Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
DOJ Ransom please help
Message
<blockquote data-quote="jofuss3232" data-source="post: 119392" data-attributes="member: 8033"><p>ult of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-05-2013 02</p><p>Ran by SYSTEM on 06-05-2013 12:51:44</p><p>Running from E:\</p><p>Microsoft Windows XP (X86) OS Language: English(US)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Recovery</p><p>The current controlset is ControlSet002</p><p><strong>ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.</strong></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg [x]</p><p>HKLM\...\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe [2670592 2010-02-03] (Dell Inc.)</p><p>HKLM\...\Run: [OA015Mon] C:\WINDOWS\OA015Mon.exe [24576 2009-12-08] (Creative Technology Ltd.)</p><p>HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [278528 2010-02-17] (Alps Electric Co., Ltd.)</p><p>HKLM\...\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [158592 2010-01-14] (Wave Systems Corp.)</p><p>HKLM\...\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [657920 2009-11-02] (Dell Inc.)</p><p>HKLM\...\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-14] (Broadcom Corporation)</p><p>HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-06-19] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248040 2010-02-18] (Sun Microsystems, Inc.)</p><p>HKLM\...\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey [136512 2008-03-14] (McAfee, Inc.)</p><p>HKLM\...\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [124240 2008-09-29] (McAfee, Inc.)</p><p>HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)</p><p>HKLM\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2780432 2009-05-08] ()</p><p>HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)</p><p>HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2011-04-14] (Apple Inc.)</p><p>HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [495708 2010-05-19] (IDT, Inc.)</p><p>HKLM\...\Run: [DisplaySwitch] "C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe" [137728 2013-05-03] (Hilgraeve, Inc.)</p><p>HKLM\...\Run: [ADBlocker] C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray [979816 2012-12-21] ()</p><p>HKLM\...\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe [1434984 2012-12-20] (Anvisoft)</p><p>HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]</p><p>HKLM\...\Winlogon: [System] </p><p>HKU\CMKUser\...\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [x]</p><p>HKU\Default User\...\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [x]</p><p>HKU\joe.dickman\...\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [x]</p><p>HKU\joe.dickman\...\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode [ 2010-08-27] (Logitech Inc.)</p><p>Lsa: [Authentication Packages] msv1_0</p><p>wvauth</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk</p><p>ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk</p><p>ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.6.lnk -> C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TdmNotify.lnk</p><p>ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.)</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk</p><p>ShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico ()</p><p>SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>S2 ADBlockerSrv; C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [279368 2012-11-13] ()</p><p>S2 asdsrv; C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [735592 2012-12-20] (Anvisoft)</p><p>S2 buttonsvc32; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [278304 2009-11-20] (Dell Inc.)</p><p>S2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.)</p><p>S2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812448 2009-12-17] (Broadcom Corporation)</p><p>S2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [27040 2009-12-17] (Broadcom Corporation)</p><p>S2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2009-01-13] (Cisco Systems, Inc.)</p><p>S2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] ()</p><p>S2 McAfeeEngineService; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [19456 2008-09-29] (McAfee, Inc.)</p><p>S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [103744 2008-03-14] (McAfee, Inc.)</p><p>S2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [143088 2008-09-29] (McAfee, Inc.)</p><p>S2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [62800 2008-09-29] (McAfee, Inc.)</p><p>S2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [67904 2008-09-29] (McAfee, Inc.)</p><p>S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2009-11-18] (Wave Systems Corp.)</p><p>S2 STacSV; C:\Program Files\IDT\WDM\stacsv.exe [245842 2010-05-19] (IDT, Inc.)</p><p>S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] ()</p><p>S2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1148264 2009-11-24] (Wave Systems Corp.)</p><p>S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2404352 2010-02-03] (Dell Inc.)</p><p>S4 HidServ; %SystemRoot%\System32\hidserv.dll [x]</p><p>S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics)</p><p>S3 AESTAud; C:\Windows\System32\drivers\AESTAud.sys [113664 2009-04-22] (Andrea Electronics Corporation)</p><p>S1 asdnet; C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\x86\asdnet.sys [15696 2012-09-07] ()</p><p>S1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [16208 2012-11-07] (Anvisoft)</p><p>S2 asdrs; C:\WINDOWS\system32\DRIVERS\asdrs.sys [22864 2012-11-07] (Anvisoft)</p><p>S2 asdws; C:\WINDOWS\system32\DRIVERS\asdws.sys [14160 2012-11-07] ()</p><p>S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [2696448 2010-02-03] (Broadcom Corporation)</p><p>S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)</p><p>S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)</p><p>S2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [306811 2009-01-13] (Cisco Systems, Inc.)