sys [40496 2008-12-13] (Paragon Software Group)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2005-10-20] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-20] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-20] (HP)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64160 2009-03-09] (Lavasoft AB)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-23] (Malwarebytes Corporation)
S3 mmc_2K; C:\WINDOWS\system32\Drivers\mmc_2K.sys [30662 2009-06-23] (Roxio) [File not signed]
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
S3 P17; C:\WINDOWS\System32\drivers\P17.sys [1389056 2005-07-07] (Creative Technology Ltd.)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
R1 pwd_2K; C:\WINDOWS\system32\Drivers\pwd_2K.sys [144250 2009-06-23] (Roxio) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [8944 2009-01-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2009-01-15] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [55024 2009-01-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] ()
R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [82136 2003-12-16] (Symantec Corporation)
S3 SYMREDRV; C:\WINDOWS\system32\Drivers\SYMREDRV.SYS [26424 2005-01-21] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [267384 2005-01-21] (Symantec Corporation)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2009-06-17] (Acronis)
R1 Udfreadr_xp; C:\WINDOWS\system32\Drivers\Udfreadr_xp.sys [206464 2009-06-23] (Roxio) [File not signed]
R1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [32056 2008-12-13] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [129896 2008-12-13] (Paragon)
R0 vididr; C:\WINDOWS\System32\DRIVERS\vididr.sys [125472 2012-09-06] (Acronis)
R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [83392 2012-09-06] (Acronis)
S4 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S4 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-03] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\File Unlocker\UnlockerDriver5.sys [4096 2009-10-26] () [File not signed]
U1 WS2IFSL;
S3 zlportio; \??\J:\_____DOWNLOADS\__SELECTED DOWNLOADS 03.05.04\DRIVER WIZARD - Good for set up\zlportio.sys [X]

