Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Menu
Install the app
Install
Reply to thread
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
FBI Ranson Virus
Message
<blockquote data-quote="allstrick" data-source="post: 94241" data-attributes="member: 4452"><p>Thank you so such quick response. Here is the log from the FRST scan and the ListParts scan</p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2012</p><p>Ran by SYSTEM at 05-01-2013 22:01:20</p><p>Running from D:\</p><p>Microsoft Windows XP (X86) OS Language: English(US) </p><p>The current controlset is ControlSet004</p><p></p><p>==================== Registry (Whitelisted) ===================</p><p></p><p>HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x]</p><p>HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x]</p><p>HKLM\...\Run: [] [x]</p><p>HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [221184 2006-11-05] (Sonic Solutions)</p><p>HKLM\...\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [1116920 2006-08-17] (Roxio)</p><p>HKLM\...\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [16384 2007-11-15] ( )</p><p>HKLM\...\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [241664 2003-12-22] (Hewlett-Packard Company)</p><p>HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128560 2007-06-08] (CyberLink Corp.)</p><p>HKLM\...\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH)</p><p>HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.)</p><p>HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)</p><p>HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [296056 2012-02-17] (RealNetworks, Inc.)</p><p>HKLM\...\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave [815704 2010-07-08] (GlavSoft LLC.)</p><p>HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [Adobe ARM] "C:\Documents and Settings\All Users\Application Data\ifgxpers.exe" [130192 2012-12-28] (?????????? ??????????)</p><p>HKLM\...\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1061960 2012-08-29] (Carbonite, Inc.)</p><p>HKLM\...\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize [387687 2005-10-21] (Defender Pro LLC)</p><p>HKLM\...\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe [151552 2003-07-08] (Motive Communications, Inc.)</p><p>HKLM\...\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6145\SiteAdv.exe [36640 2007-06-21] ()</p><p>HKLM\...\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide [1082920 2007-01-19] (McAfee, Inc.)</p><p>HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x]</p><p>HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)</p><p>HKU\Bruce\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)</p><p>HKU\Bruce\...\Run: [] [x]</p><p>HKU\Bruce\...\Run: [PCShowServer] "C:\Documents and Settings\Bruce\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe" [x]</p><p>HKU\Bruce\...\Run: [Jump Desktop] C:\Program Files\Jump Desktop\JumpDesktop.exe autorun [424040 2012-05-18] (Phase Five Systems)</p><p>Winlogon\Notify\TPSvc: TPSvc.dll [X]</p><p>Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk</p><p>ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)</p><p>Startup: C:\Documents and Settings\Bruce\Start Menu\Programs\Startup\JustCloud.lnk</p><p>ShortcutTarget: JustCloud.lnk -> C:\Program Files\JustCloud\JustCloud.exe (JustCloud.com)</p><p></p><p>==================== Services (Whitelisted) ===================</p><p></p><p>2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated)</p><p>2 BackupStack; C:\Program Files\JustCloud\BackupStack.exe [34344 2012-12-25] (Just Develop It)</p><p>2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [4643912 2012-08-29] (Carbonite, Inc. (www.carbonite.com))</p><p>3 Emproxy; C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe [341584 2007-01-12] (McAfee, Inc.)