</p><p>S3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-11-03] (Broadcom Corporation)</p><p>S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131856 2008-08-28] (Deterministic Networks, Inc.)</p><p>S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k5132.sys [167080 2009-12-10] (Intel Corporation)</p><p>S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [23832 2009-04-30] (Logitech Inc.)</p><p>S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider)</p><p>S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-03-08] (HP)</p><p>S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-03-08] (HP)</p><p>S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-03-08] (HP)</p><p>S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2009-04-30] ()</p><p>S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [39984 2011-05-29] (Malwarebytes Corporation)</p><p>S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [74648 2008-09-29] (McAfee, Inc.)</p><p>S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [90360 2008-09-29] (McAfee, Inc.)</p><p>S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [42424 2008-09-29] (McAfee, Inc.)</p><p>S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [340592 2008-09-29] (McAfee, Inc.)</p><p>S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [64432 2008-09-29] (McAfee, Inc.)</p><p>S1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [62704 2008-09-29] (McAfee, Inc.)</p><p>S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)</p><p>S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)</p><p>S3 OA015Afx; C:\WINDOWS\system32\Drivers\OA015Afx.sys [134144 2009-05-28] (Creative Technology Ltd.)</p><p>S3 OA015Vid; C:\Windows\System32\DRIVERS\OA015Vid.sys [273568 2009-12-08] (Creative Technology Ltd.)</p><p>S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc)</p><p>S2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-19] (REDC)</p><p>S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)</p><p>S0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics)</p><p>S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1660691 2010-05-19] (IDT, Inc.)</p><p>S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)</p><p>S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC)</p><p>S2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [214656 2010-01-14] (Wave Systems Corp.)</p><p>S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation)</p><p>S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)</p><p>S4 Abiosdsk; No ImagePath</p><p>S4 abp480n5; No ImagePath</p><p>S4 adpu160m; No ImagePath</p><p>S4 Aha154x; No ImagePath</p><p>S4 aic78u2; No ImagePath</p><p>S4 aic78xx; No ImagePath</p><p>S4 AliIde; No ImagePath</p><p>S4 amsint; No ImagePath</p><p>S4 asc; No ImagePath</p><p>S4 asc3350p; No ImagePath</p><p>S4 asc3550; No ImagePath</p><p>S4 Atdisk; No ImagePath</p><p>S4 cd20xrnt; No ImagePath</p><p>S1 Changer; No ImagePath</p><p>S4 CmdIde; No ImagePath</p><p>S4 Cpqarray; No ImagePath</p><p>S4 dac2w2k; No ImagePath</p><p>S4 dac960nt; No ImagePath</p><p>S4 dpti2o; No ImagePath</p><p>S0 fqfhruyy; System32\drivers\krhorans.sys [x]</p><p>S4 hpn; No ImagePath</p><p>S1 i2omgmt; No ImagePath</p><p>S4 i2omp; No ImagePath</p><p>S4 ini910u; No ImagePath</p><p>S4 IntelIde; No ImagePath</p><p>S1 lbrtfdc; No ImagePath</p><p>S4 mraid35x; No ImagePath</p><p>S1 PCIDump; No ImagePath</p><p>S3 PDCOMP; No ImagePath</p><p>S3 PDFRAME; No ImagePath</p><p>S3 PDRELI; No ImagePath</p><p>S3 PDRFRAME; No ImagePath</p><p>S4 perc2; No ImagePath</p><p>S4 perc2hib; No ImagePath</p><p>S4 ql1080; No ImagePath</p><p>S4 Ql10wnt; No ImagePath</p><p>S4 ql12160; No ImagePath</p><p>S4 ql1240; No ImagePath</p><p>S4 ql1280; No ImagePath</p><p>S4 Simbad; No ImagePath</p><p>S4 Sparrow; No ImagePath</p><p>S4 symc810; No ImagePath</p><p>S4 symc8xx; No ImagePath</p><p>S4 sym_hi; No ImagePath</p><p>S4 sym_u3; No ImagePath</p><p>S4 TosIde; No ImagePath</p><p>S4 ultra; No ImagePath</p><p>S4 ViaIde; No ImagePath</p><p>S3 WDICA; No ImagePath</p><p>S1 WS2IFSL; </p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-05-06 12:51 - 2013-05-06 12:51 - 00000000 ____D C:\FRST</p><p>2013-05-06 10:37 - 2013-05-06 10:37 - 00106496 ____A C:\Windows\Minidump\Mini050613-02.dmp</p><p>2013-05-06 09:29 - 2013-05-06 09:29 - 00106496 ____A C:\Windows\Minidump\Mini050613-01.dmp</p><p>2013-05-03 16:36 - 2013-05-03 16:36 - 00106496 ____A C:\Windows\Minidump\Mini050313-03.dmp</p><p>2013-05-03 16:31 - 2013-05-03 16:31 - 00001109 ____A C:\Documents and Settings\All Users\Desktop\Anvi AD Blocker.lnk</p><p>2013-05-03 16:31 - 2013-05-03 16:31 - 00000837 ____A C:\Documents and Settings\All Users\Desktop\Anvi Smart Defender.lnk</p><p>2013-05-03 16:31 - 2013-05-03 16:31 - 00000000 ____D C:\Program Files\Anvisoft</p><p>2013-05-03 16:31 - 2013-05-03 16:31 - 00000000 ____D C:\Documents and Settings\joe.dickman\Application Data\Anvisoft</p><p>2013-05-03 16:31 - 2013-05-03 16:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Anvisoft</p><p>2013-05-03 16:31 - 2012-11-07 03:16 - 00022864 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys</p><p>2013-05-03 16:31 - 2012-11-07 03:16 - 00016208 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys</p><p>2013-05-03 16:31 - 2012-11-07 03:16 - 00014160 ____A C:\Windows\System32\Drivers\asdws.sys</p><p>2013-05-03 16:29 - 2013-05-03 16:29 - 00106496 ____A C:\Windows\Minidump\Mini050313-02.dmp</p><p>2013-05-03 16:20 - 2013-05-03 16:21 - 29016792 ____A C:\asdsetup.exe</p><p>2013-05-03 16:19 - 2013-05-03 16:19 - 39321600 ____A C:\Windows\System32\config\software.bhv</p><p>2013-05-03 16:19 - 2013-05-03 16:19 - 08388608 ____A C:\Windows\System32\config\system.bhv</p><p>2013-05-03 16:19 - 2013-05-03 16:19 - 04980736 ____A C:\Windows\System32\config\default.bhv</p><p>2013-05-03 16:19 - 2013-05-03 16:19 - 00262144 ____A C:\Windows\System32\config\SECURITY.bhv</p><p>2013-05-03 16:19 - 2013-05-03 16:19 - 00028672 ____A C:\Windows\System32\config\SAM.bhv</p><p>2013-05-03 15:09 - 2013-05-03 15:09 - 00000000 ___AD C:\$Anvi Rescue Disk$</p><p>2013-05-03 13:25 - 2013-05-03 16:36 - 00000000 ____D C:\Windows\Minidump</p><p>2013-05-03 