========================== Drivers MD5 =======================

C:\WINDOWS\System32\DRIVERS\61883.sys 86D7B1E70661D754685B9AC6D749AAE5
C:\WINDOWS\System32\DRIVERS\ACPI.sys A10C7534F7223F4A73A948967D00E69B
C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\WINDOWS\System32\drivers\aec.sys 841F385C6CFAF66B58FBD898722BB4F0
C:\WINDOWS\System32\drivers\afd.sys 5AC495F4CB807B2B98AD2AD591E6D92E
C:\WINDOWS\System32\DRIVERS\athuw.sys 3BC98A53C0ABE3FEB3B2B9B3BD9E7AA5
C:\WINDOWS\System32\DRIVERS\arp1394.sys F0D692B0BFFB46E30EB3CEA168BBC49F
C:\WINDOWS\system32\Drivers\Aspi32.sys ED8CEE58C1E4C5893F5B2FD686A272BF
C:\WINDOWS\System32\DRIVERS\asyncmac.sys 02000ABF34AF4C218C35D257024807D6
C:\WINDOWS\System32\DRIVERS\atapi.sys CDFE4411A69C224BD1D11B2DA92DAC51
C:\WINDOWS\System32\DRIVERS\atmarpc.sys EC88DA854AB7D7752EC8BE11A741BB7F
C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\WINDOWS\System32\DRIVERS\avc.sys 87C223ADB8F7596B31CAAE3C67B16DDD
C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys 1074F787080068C71303B61FAE7E7CA4
C:\WINDOWS\System32\DRIVERS\avgidsfilterx.sys 61A7E0B02F82CFF3DB2445BBE50B3589
C:\WINDOWS\System32\DRIVERS\avgidshx.sys D63D83659EEDF60B3A3E620281A888E5
C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys BAF975B72062F53D327788E99D64197E
C:\WINDOWS\System32\DRIVERS\avgldx86.sys DCB09125C8B4766A88C86914B65487C1
C:\WINDOWS\System32\DRIVERS\avgmfx86.sys CCDD61545AAEA265977E4B1EFDC74E8C
C:\WINDOWS\System32\DRIVERS\avgrkx86.sys 1FD90B28D2C3100BF4500199C8AD6358
C:\WINDOWS\System32\DRIVERS\avgtdix.sys C0BC3B2E3FD625E7F55E1FF863E94592
C:\WINDOWS\System32\DRIVERS\b57xp32.sys 3A3A82FFD268BCFB7AE6A48CECF00AD9
C:\WINDOWS\System32\Drivers\BANTExt.sys 5D7BE7B19E827125E016325334E58FF1
C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys 92A964547B96D697E5E9ED43B4297F5A
C:\WINDOWS\System32\DRIVERS\BrSerIb.sys 9F80879913DC2712FD0C4D734E3F519B
C:\WINDOWS\System32\DRIVERS\BrUsbSIb.sys B67512DA42C0C90BF236D5485226C1C7
C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\WINDOWS\System32\DRIVERS\CCDECODE.sys 6163ED60B684BAB19D3352AB22FC48B2
C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\WINDOWS\system32\Drivers\Cdfs.sys CD7D5152DF32B47F4E36F710B35AAE02
C:\WINDOWS\system32\Drivers\Cdr4_xp.sys 837EEF65AF62D4E8A37C41D3879F7274
C:\WINDOWS\system32\Drivers\Cdralw2k.sys 579DA2F9F5401F55DAE2CF8779D61DFC
C:\WINDOWS\System32\DRIVERS\cdrom.sys AF9C19B3100FE010496B1A27181FBF72
C:\WINDOWS\system32\Drivers\cdudf_xp.sys 8C7746ACDE6225A46B58ED7AE09EC166
C:\WINDOWS\System32\drivers\cmudax3.sys 809980F0BFCEC2D3DDB3DBE8A2BD323B
C:\WINDOWS\System32\DRIVERS\ctsfm2k.sys 8DB84DE3AAB34A8B4C2F644EFF41CD76
C:\WINDOWS\System32\DRIVERS\disk.sys 00CA44E4534865F8A3B64F7C0984BFF0
C:\WINDOWS\System32\drivers\dmboot.sys C0FBB516E06E243F0CF31F597E7EBF7D
C:\WINDOWS\System32\DRIVERS\dmio.sys F5E7B358A732D09F4BCF2824B88B9E28
C:\WINDOWS\system32\Drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\WINDOWS\System32\drivers\DMusic.sys A6F881284AC1150E37D9AE47FF601267
C:\WINDOWS\System32\drivers\drmkaud.sys 1ED4DBBAE9F5D558DBBA4CC450E3EB2E
C:\WINDOWS\system32\Drivers\dvd_2K.sys 800DE2DFA19DB3FD87AA95308BA0C17B
C:\WINDOWS\System32\DRIVERS\e100b325.sys 3FCA03CBCA11269F973B70FA483C88EF
C:\WINDOWS\system32\epmntdrv.sys F07BA56B0235F15EFF8F10DC6389C42E
C:\WINDOWS\system32\EuGdiDrv.sys 1F2F4AB15CE03ECC257FEB2F6DC5A013
C:\WINDOWS\system32\Drivers\Fastfat.sys 3117F595E9615E04F05A54FC15A03B20
C:\WINDOWS\System32\DRIVERS\fdc.sys CED2E8396A8838E59D8FD529C680E02C
C:\WINDOWS\system32\Drivers\Fips.sys E153AB8A11DE5452BCF5AC7652DBF3ED
C:\WINDOWS\System32\DRIVERS\flpydisk.sys 0DD1DE43115B93F4D85E889D7A86F548
C:\WINDOWS\System32\drivers\fltmgr.sys 157754F0DF355A9E0A6F54721914F9C6
C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\WINDOWS\System32\DRIVERS\msgpc.sys C0F1D4A21DE5A415DF8170616703DEBF
C:\WINDOWS\System32\DRIVERS\hidusb.sys 1DE6783B918F540149AA69943BDFEBA8
C:\WINDOWS\System32\DRIVERS\hotcore3.sys 9E05F872290E5595AFD4871CDEE550A3
C:\WINDOWS\System32\DRIVERS\HPZid412.sys D03D10F7DED688FECF50F8FBF1EA9B8A
C:\WINDOWS\System32\DRIVERS\HPZipr12.sys 89F41658929393487B6B7D13C8528CE3
C:\WINDOWS\System32\DRIVERS\HPZius12.sys ABCB05CCDBF03000354B9553820E39F8
C:\WINDOWS\System32\Drivers\HTTP.sys C19B522A9AE0BBC3293397F3055E80A1
C:\WINDOWS\System32\DRIVERS\i8042prt.sys 5502B58EEF7486EE6F93F3F164DCB808
C:\WINDOWS\System32\DRIVERS\ialmnt5.sys DA91F5385CFC8BA0F110F2FDE112B563
C:\WINDOWS\System32\drivers\Imapi.sys F8AA320C6A0409C0380E5D8A99D76EC6
C:\WINDOWS\System32\DRIVERS\intelide.sys 2D722B2B54AB55B2FA475EB58D7B2AAD
C:\WINDOWS\System32\DRIVERS\intelppm.sys 279FB78702454DFF2BB445F238C048D2
C:\WINDOWS\System32\drivers\ip6fw.sys 4448006B6BC60E6C027932CFC38D6855
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\WINDOWS\System32\DRIVERS\ipinip.sys E1EC7F5DA720B640CD8FB8424F1B14BB
C:\WINDOWS\System32\DRIVERS\ipnat.sys B5A8E215AC29D24D60B4D1250EF05ACE
C:\WINDOWS\System32\DRIVERS\ipsec.sys 64537AA5C003A6AFEEE1DF819062D0D1
C:\WINDOWS\System32\DRIVERS\irenum.sys 50708DAA1B1CBB7D6AC1CF8F56A24410
C:\WINDOWS\System32\DRIVERS\isapnp.sys E504F706CCB699C2596E9A3DA1596E87
C:\WINDOWS\System32\DRIVERS\kbdclass.sys EBDEE8A2EE5393890A1ACEE971C4C246
C:\WINDOWS\System32\drivers\kmixer.sys D93CAD07C5683DB066B0B2D2D3790EAD
C:\WINDOWS\system32\Drivers\KSecDD.sys EB7FFE87FD367EA8FCA0506F74A87FBB
C:\WINDOWS\System32\DRIVERS\Lbd.sys 52320254D74EA11B6F129E7DF1016975
C:\WINDOWS\System32\DRIVERS\MarvinBus.sys A3E700D78EEC390F1208098CDCA5C6B6
C:\WINDOWS\system32\drivers\mbam.sys 8683C1B450F4B3872839308D836E0F92
C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 12E71DA845D76665B56753AD149E32B3
C:\WINDOWS\system32\Drivers\mmc_2K.sys 0A35AD036DE912858A1C5E9637840724
C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\WINDOWS\system32\Drivers\Modem.sys 6FC6F9D7ACC36DCA9B914565A3AEDA05
C:\WINDOWS\System32\DRIVERS\mouclass.sys 34E1F0031153E491910E12551400192C
C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685
C:\WINDOWS\system32\Drivers\MountMgr.sys 65653F3B4477F3C63E68A9659F85EE2E
C:\Program Files\Common Files\Motive\MREMP50.sys 9BD4DCB5412921864A7AACDEDFBD1923
C:\Program Files\Common Files\Motive\MRESP50.sys 07C02C892E8E1A72D6BF35004F0E9C5E
C:\WINDOWS\System32\DRIVERS\mrxdav.sys 46EDCC8F2DB2F322C24F48785CB46366
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 1FD607FC67F7F7C633C3DA65BFC53D18
C:\WINDOWS\System32\DRIVERS\msdv.sys 6DD721DFD2648F3F6D5808B5BA6CB095
C:\WINDOWS\system32\Drivers\Msfs.sys 561B3A4333CA2DBDBA28B5B956822519