</p><p>2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation)</p><p>2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [105832 2013-01-05] (SurfRight B.V.)</p><p>2 hnmsvc; "C:\Program Files\Dell Network Assistant\hnm_svc.exe" [112176 2007-05-25] (SingleClick Systems)</p><p>2 JumpDesktop; "C:\Program Files\Jump Desktop\JumpService.exe" [7680 2012-05-18] (Phase Five Systems)</p><p>2 kavsvc; "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe" [917610 2005-10-20] (Defender Pro LLC)</p><p>2 McAfee HackerWatch Service; "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe" [540776 2007-02-13] (McAfee, Inc.)</p><p>3 mcmispupdmgr; C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe [689752 2007-01-05] (McAfee, Inc.)</p><p>2 mcmscsvc; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [361560 2007-01-05] (McAfee, Inc.)</p><p>2 McODS; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [362064 2007-01-16] (McAfee, Inc.)</p><p>2 mcpromgr; C:\PROGRA~1\McAfee\MSC\mcpromgr.exe [493144 2007-01-05] (McAfee, Inc.)</p><p>2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [144960 2006-12-22] (McAfee, Inc.)</p><p>2 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [643664 2007-01-25] (McAfee, Inc.)</p><p>2 MpfService; "C:\Program Files\McAfee\MPF\MPFSrv.exe" [841256 2007-06-19] (McAfee, Inc.)</p><p>2 SiteAdvisor Service; C:\Program Files\SiteAdvisor\6145\SAService.exe [328992 2013-01-02] ()</p><p>2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [201968 2008-08-13] (SupportSoft, Inc.)</p><p>2 tvnserver; "C:\Program Files\TightVNC\tvnserver.exe" -service [815704 2010-07-08] (GlavSoft LLC.)</p><p>3 Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation)</p><p>3 AppMgmt; C:\Windows\System32\appmgmts.dll [x]</p><p>4 HidServ; C:\Windows\System32\hidserv.dll [x]</p><p>2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]</p><p>2 LinksysUpdater; "C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "C:\Program Files\Linksys\Linksys Updater\conf\wrapper.conf" [x]</p><p>2 McNASvc; "c:\program files\common files\mcafee\mna\mcnasvc.exe" [x]</p><p>2 McRedirector; c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [x]</p><p>2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x]</p><p>4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x]</p><p>4 msvsmon80; "c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [x]</p><p>2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x]</p><p>2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)</p><p>3 DCamUSBEMPIA; C:\Windows\System32\DRIVERS\emDevice.sys [100957 2005-12-21] (eMPIA Technology, Inc.)</p><p>3 emAudio; C:\Windows\System32\drivers\emAudio.sys [22528 2006-12-12] (Pinnacle Systems GmbH)</p><p>3 FiltUSBEMPIA; C:\Windows\System32\DRIVERS\emFilter.sys [5245 2005-12-21] (eMPIA Technology, Inc.)</p><p>3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider)</p><p>3 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [30616 2013-01-05] ()</p><p>3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51056 2004-01-05] (HP)</p><p>3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-01-05] (HP)</p><p>3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21488 2004-01-05] (HP)</p><p>3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [24216 2010-03-10] (Initio Corporation)</p><p>3 L6PODLV; C:\Windows\System32\Drivers\L6PODLV.sys [530560 2008-10-23] (Line 6)</p><p>3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-24] (Pinnacle Systems GmbH)</p><p>3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [71496 2006-12-22] (McAfee, Inc.)