13:25 - 2013-05-03 13:25 - 00106496 ____A C:\Windows\Minidump\Mini050313-01.dmp</p><p>2013-05-03 13:15 - 2013-05-03 13:15 - 02250054 ____A C:\Documents and Settings\All Users\Application Data\1.bmp</p><p>2013-05-03 13:04 - 2013-05-03 13:04 - 00137728 ____A (Hilgraeve, Inc.) C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe</p><p>2013-04-13 14:16 - 2013-04-16 08:35 - 00000000 ____D C:\Program Files\Mozilla Firefox</p><p></p><p>==================== One Month Modified Files and Folders ========</p><p></p><p>2013-05-06 12:51 - 2013-05-06 12:51 - 00000000 ____D C:\FRST</p><p>2013-05-06 10:42 - 2013-01-11 09:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2013-05-06 10:42 - 2011-04-25 12:49 - 00514980 ____A C:\Windows\System32\PerfStringBackup.TMP</p><p>2013-05-06 10:42 - 2010-05-06 12:18 - 00032258 ___AH C:\Windows\SchedLgU.Txt</p><p>2013-05-06 10:38 - 2010-05-06 14:35 - 00000000 __SHD C:\Windows\CSC</p><p>2013-05-06 10:38 - 2010-05-06 05:25 - 00000048 ___AH C:\Windows\wiaservc.log</p><p>2013-05-06 10:37 - 2013-05-06 10:37 - 00106496 ____A C:\Windows\Minidump\Mini050613-02.dmp</p><p>2013-05-06 10:37 - 2010-05-06 12:18 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini</p><p>2013-05-06 10:37 - 2010-05-06 12:18 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-05-06 10:37 - 2010-05-06 12:11 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini</p><p>2013-05-06 10:36 - 2010-05-06 12:06 - 00496795 ___AH C:\Windows\WindowsUpdate.log</p><p>2013-05-06 10:35 - 2010-06-21 17:04 - 00000000 ____A C:\Documents and Settings\joe.dickman\Local Settings\Application Data\WavXMapDrive.bat</p><p>2013-05-06 10:34 - 2010-06-21 17:04 - 00000062 __ASH C:\Documents and Settings\joe.dickman\Local Settings\desktop.ini</p><p>2013-05-06 09:29 - 2013-05-06 09:29 - 00106496 ____A C:\Windows\Minidump\Mini050613-01.dmp</p><p>2013-05-06 09:29 - 2008-04-14 08:00 - 00002206 ___AH C:\Windows\System32\wpa.dbl</p><p>2013-05-03 16:36 - 2013-05-03 16:36 - 00106496 ____A C:\Windows\Minidump\Mini050313-03.dmp</p><p>2013-05-03 16:36 - 2013-05-03 13:25 - 00000000 ____D C:\Windows\Minidump</p><p>2013-05-03 16:31 - 2013-05-03 16:31 - 00001109 ____A C:\Documents and Settings\All Users\Desktop\Anvi AD Blocker.lnk</p><p>2013-05-03 16:31 - 2013-05-03 16:31 - 00000837 ____A C:\Documents and Settings\All Users\Desktop\Anvi Smart Defender.lnk</p><p>2013-05-03 16:31 - 2013-05-03 16:31 - 00000000 ____D C:\Program Files\Anvisoft</p><p>2013-05-03 16:31 - 2013-05-03 16:31 - 00000000 ____D C:\Documents and Settings\joe.dickman\Application Data\Anvisoft</p><p>2013-05-03 16:31 - 2013-05-03 16:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Anvisoft</p><p>2013-05-03 16:29 - 2013-05-03 16:29 - 00106496 ____A C:\Windows\Minidump\Mini050313-02.dmp</p><p>2013-05-03 16:21 - 2013-05-03 16:20 - 29016792 ____A C:\asdsetup.exe</p><p>2013-05-03 16:19 - 2013-05-03 16:19 - 39321600 ____A C:\Windows\System32\config\software.bhv</p><p>2013-05-03 16:19 - 2013-05-03 16:19 - 08388608 ____A C:\Windows\System32\config\system.bhv</p><p>2013-05-03 16:19 - 2013-05-03 16:19 - 04980736 ____A C:\Windows\System32\config\default.bhv</p><p>2013-05-03 16:19 - 2013-05-03 16:19 - 00262144 ____A C:\Windows\System32\config\SECURITY.bhv</p><p>2013-05-03 16:19 - 2013-05-03 16:19 - 00028672 ____A C:\Windows\System32\config\SAM.bhv</p><p>2013-05-03 15:09 - 2013-05-03 15:09 - 00000000 ___AD C:\$Anvi Rescue Disk$</p><p>2013-05-03 13:26 - 2010-06-21 17:04 - 00000178 ___SH C:\Documents and Settings\joe.dickman\ntuser.ini</p><p>2013-05-03 13:25 - 2013-05-03 13:25 - 00106496 ____A C:\Windows\Minidump\Mini050313-01.dmp</p><p>2013-05-03 13:22 - 2010-09-22 21:20 - 00000664 ____A C:\Windows\System32\d3d9caps.dat</p><p>2013-05-03 13:15 - 2013-05-03 13:15 - 02250054 ____A C:\Documents and Settings\All Users\Application Data\1.bmp</p><p>2013-05-03 13:04 - 2013-05-03 13:04 - 00137728 ____A (Hilgraeve, Inc.) C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe</p><p>2013-05-03 11:33 - 2010-06-21 17:04 - 00000000 ____D C:\Documents and Settings\joe.dickman\My Documents\Outlook</p><p>2013-04-29 18:36 - 2012-04-24 15:37 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job</p><p>2013-04-28 22:08 - 2012-07-04 20:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service</p><p>2013-04-16 08:35 - 2013-04-13 14:16 - 00000000 ____D C:\Program Files\Mozilla Firefox</p><p>2013-04-12 15:16 - 2010-09-15 10:58 - 00151552 __ASH C:\Documents and Settings\joe.dickman\My Documents\Thumbs.db</p><p></p><p>==================== Known DLLs (Whitelisted) ============</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe</p><p>[2008-04-14 08:00] - [2008-04-14 08:00] - 0108544 ___AH (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185 </p><p></p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points (XP) =====================</p><p></p><p>RP: -> 2013-05-02 17:02 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP711 </p><p></p><p>RP: -> 2013-05-01 13:56 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP710 </p><p></p><p>RP: -> 2013-04-30 13:03 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP709 </p><p></p><p>RP: -> 2013-04-29 12:01 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP708 </p><p></p><p>RP: -> 2013-04-18 17:01 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP707 </p><p></p><p>RP: -> 2013-04-17 12:54 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP706 </p><p></p><p>RP: -> 2013-04-16 11:36 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP705 </p><p></p><p>RP: -> 2013-04-15 11:10 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP704 </p><p></p><p>RP: -> 2013-04-13 20:49 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP703 </p><p></p><p>RP: -> 2013-04-12 20:18 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP702 </p><p></p><p>RP: -> 2013-04-11 16:34 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP701 </p><p></p><p>RP: -> 2013-04-10 16:14 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP700 </p><p></p><p>RP: -> 2013-04-09 12:30 