C:\WINDOWS\System32\drivers\MSKSSRV.sys AE431A8DD3C1D0D0610CDBAC16057AD0
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 13E75FEF9DFEB08EEDED9D0246E1F448
C:\WINDOWS\System32\drivers\MSPQM.sys 1988A33FF19242576C3D0EF9CE785DA7
C:\WINDOWS\System32\DRIVERS\mssmbios.sys 469541F8BFD2B32659D5D463A6714BCE
C:\WINDOWS\System32\drivers\MSTEE.sys BF13612142995096AB084F2DB7F40F77
C:\WINDOWS\system32\Drivers\Mup.sys 82035E0F41C2DD05AE41D27FE6CF7DE1
C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys 5C8DC6429C43DC6177C1FA5B76290D1A
C:\WINDOWS\system32\Drivers\NDIS.sys 558635D3AF1C7546D26067D5D9B6959E
C:\WINDOWS\System32\DRIVERS\NdisIP.sys 520CE427A8B298F54112857BCF6BDE15
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 08D43BBDACDF23F34D79E44ED35C1B4C
C:\WINDOWS\System32\DRIVERS\ndisuio.sys 34D6CD56409DA9A7ED573E1C90A308BF
C:\WINDOWS\System32\DRIVERS\ndiswan.sys 0B90E255A9490166AB368CD55A529893
C:\WINDOWS\system32\Drivers\NDProxy.sys 59FC3FB44D2669BC144FD87826BB571F
C:\WINDOWS\System32\DRIVERS\netbios.sys 3A2ACA8FC1D7786902CA434998D7CEB4
C:\WINDOWS\System32\DRIVERS\netbt.sys 0C80E410CD2F47134407EE7DD19CC86B
C:\WINDOWS\System32\DRIVERS\nic1394.sys 5C5C53DB4FEF16CF87B9911C7E8C6FBC
C:\WINDOWS\system32\Drivers\Npfs.sys 4F601BCB8F64EA3AC0994F98FED03F8E
C:\WINDOWS\system32\Drivers\Ntfs.sys B78BE402C3F63DD55521F73876951CDD
C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\WINDOWS\System32\DRIVERS\ohci1394.sys 0951DB8E5823EA366B0E408D71E1BA2A
C:\WINDOWS\System32\DRIVERS\ctoss2k.sys 103A9B117A7D9903111955CDAFE65AC6
C:\WINDOWS\System32\drivers\P17.sys 1DB419CB76493F6292CCFBDC3466F5FF
C:\WINDOWS\System32\DRIVERS\parport.sys 29744EB4CE659DFE3B4122DEB45BC478
C:\WINDOWS\system32\Drivers\PartMgr.sys 3334430C29DC338092F79C38EF7B4CD0
C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\WINDOWS\System32\DRIVERS\pci.sys 8086D9979234B603AD5BC2F5D890B234
C:\WINDOWS\system32\Drivers\PCIIde.sys CCF5F451BB1A5A2A522A76E670000FF0
C:\WINDOWS\system32\Drivers\Pcmcia.sys 82A087207DECEC8456FBE8537947D579
C:\WINDOWS\System32\drivers\pfc.sys 444F122E68DB44C0589227781F3C8B3F
C:\WINDOWS\System32\DRIVERS\raspptp.sys 1C5CC65AAC0783C344F16353E60B72AC
C:\WINDOWS\System32\DRIVERS\processr.sys 0D97D88720A4087EC93AF7DBB303B30A
C:\WINDOWS\System32\DRIVERS\psched.sys 48671F327553DCF1D27F6197F622A668
C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\WINDOWS\system32\Drivers\pwd_2K.sys 1840112F3F3B7ECE84DBBD93A70C4135
C:\WINDOWS\System32\Drivers\PxHelp20.sys E42E3433DBB4CFFE8FDD91EAB29AEA8E
C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 98FAEB4A4DCF812BA1C6FCA4AA3E115C
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 7306EEED8895454CBED4669BE9F79FAA
C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\WINDOWS\System32\DRIVERS\rdbss.sys 29D66245ADBA878FFF574CD66ABD2884
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\WINDOWS\System32\DRIVERS\rdpdr.sys A2CAE2C60BC37E0751EF9DDA7CEAF4AD
C:\WINDOWS\system32\Drivers\RDPWD.sys D4F5643D7714EF499AE9527FDCD50894
C:\WINDOWS\System32\DRIVERS\redbook.sys B31B4588E4086D8D84ADBF9845C2402B
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS C030C9A39E85B6F04A8DD25D1A50258A
C:\Program Files\SUPERAntiSpyware\SASENUM.SYS E9C2D75C748C3F0A4C34D6CF2AE1D754
C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys 64C100DBF57C6CB6E7D5D24153F5E444
C:\WINDOWS\System32\DRIVERS\secdrv.sys D26E26EA516450AF9D072635C60387F4
C:\WINDOWS\System32\DRIVERS\serenum.sys A2D868AEEFF612E70E213C451A70CAFB
C:\WINDOWS\System32\DRIVERS\serial.sys CD9404D115A00D249F70A371B46D5A26
C:\WINDOWS\system32\Drivers\Sfloppy.sys 0D13B6DF6E9E101013A7AFB0CE629FE0
C:\WINDOWS\System32\DRIVERS\SLIP.sys 5CAEED86821FA2C6139E32E9E05CCDC9
C:\WINDOWS\System32\drivers\smwdm.sys 1319EA66A96250D59665D133C0FF7CD0
C:\WINDOWS\System32\DRIVERS\snapman.sys 98B44C15B4EED76AA8DCCB64A4CA11AF
C:\WINDOWS\System32\drivers\splitter.sys 8E186B8F23295D1E42C573B82B80D548
C:\WINDOWS\System32\DRIVERS\sr.sys E41B6D037D6CD08461470AF04500DC24
C:\WINDOWS\System32\DRIVERS\srv.sys 20B7E396720353E4117D64D9DCB926CA
C:\WINDOWS\System32\DRIVERS\StreamIP.sys 284C57DF5DC7ABCA656BC2B96A667AFB
C:\WINDOWS\System32\DRIVERS\swenum.sys 03C1BAE4766E2450219D20B993D6E046
C:\WINDOWS\System32\drivers\swmidi.sys 94ABC808FC4B6D7D2BBF42B85E25BB4D
C:\Program Files\Symantec\SYMEVENT.SYS 05D9613EFE7809E384C10DA26958DFA4
C:\WINDOWS\system32\Drivers\SYMREDRV.SYS F26E71125DA173D57CABA3457C5E48CF
C:\WINDOWS\System32\Drivers\SYMTDI.SYS 23B6ADBAA7026C53B5EF102E56750B13
C:\WINDOWS\System32\drivers\sysaudio.sys 650AD082D46BAC0E64C9C0E0928492FD
C:\WINDOWS\System32\DRIVERS\tcpip.sys 9F4B36614A0FC234525BA224957DE55C
C:\WINDOWS\system32\Drivers\TDPIPE.sys 38D437CF2D98965F239B0ABCD66DCB0F
C:\WINDOWS\system32\Drivers\TDTCP.sys ED0580AF02502D00AD8C4C066B156BE9
C:\WINDOWS\System32\DRIVERS\termdd.sys A540A99C281D933F3D69D55E48727F47
C:\WINDOWS\System32\DRIVERS\tifsfilt.sys B0B3122BFF3910E0BA97014045467778
C:\WINDOWS\System32\DRIVERS\timntr.sys D8A96D0E25D43FDAC3BED09ADF39FDE9
C:\WINDOWS\system32\Drivers\Udfreadr_xp.sys E1B5BFBA7F1CDE1FC28934639E83B3CF
C:\WINDOWS\system32\Drivers\Udfs.sys 12F70256F140CD7D52C58C7048FDE657
C:\WINDOWS\System32\DRIVERS\UimBus.sys D0C236D113FBFE0B1B89B63AFE472349
C:\WINDOWS\System32\Drivers\Uim_IM.sys 8200DAB350CFCA0617DB28440294E5B4
C:\WINDOWS\System32\DRIVERS\update.sys AFF2E5045961BBC0A602BB6F95EB1345
C:\WINDOWS\System32\DRIVERS\usbccgp.sys BFFD9F120CC63BCBAA3D840F3EEF9F79
C:\WINDOWS\System32\DRIVERS\usbehci.sys 15E993BA2F6946B2BFBBFCD30398621E
C:\WINDOWS\System32\DRIVERS\usbhub.sys C72F40947F92CEA56A8FB532EDF025F1
C:\WINDOWS\System32\DRIVERS\usbohci.sys BDFE799A8531BAD8A5A985821FE78760
C:\WINDOWS\System32\DRIVERS\usbprint.sys A42369B7CD8886CD7C70F33DA6FCBCF5
C:\WINDOWS\System32\DRIVERS\usbscan.sys A6BC71402F4F7DD5B77FD7F4A8DDBA85
C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS 6CD7B22193718F1D17A47A1CD6D37E75
C:\WINDOWS\System32\DRIVERS\usbuhci.sys F8FD1400092E23C8F2F31406EF06167B
C:\WINDOWS\System32\drivers\vga.sys 8A60EDD72B4EA5AEA8202DAF0E427925
C:\WINDOWS\System32\DRIVERS\vididr.sys 149EC3E217F9D11E9CA6C54CE3D70C73
C:\WINDOWS\System32\DRIVERS\vsflt53.sys E31E9CD40677B84B3ADAA7A0D80DC439
C:\WINDOWS\system32\Drivers\VolSnap.sys EE4660083DEBA849FF6C485D944B379B
C:\WINDOWS\System32\DRIVERS\wanarp.sys 984EF0B9788ABF89974CFED4BFBAACBC
C:\WINDOWS\System32\drivers\wdmaud.sys 2797F33EBF50466020C430EE4F037933
C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS D5842484F05E12121C511AA93F6439EC