</p><p>3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [34184 2006-12-22] (McAfee, Inc.)</p><p>3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [170408 2006-12-22] (McAfee, Inc.)</p><p>3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [32008 2006-12-22] (McAfee, Inc.)</p><p>3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [37480 2006-12-22] (McAfee, Inc.)</p><p>3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)</p><p>1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [109608 2007-03-02] (McAfee, Inc.)</p><p>3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)</p><p>3 NCHSSVAD; C:\Windows\System32\drivers\nchssvad.sys [27136 2009-01-09] (NCH Swift Sound)</p><p>3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)</p><p>2 Packet; C:\Windows\System32\DRIVERS\packet.sys [12672 2006-12-18] (SingleClick Systems)</p><p>3 SAMFILT; C:\Windows\System32\drivers\samfilt.sys [34688 2006-02-10] (Dolphin, Inc.)</p><p>3 ScanUSBEMPIA; C:\Windows\System32\DRIVERS\emScan.sys [4493 2005-12-21] (eMPIA Technology, Inc.)</p><p>3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)</p><p>1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2007-12-13] ()</p><p>3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)</p><p>3 USB_RNDIS_XP; C:\Windows\System32\DRIVERS\usb8023.sys [12800 2008-04-13] (Microsoft Corporation)</p><p>3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)</p><p>4 Abiosdsk; [x]</p><p>4 Atdisk; [x]</p><p>1 Changer; [x]</p><p>1 lbrtfdc; [x]</p><p>1 PCIDump; [x]</p><p>3 PDCOMP; [x]</p><p>3 PDFRAME; [x]</p><p>3 PDRELI; [x]</p><p>3 PDRFRAME; [x]</p><p>4 Simbad; [x]</p><p>3 WDICA; [x]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-01-05 21:21 - 2013-01-05 21:56 - 00030616 ____A C:\Windows\System32\Drivers\hitmanpro37.sys</p><p>2013-01-05 21:19 - 2013-01-05 21:19 - 00001610 ____A C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk</p><p>2013-01-05 21:19 - 2013-01-05 21:19 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2013-01-05 21:11 - 2013-01-05 21:11 - 00090112 ____A C:\Windows\Minidump\Mini010513-01.dmp</p><p>2013-01-05 16:10 - 2013-01-05 22:08 - 00000664 ____A C:\Windows\System32\d3d9caps.dat</p><p>2013-01-05 16:07 - 2013-01-05 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>2013-01-03 21:47 - 2013-01-03 21:47 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor</p><p>2013-01-02 23:38 - 2013-01-05 22:01 - 00003118 ____A C:\Windows\System32\Config.MPF</p><p>2013-01-02 23:34 - 2013-01-02 23:34 - 00000666 ____A C:\Documents and Settings\All Users\Desktop\McAfee Easy Network.lnk</p><p>2013-01-02 23:33 - 2013-01-02 23:33 - 00000671 ____A C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk</p><p>2013-01-02 23:20 - 2013-01-02 23:35 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\SiteAdvisor</p><p>2013-01-02 23:20 - 2013-01-02 23:20 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\SiteAdvisor</p><p>2013-01-02 23:18 - 2007-03-02 15:16 - 00109608 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\Mpfp.sys</p><p>2013-01-02 23:18 - 2006-12-22 17:02 - 00170408 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys</p><p>2013-01-02 23:18 - 2006-12-22 17:02 - 00071496 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys</p><p>2013-01-02 23:18 - 2006-12-22 17:02 - 00037480 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfesmfk.sys</p><p>2013-01-02 23:18 - 2006-12-22 17:02 - 00034184 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfebopk.sys</p><p>2013-01-02 23:18 - 2006-12-22 17:02 - 00032008 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdk.sys</p><p>2013-01-02 23:17 - 2013-01-02 23:17 - 00000352 ____A