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP699 </p><p></p><p>RP: -> 2013-04-08 11:42 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP698 </p><p></p><p>RP: -> 2013-04-07 01:23 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP697 </p><p></p><p>RP: -> 2013-04-05 21:23 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP696 </p><p></p><p>RP: -> 2013-04-04 17:23 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP695 </p><p></p><p>RP: -> 2013-04-03 13:51 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP694 </p><p></p><p>RP: -> 2013-04-02 13:48 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP693 </p><p></p><p>RP: -> 2013-04-01 12:43 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP692 </p><p></p><p>RP: -> 2013-03-29 14:08 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP691 </p><p></p><p>RP: -> 2013-03-28 13:55 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP690 </p><p></p><p>RP: -> 2013-03-27 13:51 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP689 </p><p></p><p>RP: -> 2013-03-26 12:32 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP688 </p><p></p><p>RP: -> 2013-03-25 12:24 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP687 </p><p></p><p>RP: -> 2013-03-23 21:08 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP686 </p><p></p><p>RP: -> 2013-03-22 15:32 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP685 </p><p></p><p>RP: -> 2013-03-21 12:51 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP684 </p><p></p><p>RP: -> 2013-03-20 12:42 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP683 </p><p></p><p>RP: -> 2013-03-19 12:23 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP682 </p><p></p><p>RP: -> 2013-03-17 19:49 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP681 </p><p></p><p>RP: -> 2013-03-16 20:10 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP680 </p><p></p><p>RP: -> 2013-03-15 17:53 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP679 </p><p></p><p>RP: -> 2013-03-14 14:24 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP678 </p><p></p><p>RP: -> 2013-03-13 14:08 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP677 </p><p></p><p>RP: -> 2013-03-12 13:54 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP676 </p><p></p><p>RP: -> 2013-03-11 13:36 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP675 </p><p></p><p>RP: -> 2013-03-09 18:22 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP674 </p><p></p><p>RP: -> 2013-03-08 14:19 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP673 </p><p></p><p>RP: -> 2013-03-07 13:41 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP672 </p><p></p><p>RP: -> 2013-03-06 12:20 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP671 </p><p></p><p>RP: -> 2013-03-04 12:16 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP670 </p><p></p><p>RP: -> 2013-02-28 13:43 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP669 </p><p></p><p>RP: -> 2013-02-27 12:24 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP668 </p><p></p><p>RP: -> 2013-02-25 21:20 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP667 </p><p></p><p>RP: -> 2013-02-24 18:17 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP666 </p><p></p><p>RP: -> 2013-02-21 17:49 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP665 </p><p></p><p>RP: -> 2013-02-20 17:40 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP664 </p><p></p><p>RP: -> 2013-02-19 13:39 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP663 </p><p></p><p>RP: -> 2013-02-18 12:12 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP662 </p><p></p><p>RP: -> 2013-02-15 21:28 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP661 </p><p></p><p>RP: -> 2013-02-14 21:22 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP660 </p><p></p><p>RP: -> 2013-02-13 17:44 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP659 </p><p></p><p>RP: -> 2013-02-12 13:58 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP658 </p><p></p><p>RP: -> 2013-02-11 12:32 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP657 </p><p></p><p>RP: -> 2013-02-07 17:34 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP656 </p><p></p><p>RP: -> 2013-02-06 16:03 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP655 </p><p></p><p>RP: -> 2013-02-05 13:48 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP654 </p><p></p><p>RP: -> 2013-02-04 12:56 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP653 </p><p></p><p>RP: -> 2013-02-03 12:42 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP652 </p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 13%</p><p>Total physical RAM: 1973.85 MB</p><p>Available physical RAM: 1713.02 MB</p><p>Total Pagefile: 1804.91 MB</p><p>Available Pagefile: 1744.56 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1993.54 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS</p><p>Drive c: () (Fixed) (Total:146.94 GB) (Free:104.61 GB) NTFS ==>[Drive with boot components (Windows XP)]</p><p>Drive d: (READER) (Fixed) (Total:2.06 GB) (Free:1.97 GB) FAT32</p><p>Drive e: (HITMANPRO) (Removable) (Total:3.76 GB) (Free:3.75 GB) FAT32</p><p>Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS</p><p></p><p> Disk ### Status Size Free Dyn Gpt</p><p> -------- ---------- ------- ------- --- ---</p><p> Disk 0 Online 149 GB 0 B </p><p></p><p>Partitions of Disk 0:</p><p>===============</p><p></p><p> Partition ### Type Size Offset</p><p> ------------- ---------------- ------- -------</p><p> Partition 1 OEM 39 MB 32 KB</p><p> Partition 2 Primary 147 GB 39 MB</p><p> Partition 3 Extended 2118 MB 147 GB</p><p> Partition 4 Logical 2118 MB 147 GB</p><p>==================================================================================</p><p></p><p>Disk: 0</p><p>Partition 1</p><p>Type : DE</p><p>Hidden: Yes</p><p>Active: No</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 1 FAT Partition 39 MB Healthy </p><p>=========================================================</p><p></p><p>Disk: 0</p><p>Partition 2</p><p>Type : 07</p><p>Hidden: No</p><p>Active: Yes</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 2 C NTFS Partition 147 GB Healthy </p><p>=========================================================</p><p></p><p>Disk: 0</p><p>Partition 4</p><p>Type : 0B</p><p>Hidden: No</p><p>Active: No</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 3 D READER FAT32 Partition 2118 MB Healthy </p><p>=========================================================</p><p>============================== MBR & Partition Table ==================</p><p></p><p>====================================================================</p><p>Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 123AF4B7)</p><p>Partition 1: (Not Active) - (Size=2 GB) - (Type=OF Extended)</p><p>Partition 2: (Not Active) - (Size=39 MB) - (Type=DE)</p><p>Partition 3: (Active) - (Size=147 GB) - (Type=07 NTFS)</p><p></p><p>====================================================================</p><p>Disk: 1 (Size: 4 GB) (Disk ID: 872059DD)</p><p>Partition 1: (Active) - (Size=4 GB) - (Type=0B)</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="jofuss3232, post: 119392, member: 8033"] ult of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-05-2013 02 Ran by SYSTEM on 06-05-2013 12:51:44 Running from E:\ Microsoft Windows XP (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet002 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg [x] HKLM\...\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe [2670592 2010-02-03] (Dell Inc.) HKLM\...\Run: [OA015Mon] C:\WINDOWS\OA015Mon.exe [24576 2009-12-08] (Creative Technology Ltd.) HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [278528 2010-02-17] (Alps Electric Co., Ltd.) HKLM\...\Run: [WavXMgr] C:\Program Files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe [158592 2010-01-14] (Wave Systems Corp.) HKLM\...\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [657920 2009-11-02] (Dell Inc.) HKLM\...\Run: [USCService] C:\Program Files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe [34232 2010-01-14] (Broadcom Corporation) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2010-06-19] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [843712 2012-01-03] (Adobe Systems Incorporated) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [248040 2010-02-18] (Sun Microsystems, Inc.) HKLM\...\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\udaterui.exe" /StartedFromRunKey [136512 2008-03-14] (McAfee, Inc.) HKLM\...\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE [124240 2008-09-29] (McAfee, Inc.) HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.) HKLM\...\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe" /hide [2780432 2009-05-08] () HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [421160 2011-04-14] (Apple Inc.) HKLM\...\Run: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe [495708 2010-05-19] (IDT, Inc.) HKLM\...\Run: [DisplaySwitch] "C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe" [137728 2013-05-03] (Hilgraeve, Inc.) HKLM\...\Run: [ADBlocker] C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerTray.exe -tray [979816 2012-12-21] () HKLM\...\Run: [Anvi Smart Defender] C:\Program Files\Anvisoft\Anvi Smart Defender\ASDTray.exe [1434984 2012-12-20] (Anvisoft) HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x] HKLM\...\Winlogon: [System] HKU\CMKUser\...\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [x] HKU\Default User\...\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [x] HKU\joe.dickman\...\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [x] HKU\joe.dickman\...\Run: [Logitech Vid] "C:\Program Files\Logitech\Vid HD\Vid.exe" -bootmode [ 2010-08-27] (Logitech Inc.) Lsa: [Authentication Packages] msv1_0 wvauth Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ImageMixer 3 SE Camera Monitor Ver.6.lnk ShortcutTarget: ImageMixer 3 SE Camera Monitor Ver.6.lnk -> C:\Program Files\PIXELA\ImageMixer 3 SE Ver.6\Transfer Utility\CameraMonitor.exe (PIXELA CORPORATION) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\TdmNotify.lnk ShortcutTarget: TdmNotify.lnk -> C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe (Wave Systems Corp.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk ShortcutTarget: VPN Client.lnk -> C:\WINDOWS\Installer\{F3C1DE9E-5E16-4BA9-B854-7B53A45E3579}\Icon3E5562ED7.ico () SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) ========================== Services (Whitelisted) ================= S2 ADBlockerSrv; C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\ADBlockerSrv.exe [279368 2012-11-13] () S2 asdsrv; C:\Program Files\Anvisoft\Anvi Smart Defender\ASDSrv.exe [735592 2012-12-20] (Anvisoft) S2 buttonsvc32; C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe [278304 2009-11-20] (Dell Inc.) S2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96334 2009-09-08] (Canon Inc.) S2 Credential Vault Host Control Service; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [812448 2009-12-17] (Broadcom Corporation) S2 Credential Vault Host Storage; C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [27040 2009-12-17] (Broadcom Corporation) S2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1528608 2009-01-13] (Cisco Systems, Inc.) S2 InstallFilterService; C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [60928 2010-01-10] () S2 McAfeeEngineService; C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe [19456 2008-09-29] (McAfee, Inc.) S2 McAfeeFramework; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [103744 2008-03-14] (McAfee, Inc.) S2 McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [143088 2008-09-29] (McAfee, Inc.) S2 McTaskManager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [62800 2008-09-29] (McAfee, Inc.) S2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [67904 2008-09-29] (McAfee, Inc.) S3 SecureStorageService; C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe [1032192 2009-11-18] (Wave Systems Corp.) S2 STacSV; C:\Program Files\IDT\WDM\stacsv.exe [245842 2010-05-19] (IDT, Inc.) S2 