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-23 01:40 - 2014-06-23 10:58 - 00000000 _____ () C:\Documents and Settings\Gerry\ntuser.tmp
2014-06-22 23:49 - 2014-06-23 01:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Active@ ISO Burner
2014-06-22 23:49 - 2014-06-22 23:49 - 00000000 ____D () C:\Program Files\ISO BURNER - LSoft Technologies
2014-06-18 21:34 - 2014-06-18 21:35 - 00002416 _____ () C:\Documents and Settings\Gerry\Desktop\Rkill.txt
2014-06-16 03:14 - 2014-06-16 03:14 - 00000293 _____ () C:\WINDOWS\wmsetup.log
2014-06-16 02:23 - 2014-06-16 02:23 - 00000846 _____ () C:\Documents and Settings\Gerry\Desktop\SyncBack.exe.lnk
2014-06-12 14:46 - 2014-06-23 11:03 - 00000000 ____D () C:\FRST
2014-06-12 12:57 - 2014-06-12 12:57 - 00000885 _____ () C:\Documents and Settings\Gerry\Desktop\Creatr50.exe.lnk
2014-06-12 12:45 - 2014-06-12 12:45 - 00221408 _____ (Adaptec) C:\WINDOWS\system32\Drivers\cdudf.sys
2014-06-12 12:45 - 2014-06-12 12:45 - 00045056 _____ (Adaptec) C:\WINDOWS\system32\cdr4dll.dll
2014-06-12 12:25 - 2014-06-12 12:35 - 00000000 ____D () C:\Program Files\Registrar Registry Manager
2014-06-12 08:20 - 2014-06-12 08:20 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-06-12 07:15 - 2014-06-12 07:15 - 00030584 _____ () C:\Documents and Settings\Gerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-12 06:51 - 2014-06-12 06:52 - 00000000 ____D () C:\Program Files\ERUNT Registry BU
2014-06-12 06:51 - 2014-06-12 06:51 - 00000699 _____ () C:\Documents and Settings\Gerry\Desktop\NTREGOPT.lnk
2014-06-12 06:51 - 2014-06-12 06:51 - 00000680 _____ () C:\Documents and Settings\Gerry\Desktop\ERUNT.lnk
2014-06-12 06:51 - 2014-06-12 06:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-06-12 00:19 - 2014-06-23 11:02 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 00:18 - 2014-06-12 00:18 - 00000801 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-12 00:18 - 2014-06-12 00:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-12 00:18 - 2014-06-12 00:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-06-12 00:18 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-12 00:18 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

==================== One Month Modified Files and Folders =======

2014-06-23 11:03 - 2014-06-12 14:46 - 00000000 ____D () C:\FRST
2014-06-23 11:03 - 2009-06-16 23:44 - 00000000 ____D () C:\Documents and Settings\Gerry\Local Settings\Temp
2014-06-23 11:02 - 2014-06-12 00:19 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-23 11:02 - 2009-06-17 06:58 - 00402774 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-23 11:01 - 2012-10-20 00:06 - 00011048 _____ () C:\aaw7boot.log
2014-06-23 11:01 - 2012-08-27 01:36 - 00000282 _____ () C:\WINDOWS\Tasks\KsafeDelay.job
2014-06-23 11:01 - 2009-08-16 00:25 - 00000000 __SHD () C:\WINDOWS\CSC
2014-06-23 11:01 - 2009-08-02 21:08 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-23 11:01 - 2009-06-16 23:40 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-23 11:01 - 2009-06-16 19:24 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-23 11:01 - 2009-06-16 19:24 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-23 10:58 - 2014-06-23 01:40 - 00000000 _____ () C:\Documents and Settings\Gerry\ntuser.tmp
2014-06-23 10:56 - 2009-11-09 23:10 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-23 10:47 - 2009-06-16 23:44 - 00001531 _____ () C:\Documents and Settings\Gerry\Desktop\Notepad.lnk
2014-06-23 10:31 - 2009-08-02 21:08 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-23 10:28 - 2009-06-16 19:23 - 00474832 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-23 09:07 - 2001-08-23 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-23 01:34 - 2014-06-22 23:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Active@ ISO Burner
2014-06-23 01:33 - 2009-09-18 17:35 - 00003054 _____ () C:\devicetable.log
2014-06-22 23:49 - 2014-06-22 23:49 - 00000000 ____D () C:\Program Files\ISO BURNER - LSoft Technologies
2014-06-22 08:41 - 2009-06-16 23:38 - 00000000 ____D () C:\Program Files\Outlook Express
2014-06-22 08:37 - 2012-08-20 16:01 - 00000026 _____ () C:\WINDOWS\Zone.Identifier
2014-06-22 01:20 - 2009-06-16 23:44 - 00000278 ___SH () C:\Documents and Settings\Gerry\ntuser.ini
2014-06-22 01:20 - 2009-06-16 23:42 - 00032498 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-22 01:19 - 2009-06-16 23:44 - 00000000 ____D () C:\Documents and Settings\Gerry
2014-06-21 18:06 - 2012-10-21 01:32 - 00213630 _____ () C:\WINDOWS\setupapi.log
2014-06-21 12:53 - 2009-06-25 23:11 - 00000000 ____D () C:\Documents and Settings\Gerry\Application Data\Image Zone Express
2014-06-21 12:38 - 2009-06-25 23:23 - 00000000 ____D () C:\Documents and Settings\Gerry\My Documents\My Scans
2014-06-18 21:35 - 2014-06-18 21:34 - 00002416 _____ () C:\Documents and Settings\Gerry\Desktop\Rkill.txt
2014-06-18 21:16 - 2009-06-16 19:17 - 00000000 ____D () C:\WINDOWS\Help
2014-06-18 13:56 - 2009-06-18 17:33 - 00190464 _____ () C:\Documents and Settings\Gerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-18 08:17 - 2009-06-17 07:33 - 00000000 ____D () C:\Documents and Settings\Gerry\Local Settings\Application Data\CutePDF Writer
2014-06-16 22:39 - 2012-10-19 22:40 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-06-16 03:14 - 2014-06-16 03:14 - 00000293 _____ () C:\WINDOWS\wmsetup.log
2014-06-16 03:14 - 2009-06-16 23:44 - 00000816 _____ () C:\Documents and Settings\Gerry\Start Menu\Programs\Windows Media Player.lnk
2014-06-16 02:23 - 2014-06-16 02:23 - 00000846 _____ () C:\Documents and Settings\Gerry\Desktop\SyncBack.exe.lnk
2014-06-13 05:52 - 2009-06-16 19:17 - 00000000 ____D () C:\WINDOWS\security
2014-06-12 12:57 - 2014-06-12 12:57 - 00000885 _____ () C:\Documents and Settings\Gerry\Desktop\Creatr50.exe.lnk
2014-06-12 12:45 - 2014-06-12 12:45 - 00221408 _____ (Adaptec) C:\WINDOWS\system32\Drivers\cdudf.sys
2014-06-12 12:45 - 2014-06-12 12:45 - 00045056 _____ (Adaptec) C:\WINDOWS\system32\cdr4dll.dll
2014-06-12 12:35 - 2014-06-12 12:25 - 00000000 ____D () C:\Program Files\Registrar Registry Manager
2014-06-12 08:20 - 2014-06-12 08:20 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-06-12 07:15 - 2014-06-12 07:15 - 00030584 _____ () C:\Documents and Settings\Gerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-12 06:52 - 2014-06-12 06:51 - 00000000 ____D () C:\Program Files\ERUNT Registry BU
2014-06-12 06:51 - 2014-06-12 06:51 - 00000699 _____ () C:\Documents and Settings\Gerry\Desktop\NTREGOPT.lnk
2014-06-12 06:51 - 2014-06-12 06:51 - 00000680 _____ () C:\Documents and Settings\Gerry\Desktop\ERUNT.lnk
2014-06-12 06:51 - 2014-06-12 06:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-06-12 02:12 - 2009-09-13 14:53 - 00000000 ____D () C:\Program Files\Shared
2014-06-12 00:18 - 2014-06-12 00:18 - 00000801 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-12 00:18 - 2014-06-12 00:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-12 00:18 - 2014-06-12 00:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-06-11 22:43 - 2009-06-18 14:29 - 00000000 ____D () C:\Documents and Settings\Gerry\Local Settings\Application Data\Google
2014-06-11 22:19 - 2009-06-16 23:38 - 00000000 ____D () C:\WINDOWS\system32\Restore