C:\Windows\Tasks\McQcTask.job</p><p>2013-01-02 23:17 - 2013-01-02 23:17 - 00000350 ____A C:\Windows\Tasks\McDefragTask.job</p><p>2013-01-02 23:16 - 2013-01-02 23:16 - 00000000 ____D C:\Program Files\McAfee.com</p><p>2013-01-02 22:57 - 2013-01-02 23:05 - 35984276 ____A C:\BellSouthIW.reg</p><p>2013-01-02 22:06 - 2005-06-14 20:22 - 00008200 ____A (Kaspersky Labs) C:\Windows\System32\Drivers\klin.sys</p><p>2013-01-02 22:06 - 2005-06-14 19:27 - 00038123 ____A (Kaspersky Labs) C:\Windows\System32\Drivers\klick.sys</p><p>2013-01-02 22:04 - 2013-01-02 22:04 - 00001983 ____A C:\Documents and Settings\Bruce\Desktop\Defender Pro PC Tune-up and Repair.lnk</p><p>2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\PowerDVD DX</p><p>2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help</p><p>2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google</p><p>2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}</p><p>2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\InstallShield</p><p>2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe</p><p>2013-01-01 16:36 - 2013-01-01 20:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2779030$</p><p>2013-01-01 16:36 - 2013-01-01 20:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$</p><p>2013-01-01 16:35 - 2013-01-01 20:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$</p><p>2013-01-01 16:35 - 2013-01-01 20:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$</p><p>2013-01-01 16:35 - 2013-01-01 16:35 - 00008264 ____A C:\Windows\KB2779562.log</p><p>2013-01-01 16:33 - 2013-01-01 16:35 - 00016327 ____A C:\Windows\KB2761465-IE8.log</p><p>2013-01-01 15:56 - 2013-01-01 15:56 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\Malwarebytes</p><p>2012-12-28 19:46 - 2012-12-28 19:46 - 00000000 ____D C:\Windows\Microsoft Antimalware</p><p>2012-12-28 16:20 - 2012-12-28 16:20 - 00751078 ____A C:\Documents and Settings\All Users\Application Data\1.bmp</p><p>2012-12-28 14:14 - 2013-01-01 20:57 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware</p><p>2012-12-28 14:14 - 2012-12-28 14:16 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2012-12-28 14:14 - 2012-12-28 14:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes</p><p>2012-12-28 14:14 - 2012-12-28 14:14 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes</p><p>2012-12-28 14:14 - 2012-12-14 17:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys</p><p>2012-12-28 14:10 - 2012-12-28 14:11 - 00002698 ____A C:\Documents and Settings\Administrator\Desktop\Rkill.txt</p><p>2012-12-28 14:02 - 2012-12-28 14:02 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE</p><p>2012-12-28 13:59 - 2012-12-28 13:59 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache</p><p>2012-12-28 13:55 - 2012-12-28 15:48 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini</p><p>2012-12-28 13:55 - 2012-12-28 14:08 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini</p><p>2012-12-28 13:55 - 2010-06-17 20:47 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia</p><p>2012-12-28 13:55 - 2008-01-04 09:24 - 00044976 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT</p><p>2012-12-28 13:55 - 2008-01-04 09:24 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My Google Gadgets</p><p>2012-12-28 13:55 - 2008-01-04 09:24 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Roxio</p><p>2012-12-28 13:55 - 2008-01-04 09:24 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Roxio</p><p>2012-12-28 13:55 - 2008-01-04 09:21 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\SingleClick Systems</p><p>2012-12-28 13:55 - 2008-01-04 09:21 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe</p><p>2012-12-28 13:55 - 