tcsd_win32.exe; C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe [1273856 2008-11-12] () S2 TdmService; C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe [1148264 2009-11-24] (Wave Systems Corp.) S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2404352 2010-02-03] (Dell Inc.) S4 HidServ; %SystemRoot%\System32\hidserv.dll [x] S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== S3 Acceler; C:\Windows\System32\DRIVERS\Accelern.sys [42672 2010-01-18] (ST Microelectronics) S3 AESTAud; C:\Windows\System32\drivers\AESTAud.sys [113664 2009-04-22] (Andrea Electronics Corporation) S1 asdnet; C:\Program Files\Anvisoft\Anvi Smart Defender\toolbox\adblocker\sys\x86\asdnet.sys [15696 2012-09-07] () S1 asdrm; C:\Windows\System32\DRIVERS\asdrm.sys [16208 2012-11-07] (Anvisoft) S2 asdrs; C:\WINDOWS\system32\DRIVERS\asdrs.sys [22864 2012-11-07] (Anvisoft) S2 asdws; C:\WINDOWS\system32\DRIVERS\asdws.sys [14160 2012-11-07] () S3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl5.sys [2696448 2010-02-03] (Broadcom Corporation) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.) S2 CVPNDRVA; C:\WINDOWS\system32\Drivers\CVPNDRVA.sys [306811 2009-01-13] (Cisco Systems, Inc.) S3 cvusbdrv; C:\Windows\System32\Drivers\cvusbdrv.sys [33832 2009-11-03] (Broadcom Corporation) S3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [131856 2008-08-28] (Deterministic Networks, Inc.) S3 e1kexpress; C:\Windows\System32\DRIVERS\e1k5132.sys [167080 2009-12-10] (Intel Corporation) S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [23832 2009-04-30] (Logitech Inc.) S3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-14] (Windows (R) Server 2003 DDK provider) S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2007-03-08] (HP) S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2007-03-08] (HP) S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2007-03-08] (HP) S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25624 2009-04-30] () S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\mbamswissarmy.sys [39984 2011-05-29] (Malwarebytes Corporation) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [74648 2008-09-29] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [90360 2008-09-29] (McAfee, Inc.) S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [42424 2008-09-29] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [340592 2008-09-29] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [64432 2008-09-29] (McAfee, Inc.) S1 mfetdik; C:\Windows\System32\drivers\mfetdik.sys [62704 2008-09-29] (McAfee, Inc.) S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 OA015Afx; C:\WINDOWS\system32\Drivers\OA015Afx.sys [134144 2009-05-28] (Creative Technology Ltd.) S3 OA015Vid; C:\Windows\System32\DRIVERS\OA015Vid.sys [273568 2009-12-08] (Creative Technology Ltd.) S0 PBADRV; C:\Windows\System32\DRIVERS\PBADRV.sys [26608 2008-06-04] (Dell Inc) S2 risdpcie; C:\Windows\System32\DRIVERS\risdpe86.sys [59904 2010-03-19] (REDC) S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) S0 stdflt; C:\Windows\System32\DRIVERS\stdfltn.sys [17072 2010-01-18] (ST Microelectronics) S3 STHDA; C:\Windows\System32\drivers\sthda.sys [1660691 2010-05-19] (IDT, Inc.) S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) S3 vsdatant; C:\WINDOWS\system32\vsdatant.sys [394952 2007-11-14] (Zone Labs, LLC) S2 WavxDMgr; C:\Windows\System32\DRIVERS\WavxDMgr.sys [214656 2010-01-14] (Wave Systems Corp.) S3 wceusbsh; C:\Windows\System32\DRIVERS\wceusbsh.sys [28672 2006-11-06] (Microsoft Corporation) S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) S4 Abiosdsk; No ImagePath S4 abp480n5; No ImagePath S4 adpu160m; No ImagePath S4 Aha154x; No ImagePath S4 aic78u2; No ImagePath S4 aic78xx; No ImagePath S4 AliIde; No ImagePath S4 amsint; No ImagePath S4 asc; No ImagePath S4 asc3350p; No ImagePath S4 asc3550; No ImagePath S4 Atdisk; No ImagePath S4 cd20xrnt; No ImagePath S1 Changer; No ImagePath S4 CmdIde; No ImagePath S4 Cpqarray; No ImagePath S4 dac2w2k; No ImagePath S4 dac960nt; No ImagePath S4 dpti2o; No ImagePath S0 fqfhruyy; System32\drivers\krhorans.sys [x] S4 hpn; No ImagePath S1 i2omgmt; No ImagePath S4 i2omp; No ImagePath S4 ini910u; No ImagePath S4 IntelIde; No ImagePath S1 lbrtfdc; No ImagePath S4 mraid35x; No ImagePath S1 PCIDump; No ImagePath S3 PDCOMP; No ImagePath S3 PDFRAME; No ImagePath S3 PDRELI; No ImagePath S3 PDRFRAME; No ImagePath S4 perc2; No ImagePath S4 perc2hib; No ImagePath S4 ql1080; No ImagePath S4 Ql10wnt; No ImagePath S4 ql12160; No ImagePath S4 ql1240; No ImagePath S4 ql1280; No ImagePath S4 Simbad; No ImagePath S4 Sparrow; No ImagePath S4 symc810; No ImagePath S4 symc8xx; No ImagePath S4 sym_hi; No ImagePath S4 sym_u3; No ImagePath S4 TosIde; No ImagePath S4 ultra; No ImagePath S4 ViaIde; No ImagePath S3 WDICA; No ImagePath S1 WS2IFSL; ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-06 12:51 - 2013-05-06 12:51 - 00000000 ____D C:\FRST 2013-05-06 10:37 - 2013-05-06 10:37 - 00106496 ____A C:\Windows\Minidump\Mini050613-02.dmp 2013-05-06 09:29 - 2013-05-06 09:29 - 00106496 ____A C:\Windows\Minidump\Mini050613-01.dmp 2013-05-03 16:36 - 2013-05-03 16:36 - 00106496 ____A C:\Windows\Minidump\Mini050313-03.dmp 2013-05-03 16:31 - 2013-05-03 16:31 - 00001109 ____A C:\Documents and Settings\All Users\Desktop\Anvi AD Blocker.lnk 2013-05-03 16:31 - 2013-05-03 16:31 - 00000837 ____A C:\Documents and Settings\All Users\Desktop\Anvi Smart Defender.lnk 2013-05-03 16:31 - 2013-05-03 16:31 - 00000000 ____D C:\Program Files\Anvisoft 2013-05-03 16:31 - 2013-05-03 16:31 - 00000000 ____D C:\Documents and Settings\joe.dickman\Application Data\Anvisoft 2013-05-03 16:31 - 2013-05-03 16:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Anvisoft 2013-05-03 16:31 - 2012-11-07 03:16 - 00022864 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrs.sys 2013-05-03 16:31 - 2012-11-07 03:16 - 00016208 ____A (Anvisoft) C:\Windows\System32\Drivers\asdrm.sys 2013-05-03 16:31 - 2012-11-07 03:16 - 00014160 ____A C:\Windows\System32\Drivers\asdws.sys 2013-05-03 16:29 - 