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

 

 

 

 

Generated ADDITION file

----------------------------------------

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:22-06-2014
Ran by Gerry at 2014-06-23 11:04:22
Running from E:\
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: AVG Anti-Virus Free Edition 2012 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

1-Click YouTubeAssistant (HKLM\...\{3EEAB819-BF2D-4F43-85DE-66B7D6FC2F56}) (Version: 2.3.4 - Eurekr.com)
1ClickDownloader (HKLM\...\1ClickDownload) (Version: 2.7 Build 26473 - 1ClickDownload) <==== ATTENTION
32 Bit HP CIO Components Installer (Version: 2.1.5 - Hewlett-Packard) Hidden
5700_Help (Version: 1.00.0000 - Hewlett-Packard) Hidden
ABBYY FineReader 6.0 Sprint (HKLM\...\{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}) (Version: 6.00.1395.4512 - ABBYY Software House)
Active@ Hard Disk Monitor (HKLM\...\{CC5C266E-83E8-43B5-A387-E001E0AD1795}) (Version: 1.2.650 - LSoft Technologies Inc)
Active@ ISO Burner 3.0 (HKLM\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
Ad-Aware (HKLM\...\Ad-Aware) (Version:  - Lavasoft)
Ad-Aware (Version: 8.0.0 - Lavasoft) Hidden
Adebis Photo Sorter 1.0 (HKLM\...\Adebis Photo Sorter_is1) (Version:  - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.4.402.278 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.4.402.265 - Adobe Systems Incorporated)
Adobe Reader 7.0 (HKLM\...\{AC76BA86-7AD7-1033-7B44-A70000000000}) (Version: 7.0.0 - Adobe Systems Incorporated)
Advanced Outlook Express Repair v2.1 (HKLM\...\Advanced Outlook Express Repair v2.1) (Version:  - )
Agent Ransack 2010 (HKLM\...\Agent Ransack_is1) (Version:  - )
Aid4Mail2 (Remove only) (HKLM\...\Aid4Mail2_is1) (Version: 2.5.0.108 - Fookes Holding Ltd)
Altysoft Free DVD 2.0 (HKLM\...\{8A5F87F6-D2DA-4058-9891-60A7950C9E96}_is1) (Version:  - Altysoft, Inc.)
AnVir Task Manager (HKLM\...\AnVir Task Manager) (Version: 6.1.0 - AnVir Software)
Any Video Converter 2.7.6 (HKLM\...\Any Video Converter_is1) (Version:  - Any-Video-Converter.com)
Apple Software Update (HKLM\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
ArcSoft Software Suite (HKLM\...\{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}) (Version:  - )
ATT-PRT22 (HKLM\...\ATT-PRT22) (Version:  - )
ATT-RC Self Support Tool (HKLM\...\ATT-RC) (Version:  - )
Attribute Changer 5.23 (HKLM\...\Attribute Changer) (Version: 5.23 - Romain Petges)
Audacity 1.2.3 (HKLM\...\Audacity_is1) (Version:  - )
Auslogics Duplicate File Finder (HKLM\...\{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1) (Version: 2.4 - Auslogics Software Pty Ltd)
AVG 2012 (HKLM\...\AVG) (Version: 2012.0.2221 - AVG Technologies)
AVG 2012 (Version: 12.0.2221 - AVG Technologies) Hidden
AVG 2012 (Version: 12.0.2441 - AVG Technologies) Hidden
Awesome Duplicate Photo Finder v. 1.0.1 (HKLM\...\Awesome Duplicate Photo Finder_is1) (Version:  - Duplicate-Finder.com)
Belarc Advisor 7.2 (HKLM\...\Belarc Advisor) (Version:  - )
Bing Maps 3D (HKLM\...\{2D87E961-577B-492B-AD54-1368680FB9A7}) (Version: 4.0.903.16005 - Microsoft Corporation)
BPD_HPSU (Version: 1.00.0000 - Hewlett-Packard) Hidden
BPD_Scan (Version: 2.00.0000 - Hewlett-Packard) Hidden
BPDfax (Version: 70.0.184.000 - Hewlett-Packard) Hidden
BPDSoftware (Version: 50.0.165.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (Version: 1.00.0000 - Hewlett-Packard) Hidden
Broadcom TPM Driver Installer (HKLM\...\{9576B4EE-5E87-4C14-AFCE-2F6FC2B276B8}) (Version: 9.01.02 - Broadcom Corporation)
Brother MFL-Pro Suite MFC-J6710DW (HKLM\...\{17795164-3BC1-4D4F-8ADA-65C895EBFC9A}) (Version: 1.0.27.0 - Brother Industries, Ltd.)
BufferChm (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Burn4Free CD and DVD (HKLM\...\Burn4Free) (Version:  - )
CamStudio (HKLM\...\CamStudio) (Version:  - )
Canon MP Drivers (HKLM\...\{58F8C6D9-5B55-486A-A322-4E8D87670031}) (Version:  - )
CCleaner (remove only) (HKLM\...\CCleaner) (Version:  - Piriform)
CDex extraction audio (HKLM\...\CDex) (Version:  - )
CodeStuff Starter (HKLM\...\CodeStuff Starter) (Version:  - )
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated)
CutePDF Writer 2.7 (HKLM\...\CutePDF Writer Installation) (Version:  - )
Destinations (Version: 70.0.170.000 - Hewlett-Packard) Hidden
DeviceManagementQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
DISKdata (HKLM\...\DISKdata) (Version:  - )
DivX Setup (HKLM\...\DivX Setup) (Version: 2.6.1.9 - DivX, LLC)
DocProc (Version: 7.0.0.0 - Hewlett-Packard) Hidden
DocProcQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Dupe Remover for Outlook Express and Windows Mail version 3.5 (HKLM\...\{B262EDF7-B16C-447E-B203-FAD286B61F90}_is1) (Version: 3.5 - Topalt.com)
DVDx 2 (HKLM\...\{4EC8B911-98AB-4819-B5EE-D32E8A0A8AAA}_is1) (Version: 2.20 - labDV®)
EASEUS Partition Master 4.1.1 Professional (HKLM\...\EASEUS Partition Master Professional Edition_is1) (Version:  - EASEUS)
Easy CD Creator 5 Platinum (HKLM\...\{8851E12C-0EF9-11D4-A788-009027ABA5D0}) (Version: 5.0.0.0000 - Roxio Inc)
Easy Duplicate Finder v. 2.2.1 (HKLM\...\Easy Duplicate Finder_is1) (Version:  - EasyDuplicateFinder.com)
Easy Video Splitter 1.28 (HKLM\...\Easy Video Splitter_is1) (Version:  - DoEasier Tech Inc)
eBay Icon (HKLM\...\eBay Icon) (Version: 1.0 - AD ON Multimedia Advertising GmbH)
Epson Copy Utility 3.5 (HKLM\...\{AA72FB28-73B4-49E5-B6B4-E78F44BBD0AD}) (Version: 3.5.0.0 - )
Epson Event Manager (HKLM\...\{48F22622-1CC2-4A83-9C1E-644DD96F832D}) (Version: 2.30.01 - SEIKO EPSON Corporation)
EPSON Perfection V500 Photo Scanner Driver Update (HKLM\...\{25653817-9502-41A5-A24D-FED750611E98}) (Version:  - )
EPSON Perfection V500P User's Guide (HKLM\...\Silent Package Run-Time Sample) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - )
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
eSupportQFolder (Version: 1.00.0000 - Hewlett-Packard) Hidden
Eudora Converter (HKLM\...\Eudora Converter_is1) (Version:  - )
Eudora OSE (1.0) (HKLM\...\Eudora OSE (1.0)) (Version: 1.0 (en-US) - Mozilla)
Extra CD DVD Ripper 6.49 (HKLM\...\Extra CD DVD Ripper_is1) (Version:  - Extra Software, Inc.)
File & Folder Lister 2.00 (HKLM\...\File & Folder Lister_is1) (Version:  - TriSun Software Inc.)
Folder Marker v 1.4 (HKLM\...\Folder Marker_is1) (Version: 1.4 - ArcticLine Software)
Free Mp3 Wma Converter V 1.8.0 (HKLM\...\Free Mp3 Wma Converter_is1) (Version:  - )
Free Sound Recorder v9.3.1 (HKLM\...\Free Sound Recorder_is1) (Version:  - Copyright© 2005-2012 FreeSoundRecorder Technologies, Inc.)
Google Earth (HKLM\...\{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}) (Version: 4.3.7284.3916 - Google)
Google Quick Search Box (HKLM\...\Quick Search Box) (Version: 1.2.1151.245 - Google, Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
HP Imaging Device Functions 7.0 (HKLM\...\HP Imaging Device Functions) (Version: 7.0 - HP)
HP Officejet All-In-One Series (HKLM\...\HP Officejet All-In-One Series) (Version: 1.0 - HP)
HP Photosmart Essential (HKLM\...\{6994491D-D491-48F1-AE1F-E179C1FFFC2F}) (Version: 1.9.1.3 - HP)
HP Product Assistant (Version: 100.000.001.000 - Hewlett-Packard) Hidden
HP Solution Center 7.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 7.0 - HP)
HPProductAssistant (Version: 70.0.170.000 - Hewlett-Packard) Hidden
IMAPSize 0.3.7 (HKLM\...\IMAPSize_is1) (Version:  - Broobles)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.4.2.0 - LIGHTNING UK!)
Indeo® Software (HKLM\...\Indeo® Software) (Version:  - )
Inpaint 2.0 (HKLM\...\{30283233-3BE6-473D-A47C-ED964A2F78B4}_is1) (Version:  - Teorex)
Intel® Graphics Media Accelerator Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4497 - )
IrfanView (remove only) (HKLM\...\IrfanView) (Version:  - )
J5700 (Version: 50.0.165.000 - Hewlett-Packard) Hidden
Java 6 Update 14 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216014FF}) (Version: 6.0.140 - Sun Microsystems, Inc.)
Karen's Computer Profiler (HKLM\...\Karen's Computer Profiler) (Version: 2.5.0.3 - Karen Kenworthy)
KC Softwares VideoInspector (HKLM\...\KC Softwares VideoInspector_is1) (Version:  - KC Softwares)
Kingsoft PC Doctor 3.7.0.47  (HKLM\...\Kingsoft PC Doctor) (Version: 3.7.0.47  - Kingsoft PC Doctor)
LimeWire 4.18.8 (HKLM\...\LimeWire) (Version: 4.18.8 - Lime Wire, LLC)
LiveUpdate 1.90 (Symantec Corporation) (HKLM\...\LiveUpdate) (Version: 1.90.15.0 - Symantec Corporation)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.0.207.4 - McAfee, Inc.)
Media Player Codec Pack 3.6.0 (HKLM\...\Media Player - Codec Pack) (Version:  - Media Player Codec Pack) <==== ATTENTION
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 2.0 (HKLM\...\Microsoft .NET Framework 2.0) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 2.0 (Version: 2.0.50727 - Microsoft Corporation) Hidden
Microsoft Office Converter Pack (HKLM\...\{6EECB283-E65F-40EF-86D3-D51BF02A8D43}) (Version: 11.0.0.0 - Microsoft Corporation - Office Resource Kit Group)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.5614.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Mozilla Firefox 16.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 16.0.1 (x86 en-US)) (Version: 16.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 16.0.1 - Mozilla)
MP3 Boss (HKLM\...\MP3 Boss) (Version:  - )
MP3Boss (HKLM\...\MP3Boss) (Version:  - )
MPower Version 1.2 (HKLM\...\MPower Version 1.2_is1) (Version:  - )
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
NirSoft SysExporter (HKLM\...\NirSoft SysExporter) (Version:  - )
Nuance PaperPort 12 (HKLM\...\{6C0A559F-8583-4B5A-8B50-20BEE15D8E64}) (Version: 12.1.0000 - Nuance Communications, Inc.)
Nuance PDF Viewer Plus (HKLM\...\{28656860-4728-433C-8AD4-D1A930437BC8}) (Version: 5.30.3290 - Nuance Communications, Inc)
OCR Software by I.R.I.S 7.0 (HKLM\...\HPOCR) (Version: 7.0 - HP)
Octoshape add-in for Adobe Flash Player (HKCU\...\Octoshape add-in for Adobe Flash Player) (Version:  - )
Outlook Express Quick Backup (HKLM\...\ST6UNST #1) (Version:  - )
Paint Shop Pro 7 Anniversary Edition (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
PaperPort Image Printer (HKLM\...\{6EF2FDAB-7FBF-4AB9-92CD-594BDDB6A56B}) (Version: 1.00.0001 - Nuance Communications, Inc.)
Paragon Drive Backup™ 9 Professional (HKLM\...\{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}) (Version: 90.00.0003 - Paragon Software)
PCVITA Outlook Magic v3.1 (HKLM\...\{ECEB18DA-A736-4681-B6C9-1DE3CA159543}_is1) (Version:  - PCVITA)
PDF to Word 3 (HKLM\...\PDF to Word 3) (Version:  - )
Peck's Power Join (HKLM\...\ST4UNST #1) (Version:  - )
Phelix 1.0.0 (HKLM\...\Phelix 1.0.0) (Version:  - Phonome Labs)
Pinnacle Bender 32-bit (HKLM\...\{92A63804-501A-44B2-8EC3-8B8DFA2E97B2}) (Version: 2.0.19 - Pinnacle Systems)
Pinnacle Instant DVD Recorder (HKLM\...\{EF781A5C-58F5-4BFD-87F9-E4F14D382F25}) (Version: 2.00.088 - )
ProductContext (Version: 50.0.165.000 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{C78EAC6F-7A73-452E-8134-DBB2165C5A68}) (Version: 7.62.14.0 - Apple Inc.)
Recover Data for Outlook Express (Trial Version) (HKLM\...\Recover Data for Outlook Express (Trial Version)_is1) (Version:  - Recover Data)
RecoveryFix for Outlook Express Evaluation ver 4.02.01 (HKLM\...\RecoveryFix for Outlook Express (Evaluation version)_is1) (Version:  - Chily Softech Pvt Ltd)
Scan (Version: 7.0.0.0 - Hewlett-Packard) Hidden
Scansoft PDF Professional (Version:  - ) Hidden
Seagate DiscWizard (HKLM\...\{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}) (Version: 13.0.14387 - Seagate)
Search Settings 1.2.2 (HKLM\...\{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}) (Version:  - Spigot, Inc.) <==== ATTENTION
Software Informer 1.0 BETA (HKLM\...\Software Informer_is1) (Version:  - Informer Technologies, Inc.)
SolutionCenter (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Sound Blaster Audigy (HKLM\...\{1B1DDAD2-C704-49F8-8FC2-18DAAD9A87C5}) (Version: 1.0 - )
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5410 - Analog Devices)
Status (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Studio 11 (HKLM\...\{110B1ADF-2EAE-4E8F-B501-D2A1E6D8ED9D}) (Version: 11.0 - Pinnacle Systems)
Studio 11 (Version: 11.0.0.0 - Pinnacle Systems) Hidden
SUPERAntiSpyware Free Edition (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.25.0.1012 - SUPERAntiSpyware.com)
Symantec Network Drivers Update (Version: 5.4.4.17 - Symantec Corporation) Hidden
SyncBack (HKLM\...\SyncBack_is1) (Version:  - 2BrightSparks)
SysTools Outlook Express Restore (HKLM\...\SysTools Outlook Express Restore - Demo Version_is1) (Version:  - )
Toolbox (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TrayApp (Version: 70.0.170.000 - Hewlett-Packard) Hidden
TreeSize Free V2.7 (HKLM\...\TreeSize Free_is1) (Version: 2.7 - JAM Software)
Uninstall 1.0.0.1 (HKLM\...\Uninstall_is1) (Version:  - )
Unlocker 1.8.8 (HKLM\...\Unlocker) (Version: 1.8.8 - Cedrick Collomb)
Update for Windows XP (KB932823-v3) (HKLM\...\KB932823-v3) (Version: 3 - Microsoft Corporation)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VLC media player 1.0.0 (HKLM\...\VLC media player) (Version: 1.0.0 - VideoLAN Team)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
WebReg (Version: 70.0.170.000 - Hewlett-Packard) Hidden
Winamp (remove only) (HKLM\...\Winamp) (Version:  - )
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
Windows Driver Package - Pinnacle Systems (BENDER) Media  (11/21/2005 2.0.19.0) (HKLM\...\4D5F871C34C0AB20CA5FCF9A9AC7409418F77328) (Version: 11/21/2005 2.0.19.0 - Pinnacle Systems)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format Runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Tools 4.0 (HKLM\...\Microsoft NetShow Tools 2.0) (Version:  - )
WinMerge 2.12.4 (HKLM\...\WinMerge_is1) (Version: 2.12.4 - Thingamahoochie Software)
WinUtilities 10.53 Free Edition (HKLM\...\{FC274982-5AAD-4C20-848D-4424A5043010}_is1) (Version:  - YL Computing, Inc)
WinX DVD Ripper Platinum 5.1 (HKLM\...\WinX DVD Ripper Platinum GOTD Special Edition_is1) (Version:  - Digiarty Software, Inc.)
Wondershare Photo Story Gold GAOTD Edition 3.4.2.0 (HKLM\...\Wondershare Photo Story Gold GAOTD Edition_is1) (Version: 3.4.2.0 - Wondershare Software Co.,Ltd.)
Xvid 1.2.2 final uninstall (HKLM\...\Xvid_is1) (Version: 1.2 - Xvid team (Koepi))
Yahoo! Desktop Login (Version: 1.00.0001 - Pinnacle Systems) Hidden
Zoner Photo Studio 14 (HKLM\...\ZonerPhotoStudio14_EN_is1) (Version: 14.0.1.7 - ZONER software)

==================== Restore Points  =========================

12-06-2014 11:55:21 System Checkpoint
13-06-2014 12:08:56 System Checkpoint
16-06-2014 01:23:18 System Checkpoint
17-06-2014 03:03:08 System Checkpoint
18-06-2014 16:18:33 System Checkpoint
19-06-2014 23:13:54 System Checkpoint
21-06-2014 15:52:38 System Checkpoint
22-06-2014 18:16:44 System Checkpoint