2004-08-10 13:57 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini</p><p>2012-12-28 13:37 - 2012-12-28 13:37 - 00000000 __SHD C:\found.000</p><p>2012-12-28 12:53 - 2012-12-28 12:53 - 00130192 ____A (?????????? ??????????) C:\Documents and Settings\All Users\Application Data\ifgxpers.exe</p><p>2012-12-14 17:09 - 2013-01-01 16:36 - 00022511 ____A C:\Windows\KB2758857.log</p><p>2012-12-07 13:17 - 2012-12-07 13:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData</p><p>2012-12-07 13:17 - 2012-12-07 13:17 - 00000000 ____D C:\Documents and Settings\Bruce\Local Settings\Application Data\MFAData</p><p>2012-12-07 13:17 - 2012-12-07 13:17 - 00000000 ____D C:\Documents and Settings\Bruce\Local Settings\Application Data\Avg2013</p><p>2012-12-06 22:04 - 2012-12-06 22:04 - 00111508 ___AH C:\Windows\System32\mlfcache.dat</p><p>2012-12-06 22:02 - 2012-12-06 22:02 - 00001854 ____A C:\Documents and Settings\All Users\Desktop\Safari.lnk</p><p>2012-12-06 22:02 - 2012-12-06 22:02 - 00000000 ____D C:\Program Files\Safari</p><p>2012-12-06 22:01 - 2012-12-22 12:23 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job</p><p>2012-12-06 22:01 - 2012-12-06 22:01 - 00000000 ____D C:\Program Files\Apple Software Update</p><p></p><p></p><p>==================== One Month Modified Files and Folders ========</p><p></p><p>2013-01-05 22:22 - 2011-05-07 18:11 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{DA2FC216-6A7D-45AC-8027-0EBD2CAB2220}.job</p><p>2013-01-05 22:13 - 2011-12-07 22:13 - 00000486 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job</p><p>2013-01-05 22:08 - 2013-01-05 16:10 - 00000664 ____A C:\Windows\System32\d3d9caps.dat</p><p>2013-01-05 22:08 - 2008-02-26 21:41 - 00000000 ____D C:\MDT</p><p>2013-01-05 22:08 - 2008-01-09 23:38 - 00003120 ___AC C:\Windows\D9H7ADHB.ocx</p><p>2013-01-05 22:08 - 2008-01-09 23:38 - 00003120 ____A C:\Windows\System32\HAF9SE8J.ocx</p><p>2013-01-05 22:07 - 2004-08-10 14:02 - 01067755 ____A C:\Windows\WindowsUpdate.log</p><p>2013-01-05 22:03 - 2004-08-10 13:59 - 00000159 ____A C:\Windows\wiadebug.log</p><p>2013-01-05 22:03 - 2004-08-10 13:59 - 00000048 ____A C:\Windows\wiaservc.log</p><p>2013-01-05 22:02 - 2010-08-12 21:46 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-01-05 22:02 - 2008-01-09 21:35 - 00000062 __ASH C:\Documents and Settings\Bruce\Local Settings\desktop.ini</p><p>2013-01-05 22:02 - 2004-08-10 14:08 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini</p><p>2013-01-05 22:02 - 2004-08-10 14:08 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini</p><p>2013-01-05 22:02 - 2004-08-10 14:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-01-05 22:01 - 2013-01-05 22:01 - 00000000 ____D C:\FRST</p><p>2013-01-05 22:01 - 2013-01-02 23:38 - 00003118 ____A C:\Windows\System32\Config.MPF</p><p>2013-01-05 22:01 - 2008-01-09 21:35 - 00000278 ___SH C:\Documents and Settings\Bruce\ntuser.ini</p><p>2013-01-05 22:01 - 2004-08-10 14:08 - 00032358 ____A C:\Windows\SchedLgU.Txt</p><p>2013-01-05 21:56 - 2013-01-05 21:21 - 00030616 ____A C:\Windows\System32\Drivers\hitmanpro37.sys</p><p>2013-01-05 21:19 - 2013-01-05 21:19 - 00001610 ____A C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk</p><p>2013-01-05 21:19 - 2013-01-05 21:19 - 00000000 ____D C:\Program Files\HitmanPro</p><p>2013-01-05 21:11 - 2013-01-05 21:11 - 00090112 ____A C:\Windows\Minidump\Mini010513-01.dmp</p><p>2013-01-05 21:11 - 2011-04-20 21:12 - 00000000 ____D C:\Windows\Minidump</p><p>2013-01-05 16:07 - 2013-01-05 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro</p><p>2013-01-05 16:06 - 2004-08-10 13:51 - 00002206 ____A C:\Windows\System32\wpa.dbl</p><p>2013-01-03 21:47 - 2013-01-03 