2013-05-03 16:29 - 00106496 ____A C:\Windows\Minidump\Mini050313-02.dmp 2013-05-03 16:20 - 2013-05-03 16:21 - 29016792 ____A C:\asdsetup.exe 2013-05-03 16:19 - 2013-05-03 16:19 - 39321600 ____A C:\Windows\System32\config\software.bhv 2013-05-03 16:19 - 2013-05-03 16:19 - 08388608 ____A C:\Windows\System32\config\system.bhv 2013-05-03 16:19 - 2013-05-03 16:19 - 04980736 ____A C:\Windows\System32\config\default.bhv 2013-05-03 16:19 - 2013-05-03 16:19 - 00262144 ____A C:\Windows\System32\config\SECURITY.bhv 2013-05-03 16:19 - 2013-05-03 16:19 - 00028672 ____A C:\Windows\System32\config\SAM.bhv 2013-05-03 15:09 - 2013-05-03 15:09 - 00000000 ___AD C:\$Anvi Rescue Disk$ 2013-05-03 13:25 - 2013-05-03 16:36 - 00000000 ____D C:\Windows\Minidump 2013-05-03 13:25 - 2013-05-03 13:25 - 00106496 ____A C:\Windows\Minidump\Mini050313-01.dmp 2013-05-03 13:15 - 2013-05-03 13:15 - 02250054 ____A C:\Documents and Settings\All Users\Application Data\1.bmp 2013-05-03 13:04 - 2013-05-03 13:04 - 00137728 ____A (Hilgraeve, Inc.) C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe 2013-04-13 14:16 - 2013-04-16 08:35 - 00000000 ____D C:\Program Files\Mozilla Firefox ==================== One Month Modified Files and Folders ======== 2013-05-06 12:51 - 2013-05-06 12:51 - 00000000 ____D C:\FRST 2013-05-06 10:42 - 2013-01-11 09:59 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-06 10:42 - 2011-04-25 12:49 - 00514980 ____A C:\Windows\System32\PerfStringBackup.TMP 2013-05-06 10:42 - 2010-05-06 12:18 - 00032258 ___AH C:\Windows\SchedLgU.Txt 2013-05-06 10:38 - 2010-05-06 14:35 - 00000000 __SHD C:\Windows\CSC 2013-05-06 10:38 - 2010-05-06 05:25 - 00000048 ___AH C:\Windows\wiaservc.log 2013-05-06 10:37 - 2013-05-06 10:37 - 00106496 ____A C:\Windows\Minidump\Mini050613-02.dmp 2013-05-06 10:37 - 2010-05-06 12:18 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2013-05-06 10:37 - 2010-05-06 12:18 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-06 10:37 - 2010-05-06 12:11 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2013-05-06 10:36 - 2010-05-06 12:06 - 00496795 ___AH C:\Windows\WindowsUpdate.log 2013-05-06 10:35 - 2010-06-21 17:04 - 00000000 ____A C:\Documents and Settings\joe.dickman\Local Settings\Application Data\WavXMapDrive.bat 2013-05-06 10:34 - 2010-06-21 17:04 - 00000062 __ASH C:\Documents and Settings\joe.dickman\Local Settings\desktop.ini 2013-05-06 09:29 - 2013-05-06 09:29 - 00106496 ____A C:\Windows\Minidump\Mini050613-01.dmp 2013-05-06 09:29 - 2008-04-14 08:00 - 00002206 ___AH C:\Windows\System32\wpa.dbl 2013-05-03 16:36 - 2013-05-03 16:36 - 00106496 ____A C:\Windows\Minidump\Mini050313-03.dmp 2013-05-03 16:36 - 2013-05-03 13:25 - 00000000 ____D C:\Windows\Minidump 2013-05-03 16:31 - 2013-05-03 16:31 - 00001109 ____A C:\Documents and Settings\All Users\Desktop\Anvi AD Blocker.lnk 2013-05-03 16:31 - 2013-05-03 16:31 - 00000837 ____A C:\Documents and Settings\All Users\Desktop\Anvi Smart Defender.lnk 2013-05-03 16:31 - 2013-05-03 16:31 - 00000000 ____D C:\Program Files\Anvisoft 2013-05-03 16:31 - 2013-05-03 16:31 - 00000000 ____D C:\Documents and Settings\joe.dickman\Application Data\Anvisoft 2013-05-03 16:31 - 2013-05-03 16:31 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Anvisoft 2013-05-03 16:29 - 2013-05-03 16:29 - 00106496 ____A C:\Windows\Minidump\Mini050313-02.dmp 2013-05-03 16:21 - 2013-05-03 16:20 - 29016792 ____A C:\asdsetup.exe 2013-05-03 16:19 - 2013-05-03 16:19 - 39321600 ____A C:\Windows\System32\config\software.bhv 2013-05-03 16:19 - 2013-05-03 16:19 - 08388608 ____A C:\Windows\System32\config\system.bhv 2013-05-03 16:19 - 2013-05-03 16:19 - 04980736 ____A C:\Windows\System32\config\default.bhv 2013-05-03 16:19 - 2013-05-03 16:19 - 00262144 ____A C:\Windows\System32\config\SECURITY.bhv 2013-05-03 16:19 - 2013-05-03 16:19 - 00028672 ____A C:\Windows\System32\config\SAM.bhv 2013-05-03 15:09 - 2013-05-03 15:09 - 00000000 ___AD C:\$Anvi Rescue Disk$ 2013-05-03 13:26 - 2010-06-21 17:04 - 00000178 ___SH C:\Documents and Settings\joe.dickman\ntuser.ini 2013-05-03 13:25 - 2013-05-03 13:25 - 00106496 ____A C:\Windows\Minidump\Mini050313-01.dmp 2013-05-03 13:22 - 2010-09-22 21:20 - 00000664 ____A C:\Windows\System32\d3d9caps.dat 2013-05-03 13:15 - 2013-05-03 13:15 - 02250054 ____A C:\Documents and Settings\All Users\Application Data\1.bmp 2013-05-03 13:04 - 2013-05-03 13:04 - 00137728 ____A (Hilgraeve, Inc.) C:\Documents and Settings\All Users\Application Data\DisplaySwitch.exe 2013-05-03 11:33 - 2010-06-21 17:04 - 00000000 ____D C:\Documents and Settings\joe.dickman\My Documents\Outlook 2013-04-29 18:36 - 2012-04-24 15:37 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job 2013-04-28 22:08 - 2012-07-04 20:35 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service 2013-04-16 08:35 - 2013-04-13 14:16 - 00000000 ____D C:\Program Files\Mozilla Firefox 2013-04-12 15:16 - 2010-09-15 10:58 - 00151552 __ASH C:\Documents and Settings\joe.dickman\My Documents\Thumbs.db ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe [2008-04-14 08:00] - [2008-04-14 08:00] - 0108544 ___AH (Microsoft Corporation) 0e776ed5f7cc9f94299e70461b7b8185 C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points (XP) ===================== RP: -> 2013-05-02 17:02 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP711 RP: -> 2013-05-01 13:56 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP710 RP: -> 2013-04-30 13:03 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP709 RP: -> 2013-04-29 12:01 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP708 RP: -> 2013-04-18 17:01 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP707 RP: -> 2013-04-17 12:54 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP706 RP: -> 2013-04-16 11:36 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP705 RP: -> 2013-04-15 11:10 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP704 RP: -> 2013-04-13 20:49 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP703 RP: -> 2013-04-12 20:18 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP702 