==================== Hosts content: ==========================

2001-08-23 08:00 - 2001-08-23 08:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job => C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\KsafeDelay.job => C:\Program Files\Kingsoft\PCDoctor\KSafeTray.exe
Task: C:\WINDOWS\Tasks\Symantec NetDetect.job => C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE

==================== Loaded Modules (whitelisted) =============

2009-03-09 15:06 - 2009-03-09 15:06 - 00212848 _____ () C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
2009-03-09 15:06 - 2009-03-09 15:06 - 01626976 _____ () C:\Program Files\Lavasoft\Ad-Aware\Resources.dll
2008-09-10 18:00 - 2008-09-10 18:00 - 00168960 _____ () C:\Program Files\Lavasoft\Ad-Aware\unrar.dll
2009-06-17 07:06 - 2007-07-12 22:33 - 00087552 _____ () C:\WINDOWS\system32\cpwmon2k.dll
2009-01-10 18:15 - 2009-01-10 18:15 - 00159744 _____ () C:\WINDOWS\system32\mmfinfo.dll
2009-01-10 18:14 - 2009-01-10 18:14 - 00023552 _____ () C:\WINDOWS\system32\mkunicode.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:24721E3C
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:39413AC3
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:8EF7595F

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Lavasoft Ad-Aware Service => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== EXE Association (whitelisted) =============

==================== MSCONFIG/TASK MANAGER disabled items =========

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/21/2014 00:50:22 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2014/06/21 12:50:22.000]: [00003600]: Initialize TwdsMain Class failed!

Error: (06/21/2014 00:50:22 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2014/06/21 12:50:22.000]: [00003600]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (06/21/2014 00:48:42 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2014/06/21 12:48:42.046]: [00003516]: Initialize TwdsMain Class failed!

Error: (06/21/2014 00:48:42 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2014/06/21 12:48:42.046]: [00003516]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (06/21/2014 00:33:58 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2014/06/21 12:33:58.984]: [00002196]: Initialize TwdsMain Class failed!

Error: (06/21/2014 00:33:58 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWN BrtTWN: [2014/06/21 12:33:58.984]: [00002196]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (06/12/2014 00:45:43 PM) (Source: Userenv) (EventID: 1512) (User: NT AUTHORITY)
Description: Windows cannot unload your registry file. The memory used by the registry has not been freed. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. If this problem persists, contact your administrator. 

DETAIL - The file or directory is corrupted and unreadable.

Error: (06/12/2014 08:27:45 AM) (Source: Ci) (EventID: 4126) (User: )
Description: Cleaning up corrupt content index metadata on e:\system volume information\catalog.wci. Index will
 be automatically restored by refiltering all documents.

Error: (06/12/2014 07:18:39 AM) (Source: Ci) (EventID: 4124) (User: )
Description: Content index on e:\system volume information\catalog.wci is corrupt. Please shutdown and restart
the Indexing Service (cisvc).

Error: (06/11/2014 10:57:04 PM) (Source: Ci) (EventID: 4126) (User: )
Description: Cleaning up corrupt content index metadata on e:\system volume information\catalog.wci. Index will
 be automatically restored by refiltering all documents.

System errors:
=============
Error: (06/23/2014 11:02:31 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (06/23/2014 11:01:53 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213660 (0xE001CA1C).

Error: (06/23/2014 10:24:41 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213660 (0xE001CA1C).

Error: (06/23/2014 09:08:11 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (06/23/2014 09:07:24 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213660 (0xE001CA1C).

Error: (06/22/2014 08:25:44 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (06/22/2014 08:25:13 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213660 (0xE001CA1C).

Error: (06/21/2014 06:05:01 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (06/21/2014 06:04:23 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213660 (0xE001CA1C).

Error: (06/21/2014 09:59:17 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: The AVGIDSAgent service terminated with service-specific error 3758213660 (0xE001CA1C).

Microsoft Office Sessions:
=========================
Error: (06/21/2014 00:50:22 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2014/06/21 12:50:22.000]: [00003600]: Initialize TwdsMain Class failed!

Error: (06/21/2014 00:50:22 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2014/06/21 12:50:22.000]: [00003600]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (06/21/2014 00:48:42 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2014/06/21 12:48:42.046]: [00003516]: Initialize TwdsMain Class failed!

Error: (06/21/2014 00:48:42 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2014/06/21 12:48:42.046]: [00003516]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (06/21/2014 00:33:58 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2014/06/21 12:33:58.984]: [00002196]: Initialize TwdsMain Class failed!

Error: (06/21/2014 00:33:58 PM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: TWNBrtTWN: [2014/06/21 12:33:58.984]: [00002196]: ##### Fatal ERROR!! Create STI-device failed! #####

Error: (06/12/2014 00:45:43 PM) (Source: Userenv) (EventID: 1512) (User: NT AUTHORITY)
Description: The file or directory is corrupted and unreadable.

Error: (06/12/2014 08:27:45 AM) (Source: Ci) (EventID: 4126) (User: )
Description: e:\system volume information\catalog.wci

Error: (06/12/2014 07:18:39 AM) (Source: Ci) (EventID: 4124) (User: )
Description: e:\system volume information\catalog.wci

Error: (06/11/2014 10:57:04 PM) (Source: Ci) (EventID: 4126) (User: )
Description: e:\system volume information\catalog.wci

==================== Memory info ===========================

Percentage of memory in use: 55%
Total physical RAM: 1014.48 MB
Available physical RAM: 452.94 MB
Total Pagefile: 2440.84 MB
Available Pagefile: 1945.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1924.29 MB

==================== Drives ================================

Drive c: (80A - XP 10.20.12 (24GB)) (Fixed) (Total:24.41 GB) (Free:10.42 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (61A - XP 10.20.12 (21GB)) (Fixed) (Total:21 GB) (Free:4.63 GB) NTFS
Drive f: (61D - xx (312GB)) (Fixed) (Total:312.8 GB) (Free:306.66 GB) NTFS
Drive i: (61E - BU ADDS (178GB)) (Fixed) (Total:178.71 GB) (Free:0.49 GB) NTFS
Drive l: (80B - BU PROJ 03.21.14 (1.27TB)) (Fixed) (Total:1310.68 GB) (Free:7.16 GB) NTFS
Drive m: (80C - BU MP3 03.06.14 (326GB)) (Fixed) (Total:327 GB) (Free:4.33 GB) NTFS
Drive n: (80D - BU PIXDOCS (200GB)) (Fixed) (Total:200.93 GB) (Free:1.76 GB) NTFS
Drive p: (61B - >>>>ACTIVE (288GB)) (Fixed) (Total:289 GB) (Free:5.77 GB) NTFS
Drive q: (61C - xx (129GB)) (Fixed) (Total:130 GB) (Free:114.28 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: BB3B48A5)
Partition 1: (Active) - (Size=24 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-224832676352) - (Type=05)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 81E00CE7)
Partition 1: (Active) - (Size=21 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=911 GB) - (Type=OF Extended)

==================== End Of Log ============================

Link to post
Share on other sites

Not seeing much.

Have you scanned that drive with Malwarebytes, if not please do so...you'll have to do a custom scan.

I see you have several restore points created, have you tried using system restore??

I see you have ERUNT installed and creating a registry backup everyday:

Startup: C:\Documents and Settings\Gerry\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk

We could restore the registry to before the infection took place.

Let me know...MrC

Link to post
Share on other sites

Mr C:

Thanks for the response. Malware Scan for that drive was done.

 

In a classical case of the horse having left the barn, all restore points and registry backups were done after the infection, 

 

Any other ideas? 

 

Thanks again.

 

Gerry    

Link to post
Share on other sites

Mr C,

Thanks for your continued support. Current status:

- Could not get to Command Prompt. Boot on infected drive loops.

- Tried " known good start" for kicks. No change. Boot also loops.

- Selected "Disable Auto Restart." That actually prevented the reboot loop (a Microsoft module actually did what the name implied!!)and stopped with a blue screen: It showed "Missing USER32.DLL module"

- Copied "Missing USER32.DLL" module from working hard drive. I believe the Kapersky "UNLOCKER" may have removes this module along with one other one which I can't remember. I seem to remember reading that this virus changes one of the system modules. If I could remember the other module affected by UNLOCKER, I would have copied that as well.

- Infected system boot sequence then booted through XP progress bar, but now hangs after an hour glass, but before the welcome screen.

- Still unable to get to command prompt, but ran checkdsk from working system on the infected drive. All clean - twice.

Thanks again for your help. Any other suggestions?

Link to post
Share on other sites

I believe Kas will atually replace the patched file if it's found and so will Hitman Pro:

http://hitmanpro.wordpress.com/2014/06/13/ransomware-infecting-user32-dll/

Your scans shows that it's present:

C:\WINDOWS\system32\User32.dll => File is digitally signed

Is there any way to run another scan with FRST?????

You're sure you placed the user32.dll in the correct spot??

Do you have the Recovery Console installed on this computer???

MrC

Link to post
Share on other sites

Late Saturday night report:

- Ran Kabersky again. Looks like it changes 3 registry entries, not the user32.dll module as I had imagined.

- Tried to run kickstart from a 16GB thumb drive. It just hung, even on the good system. It calls for 32 GB, but loaded ok onto the thumb drive and no warnings were issued. 

- Ran FRST again (see below). Thinking about user32.dll mystery, I am now wondering if the data reflects the good drive. Remember I couldn't  run it  directly, so I put the EXE file on the infected drive (E:) but executed it with the XP loaded from the good drive (C:). The report says "running from E:" which is certainly true, but the data may be describing the master drive where the currently working operating systen resides. The FRST report identifies the OS as XP SP2, which is the good version. The infected version is SP 3 and is located on drive E.

- I don't know how to tell if I have a "Recovery Console" installed.

 

Thanks again.

 

Gerry     

    

 

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:28-06-2014 02
Ran by Gerry (administrator) on IBMPC on 29-06-2014 02:43:18
Running from E:\
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2012\avgwdsvc.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(Nuance Communications, Inc.) C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Seagate) C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Lavasoft) C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe
(Microsoft Corporation) C:\Program Files\Outlook Express\msimn.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2009-05-26] (Apple Inc.)
Winlogon\Notify\!SASWinLogon: C:\Program Files\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
Startup: C:\Documents and Settings\Gerry\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
ShortcutTarget: ERUNT AutoBackup.lnk -> C:\Program Files\ERUNT Registry BU\AUTOBACK.EXE ()
HKLM\...\AppCertDlls: [rasplace] -> C:\WINDOWS\system32\igfxexec.dll
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restartlsdelete

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKCU - SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
SearchScopes: HKCU - {91EBC6E5-4330-4CE2-844D-B2E7C1228DDE} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=667323&p={searchTerms}
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: PlusIEEventHelper Class - {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SearchSettings Class - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s2.work4sure.com/c/ge/w4sgeen9.exe
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1350787723968
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15108/CTPID.cab
Handler: AutorunsDisabled\belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: AutorunsDisabled\linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
Filter: text/html - {161e2552-9334-4002-bb72-ffe13ad9460b} -  No File
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Gerry\Application Data\Mozilla\Firefox\Profiles\xcmy4qn3.default
FF Homepage: hxxp://www.cnn.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files\Virtual Earth 3D\ ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-08-20]
FF HKLM\...\Firefox\Extensions: [{F53C93F1-07D5-430c-86D4-C9531B27DFAF}] - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack
FF Extension: AVG Do Not Track - C:\Program Files\AVG\AVG2012\Firefox\DoNotTrack [2012-08-29]

========================== Services (Whitelisted) =================

S2 AVGIDSAgent; C:\Program Files\AVG\AVG2012\avgidsagent.exe [5167736 2012-08-13] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [193288 2012-02-14] (AVG Technologies CZ, s.r.o.)
S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [106248 2014-06-29] (SurfRight B.V.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [152984 2009-06-21] (Sun Microsystems, Inc.)
S4 KSafeSvc; C:\Program files\Kingsoft\PCDoctor\KSafeSvc.exe [290720 2012-04-10] (Kingsoft Corporation)
R2 Lavasoft Ad-Aware Service; C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe [951632 2009-03-09] (Lavasoft)
S3 McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [303104 2008-04-08] (Motive Communications, Inc.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.0.207\McCHSvc.exe [237008 2011-06-17] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\WINDOWS\System32\HPZinw12.dll [44032 2008-07-18] (Hewlett-Packard) [File not signed]
S2 PCLEPCI; C:\WINDOWS\system32\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]
R2 PDFProFiltSrvPP; C:\Program Files\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-09] (Nuance Communications, Inc.)
R2 Pml Driver HPZ12; C:\WINDOWS\System32\HPZipm12.dll [53760 2008-07-18] (Hewlett-Packard) [File not signed]
R2 SgtSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [845808 2011-06-30] (Seagate)
S3 SNDSrvc; C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe [206552 2005-01-21] (Symantec Corporation)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2004-08-03] (Microsoft Corporation)
S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1759584 2010-09-30] (Atheros Communications, Inc.)
R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [17005 2003-05-28] (Adaptec) [File not signed]
R3 AVGIDSDriver; C:\WINDOWS\System32\DRIVERS\avgidsdriverx.sys [139856 2011-12-23] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilter; C:\WINDOWS\System32\DRIVERS\avgidsfilterx.sys [24144 2011-12-23] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [24896 2012-04-19] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSShim; C:\WINDOWS\System32\DRIVERS\avgidsshimx.sys [17232 2011-12-23] (AVG Technologies CZ, s.r.o. )
R1 Avgldx86; C:\WINDOWS\System32\DRIVERS\avgldx86.sys [237408 2012-07-26] (AVG Technologies CZ, s.r.o.)
R1 Avgmfx86; C:\WINDOWS\System32\DRIVERS\avgmfx86.sys [41040 2011-12-23] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\WINDOWS\System32\DRIVERS\avgrkx86.sys [31952 2012-01-31] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [301920 2012-08-24] (AVG Technologies CZ, s.r.o.)
R1 BANTExt; C:\WINDOWS\System32\Drivers\BANTExt.sys [3840 2008-02-27] () [File not signed]
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2010-03-15] (Brother Industries Ltd.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2004-08-03] (Microsoft Corporation)
R1 Cdr4_xp; C:\WINDOWS\system32\Drivers\Cdr4_xp.sys [9336 2007-03-07] (Sonic Solutions)
R1 Cdralw2k; C:\WINDOWS\system32\Drivers\Cdralw2k.sys [9464 2007-03-07] (Sonic Solutions)
R1 cdudf_xp; C:\WINDOWS\system32\Drivers\cdudf_xp.sys [241280 2009-06-23] (Roxio) [File not signed]
R3 cmuda3; C:\WINDOWS\System32\drivers\cmudax3.sys [1516672 2009-06-19] (C-Media Inc)
R3 dvd_2K; C:\WINDOWS\system32\Drivers\dvd_2K.sys [25930 2009-06-23] (Roxio) [File not signed]
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [13192 2009-08-26] () [File not signed]
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [8456 2009-09-16] () [File not signed]
R0 hotcore3; C:\WINDOWS\System32\DRIVERS\hotcore3.sys [40496 2008-12-13] (Paragon Software Group)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2005-10-20] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2005-10-20] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2005-10-20] (HP)
R0 Lbd; C:\WINDOWS\System32\DRIVERS\Lbd.sys [64160 2009-03-09] (Lavasoft AB)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2007-01-04] (Pinnacle Systems GmbH) [File not signed]
S3 mmc_2K; C:\WINDOWS\system32\Drivers\mmc_2K.sys [30662 2009-06-23] (Roxio) [File not signed]
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2009-01-26] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2004-08-04] (Microsoft Corporation)
S3 P17; C:\WINDOWS\System32\drivers\P17.sys [1389056 2005-07-07] (Creative Technology Ltd.)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-09-19] (Padus, Inc.) [File not signed]
R1 pwd_2K; C:\WINDOWS\system32\Drivers\pwd_2K.sys [144250 2009-06-23] (Roxio) [File not signed]
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [8944 2009-01-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]
S3 SASENUM; C:\Program Files\SUPERAntiSpyware\SASENUM.SYS [7408 2009-01-15] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys [55024 2009-01-15] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [File not signed]
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-07-17] ()
R3 SymEvent; C:\Program Files\Symantec\SYMEVENT.SYS [82136 2003-12-16] (Symantec Corporation)
S3 SYMREDRV; C:\WINDOWS\system32\Drivers\SYMREDRV.SYS [26424 2005-01-21] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\SYMTDI.SYS [267384 2005-01-21] (Symantec Corporation)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44384 2009-06-17] (Acronis)
R1 Udfreadr_xp; C:\WINDOWS\system32\Drivers\Udfreadr_xp.sys [206464 2009-06-23] (Roxio) [File not signed]
R1 UimBus; C:\WINDOWS\System32\DRIVERS\UimBus.sys [32056 2008-12-13] (Windows ® 2000 DDK provider)
R1 Uim_IM; C:\WINDOWS\System32\Drivers\Uim_IM.sys [129896 2008-12-13] (Paragon)
R0 vididr; C:\WINDOWS\System32\DRIVERS\vididr.sys [125472 2012-09-06] (Acronis)
R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [83392 2012-09-06] (Acronis)
S4 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S4 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96256 2004-08-03] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\File Unlocker\UnlockerDriver5.sys [4096 2009-10-26] () [File not signed]
U1 WS2IFSL;
S3 zlportio; \??\J:\_____DOWNLOADS\__SELECTED DOWNLOADS 03.05.04\DRIVER WIZARD - Good for set up\zlportio.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-06-29 00:29 - 2014-06-29 00:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-06-29 00:18 - 2014-06-29 00:18 - 00003366 _____ () C:\WINDOWS\system32\.crusader
2014-06-29 00:02 - 2014-06-29 00:29 - 00001634 _____ () C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2014-06-29 00:02 - 2014-06-29 00:02 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-29 00:01 - 2014-06-29 00:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-06-27 06:37 - 2014-06-27 06:37 - 00000997 _____ () C:\Documents and Settings\Gerry\Start Menu\Programs\iLivid.lnk
2014-06-27 06:37 - 2014-06-27 06:37 - 00000991 _____ () C:\Documents and Settings\Gerry\Desktop\iLivid.lnk
2014-06-24 14:24 - 2014-06-24 14:24 - 00000870 _____ () C:\Documents and Settings\Gerry\Desktop\SyncBack.lnk
2014-06-23 23:31 - 2014-06-29 00:18 - 00000000 ____D () C:\Documents and Settings\Gerry\Local Settings\Application Data\iLivid
2014-06-23 17:14 - 2014-06-23 17:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-23 16:05 - 2014-06-23 16:05 - 00000800 _____ () C:\Documents and Settings\Gerry\Desktop\__ACCESS PW 05.15.14.xls.lnk
2014-06-22 23:49 - 2014-06-23 01:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Active@ ISO Burner
2014-06-22 23:49 - 2014-06-22 23:49 - 00000000 ____D () C:\Program Files\ISO BURNER - LSoft Technologies
2014-06-18 21:34 - 2014-06-18 21:35 - 00002416 _____ () C:\Documents and Settings\Gerry\Desktop\Rkill.txt
2014-06-16 03:14 - 2014-06-16 03:14 - 00000293 _____ () C:\WINDOWS\wmsetup.log
2014-06-12 14:46 - 2014-06-29 02:43 - 00000000 ____D () C:\FRST
2014-06-12 12:57 - 2014-06-12 12:57 - 00000885 _____ () C:\Documents and Settings\Gerry\Desktop\Creatr50.exe.lnk
2014-06-12 12:45 - 2014-06-12 12:45 - 00221408 _____ (Adaptec) C:\WINDOWS\system32\Drivers\cdudf.sys
2014-06-12 12:45 - 2014-06-12 12:45 - 00045056 _____ (Adaptec) C:\WINDOWS\system32\cdr4dll.dll
2014-06-12 12:25 - 2014-06-12 12:35 - 00000000 ____D () C:\Program Files\Registrar Registry Manager
2014-06-12 08:20 - 2014-06-12 08:20 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-06-12 07:15 - 2014-06-12 07:15 - 00030584 _____ () C:\Documents and Settings\Gerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-12 06:51 - 2014-06-12 06:52 - 00000000 ____D () C:\Program Files\ERUNT Registry BU
2014-06-12 06:51 - 2014-06-12 06:51 - 00000699 _____ () C:\Documents and Settings\Gerry\Desktop\NTREGOPT.lnk
2014-06-12 06:51 - 2014-06-12 06:51 - 00000680 _____ () C:\Documents and Settings\Gerry\Desktop\ERUNT.lnk
2014-06-12 06:51 - 2014-06-12 06:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-06-12 00:19 - 2014-06-25 21:03 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-12 00:18 - 2014-06-12 00:18 - 00000801 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-12 00:18 - 2014-06-12 00:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-12 00:18 - 2014-06-12 00:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-06-12 00:18 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-06-12 00:18 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