RP: -> 2013-04-11 16:34 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP701 RP: -> 2013-04-10 16:14 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP700 RP: -> 2013-04-09 12:30 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP699 RP: -> 2013-04-08 11:42 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP698 RP: -> 2013-04-07 01:23 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP697 RP: -> 2013-04-05 21:23 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP696 RP: -> 2013-04-04 17:23 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP695 RP: -> 2013-04-03 13:51 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP694 RP: -> 2013-04-02 13:48 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP693 RP: -> 2013-04-01 12:43 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP692 RP: -> 2013-03-29 14:08 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP691 RP: -> 2013-03-28 13:55 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP690 RP: -> 2013-03-27 13:51 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP689 RP: -> 2013-03-26 12:32 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP688 RP: -> 2013-03-25 12:24 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP687 RP: -> 2013-03-23 21:08 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP686 RP: -> 2013-03-22 15:32 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP685 RP: -> 2013-03-21 12:51 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP684 RP: -> 2013-03-20 12:42 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP683 RP: -> 2013-03-19 12:23 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP682 RP: -> 2013-03-17 19:49 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP681 RP: -> 2013-03-16 20:10 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP680 RP: -> 2013-03-15 17:53 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP679 RP: -> 2013-03-14 14:24 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP678 RP: -> 2013-03-13 14:08 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP677 RP: -> 2013-03-12 13:54 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP676 RP: -> 2013-03-11 13:36 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP675 RP: -> 2013-03-09 18:22 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP674 RP: -> 2013-03-08 14:19 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP673 RP: -> 2013-03-07 13:41 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP672 RP: -> 2013-03-06 12:20 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP671 RP: -> 2013-03-04 12:16 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP670 RP: -> 2013-02-28 13:43 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP669 RP: -> 2013-02-27 12:24 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP668 RP: -> 2013-02-25 21:20 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP667 RP: -> 2013-02-24 18:17 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP666 RP: -> 2013-02-21 17:49 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP665 RP: -> 2013-02-20 17:40 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP664 RP: -> 2013-02-19 13:39 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP663 RP: -> 2013-02-18 12:12 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP662 RP: -> 2013-02-15 21:28 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP661 RP: -> 2013-02-14 21:22 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP660 RP: -> 2013-02-13 17:44 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP659 RP: -> 2013-02-12 13:58 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP658 RP: -> 2013-02-11 12:32 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP657 RP: -> 2013-02-07 17:34 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP656 RP: -> 2013-02-06 16:03 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP655 RP: -> 2013-02-05 13:48 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP654 RP: -> 2013-02-04 12:56 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP653 RP: -> 2013-02-03 12:42 - 028672 _restore{FE768671-BE7E-47B3-846A-A3A096E35F32}\RP652 ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 1973.85 MB Available physical RAM: 1713.02 MB Total Pagefile: 1804.91 MB Available Pagefile: 1744.56 MB Total Virtual: 2047.88 MB Available Virtual: 1993.54 MB ==================== Drives ================================ Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS Drive c: () (Fixed) (Total:146.94 GB) (Free:104.61 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (READER) (Fixed) (Total:2.06 GB) (Free:1.97 GB) FAT32 Drive e: (HITMANPRO) (Removable) (Total:3.76 GB) (Free:3.75 GB) FAT32 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 149 GB 0 B Partitions of Disk 0: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 39 MB 32 KB Partition 2 Primary 147 GB 39 MB Partition 3 Extended 2118 MB 147 GB Partition 4 Logical 2118 MB 147 GB ================================================================================== Disk: 0 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 FAT Partition 39 MB Healthy ========================================================= Disk: 0 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 147 GB Healthy ========================================================= Disk: 0 Partition 4 Type : 0B Hidden: No Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 D READER FAT32 Partition 2118 MB Healthy ========================================================= ============================== MBR & Partition Table ================== ==================================================================== Disk: 0 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: 123AF4B7) Partition 1: (Not Active) - (Size=2 GB) - (Type=OF Extended) Partition 2: (Not Active) - (Size=39 MB) - (Type=DE) Partition 3: (Active) - (Size=147 GB) - (Type=07 NTFS) ==================================================================== Disk: 1 (Size: 4 GB) (Disk ID: 872059DD) Partition 1: (Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top