==================== One Month Modified Files and Folders =======

2014-06-29 02:43 - 2014-06-12 14:46 - 00000000 ____D () C:\FRST
2014-06-29 02:43 - 2009-06-16 23:44 - 00000000 ____D () C:\Documents and Settings\Gerry\Local Settings\Temp
2014-06-29 02:32 - 2009-06-17 06:58 - 00435431 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-29 02:31 - 2009-08-02 21:08 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-29 02:31 - 2009-08-02 21:08 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-29 02:30 - 2009-06-16 19:23 - 00474832 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-06-29 02:26 - 2012-10-20 00:06 - 00014408 _____ () C:\aaw7boot.log
2014-06-29 02:26 - 2012-08-27 01:36 - 00000282 _____ () C:\WINDOWS\Tasks\KsafeDelay.job
2014-06-29 02:26 - 2009-08-16 00:25 - 00000000 __SHD () C:\WINDOWS\CSC
2014-06-29 02:26 - 2009-06-16 23:40 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-29 02:26 - 2009-06-16 19:24 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-29 02:26 - 2009-06-16 19:24 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-06-29 02:20 - 2009-06-16 23:44 - 00000278 ___SH () C:\Documents and Settings\Gerry\ntuser.ini
2014-06-29 02:20 - 2009-06-16 23:42 - 00032508 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-29 00:29 - 2014-06-29 00:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\HitmanPro
2014-06-29 00:29 - 2014-06-29 00:02 - 00001634 _____ () C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk
2014-06-29 00:18 - 2014-06-29 00:18 - 00003366 _____ () C:\WINDOWS\system32\.crusader
2014-06-29 00:18 - 2014-06-29 00:01 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\HitmanPro
2014-06-29 00:18 - 2014-06-23 23:31 - 00000000 ____D () C:\Documents and Settings\Gerry\Local Settings\Application Data\iLivid
2014-06-29 00:09 - 2009-06-16 23:44 - 00000000 ____D () C:\Documents and Settings\Gerry
2014-06-29 00:02 - 2014-06-29 00:02 - 00000000 ____D () C:\Program Files\HitmanPro
2014-06-29 00:01 - 2012-10-21 01:32 - 00222922 _____ () C:\WINDOWS\setupapi.log
2014-06-27 22:39 - 2012-10-19 22:40 - 00000472 _____ () C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
2014-06-27 06:37 - 2014-06-27 06:37 - 00000997 _____ () C:\Documents and Settings\Gerry\Start Menu\Programs\iLivid.lnk
2014-06-27 06:37 - 2014-06-27 06:37 - 00000991 _____ () C:\Documents and Settings\Gerry\Desktop\iLivid.lnk
2014-06-26 21:12 - 2012-08-01 08:30 - 00252288 ____R (Coupons, Inc.) C:\WINDOWS\system32\cpnprt2.cid
2014-06-26 21:11 - 2009-06-16 23:38 - 00000000 ____D () C:\Program Files\Outlook Express
2014-06-26 20:59 - 2012-08-20 16:01 - 00000026 _____ () C:\WINDOWS\Zone.Identifier
2014-06-25 21:03 - 2014-06-12 00:19 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-25 08:56 - 2009-06-18 17:33 - 00190976 _____ () C:\Documents and Settings\Gerry\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-24 14:51 - 2012-10-21 01:34 - 00000281 _____ () C:\WINDOWS\setupact.log
2014-06-24 14:24 - 2014-06-24 14:24 - 00000870 _____ () C:\Documents and Settings\Gerry\Desktop\SyncBack.lnk
2014-06-24 08:33 - 2012-10-19 22:04 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-23 17:15 - 2014-06-23 17:14 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-23 16:05 - 2014-06-23 16:05 - 00000800 _____ () C:\Documents and Settings\Gerry\Desktop\__ACCESS PW 05.15.14.xls.lnk
2014-06-23 10:47 - 2009-06-16 23:44 - 00001531 _____ () C:\Documents and Settings\Gerry\Desktop\Notepad.lnk
2014-06-23 09:07 - 2001-08-23 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-23 01:34 - 2014-06-22 23:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Active@ ISO Burner
2014-06-23 01:33 - 2009-09-18 17:35 - 00003054 _____ () C:\devicetable.log
2014-06-22 23:49 - 2014-06-22 23:49 - 00000000 ____D () C:\Program Files\ISO BURNER - LSoft Technologies
2014-06-21 12:53 - 2009-06-25 23:11 - 00000000 ____D () C:\Documents and Settings\Gerry\Application Data\Image Zone Express
2014-06-21 12:38 - 2009-06-25 23:23 - 00000000 ____D () C:\Documents and Settings\Gerry\My Documents\My Scans
2014-06-18 21:35 - 2014-06-18 21:34 - 00002416 _____ () C:\Documents and Settings\Gerry\Desktop\Rkill.txt
2014-06-18 21:16 - 2009-06-16 19:17 - 00000000 ____D () C:\WINDOWS\Help
2014-06-18 08:17 - 2009-06-17 07:33 - 00000000 ____D () C:\Documents and Settings\Gerry\Local Settings\Application Data\CutePDF Writer
2014-06-16 03:14 - 2014-06-16 03:14 - 00000293 _____ () C:\WINDOWS\wmsetup.log
2014-06-16 03:14 - 2009-06-16 23:44 - 00000816 _____ () C:\Documents and Settings\Gerry\Start Menu\Programs\Windows Media Player.lnk
2014-06-13 05:52 - 2009-06-16 19:17 - 00000000 ____D () C:\WINDOWS\security
2014-06-12 12:57 - 2014-06-12 12:57 - 00000885 _____ () C:\Documents and Settings\Gerry\Desktop\Creatr50.exe.lnk
2014-06-12 12:45 - 2014-06-12 12:45 - 00221408 _____ (Adaptec) C:\WINDOWS\system32\Drivers\cdudf.sys
2014-06-12 12:45 - 2014-06-12 12:45 - 00045056 _____ (Adaptec) C:\WINDOWS\system32\cdr4dll.dll
2014-06-12 12:35 - 2014-06-12 12:25 - 00000000 ____D () C:\Program Files\Registrar Registry Manager
2014-06-12 08:20 - 2014-06-12 08:20 - 00000000 ____D () C:\WINDOWS\ERDNT
2014-06-12 07:15 - 2014-06-12 07:15 - 00030584 _____ () C:\Documents and Settings\Gerry\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-12 06:52 - 2014-06-12 06:51 - 00000000 ____D () C:\Program Files\ERUNT Registry BU
2014-06-12 06:51 - 2014-06-12 06:51 - 00000699 _____ () C:\Documents and Settings\Gerry\Desktop\NTREGOPT.lnk
2014-06-12 06:51 - 2014-06-12 06:51 - 00000680 _____ () C:\Documents and Settings\Gerry\Desktop\ERUNT.lnk
2014-06-12 06:51 - 2014-06-12 06:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
2014-06-12 02:12 - 2009-09-13 14:53 - 00000000 ____D () C:\Program Files\Shared
2014-06-12 00:18 - 2014-06-12 00:18 - 00000801 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-12 00:18 - 2014-06-12 00:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-06-12 00:18 - 2014-06-12 00:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-06-11 22:43 - 2009-06-18 14:29 - 00000000 ____D () C:\Documents and Settings\Gerry\Local Settings\Application Data\Google
2014-06-11 22:19 - 2009-06-16 23:38 - 00000000 ____D () C:\WINDOWS\system32\Restore

Some content of TEMP:
====================
C:\Documents and Settings\Gerry\Local Settings\Temp\HitmanPro_x64.exe
C:\Documents and Settings\Gerry\Local Settings\Temp\Kickstarter.exe
C:\Documents and Settings\Gerry\Local Settings\Temp\MemorexLock.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.