21:47 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor</p><p>2013-01-03 21:35 - 2009-07-19 10:31 - 00987101 ____A C:\Windows\setupapi.log</p><p>2013-01-03 02:31 - 2012-11-09 21:21 - 00000000 ____D C:\Program Files\Staples CD Labeler v5</p><p>2013-01-02 23:35 - 2013-01-02 23:20 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\SiteAdvisor</p><p>2013-01-02 23:34 - 2013-01-02 23:34 - 00000666 ____A C:\Documents and Settings\All Users\Desktop\McAfee Easy Network.lnk</p><p>2013-01-02 23:34 - 2008-05-01 20:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee</p><p>2013-01-02 23:33 - 2013-01-02 23:33 - 00000671 ____A C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk</p><p>2013-01-02 23:20 - 2013-01-02 23:20 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\SiteAdvisor</p><p>2013-01-02 23:20 - 2009-07-18 21:50 - 00000000 ____D C:\Program Files\SiteAdvisor</p><p>2013-01-02 23:20 - 2009-07-18 21:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SiteAdvisor</p><p>2013-01-02 23:19 - 2009-07-18 23:10 - 00000000 ____D C:\Program Files\McAfee</p><p>2013-01-02 23:18 - 2009-07-18 23:10 - 00000000 ____D C:\Program Files\Common Files\McAfee</p><p>2013-01-02 23:17 - 2013-01-02 23:17 - 00000352 ____A C:\Windows\Tasks\McQcTask.job</p><p>2013-01-02 23:17 - 2013-01-02 23:17 - 00000350 ____A C:\Windows\Tasks\McDefragTask.job</p><p>2013-01-02 23:16 - 2013-01-02 23:16 - 00000000 ____D C:\Program Files\McAfee.com</p><p>2013-01-02 23:06 - 2008-01-09 21:43 - 00000000 ___AC C:\Windows\BJCFDins.log</p><p>2013-01-02 23:05 - 2013-01-02 22:57 - 35984276 ____A C:\BellSouthIW.reg</p><p>2013-01-02 22:44 - 2008-07-26 13:29 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\FileZilla</p><p>2013-01-02 22:04 - 2013-01-02 22:04 - 00001983 ____A C:\Documents and Settings\Bruce\Desktop\Defender Pro PC Tune-up and Repair.lnk</p><p>2013-01-02 22:04 - 2008-01-09 23:33 - 00000000 ____D C:\Program Files\Defender Pro</p><p>2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\PowerDVD DX</p><p>2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help</p><p>2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google</p><p>2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060}</p><p>2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\InstallShield</p><p>2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe</p><p>2013-01-01 20:57 - 2012-12-28 14:14 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware</p><p>2013-01-01 20:55 - 2013-01-01 16:36 - 00000000 __HDC C:\Windows\$NtUninstallKB2779030$</p><p>2013-01-01 20:55 - 2013-01-01 16:36 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$</p><p>2013-01-01 20:55 - 2013-01-01 16:35 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$</p><p>2013-01-01 20:55 - 2013-01-01 16:35 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$</p><p>2013-01-01 17:10 - 2004-08-10 13:57 - 00507400 ____A C:\Windows\System32\FNTCACHE.DAT</p><p>2013-01-01 16:36 - 2012-12-14 17:09 - 00022511 ____A C:\Windows\KB2758857.log</p><p>2013-01-01 16:36 - 2004-08-10 13:57 - 02190163 ____A C:\Windows\FaxSetup.log</p><p>2013-01-01 16:36 - 2004-08-10 13:57 - 01079774 ____A C:\Windows\ocgen.log</p><p>2013-01-01 16:36 - 2004-08-10 13:57 - 00841945 ____A C:\Windows\tsoc.log</p><p>2013-01-01 16:36 - 2004-08-10 13:57 - 00724294 ____A C:\Windows\comsetup.log</p><p>2013-01-01 16:36 - 2004-08-10 13:57 - 00442348 ____A C:\Windows\ntdtcsetup.log</p><p>2013-01-01 16:36 - 2004-08-10 13:57 - 00272356 ____A C:\Windows\iis6.log</p><p>2013-01-01 16:36 - 2004-08-10 13:57 - 00119375 ____A C:\Windows\ocmsn.log</p><p>2013-01-01 16:36 - 2004-08-10 13:57 - 00109735 ____A C:\Windows\msgsocm.log</p><p>2013-01-01 16:36 - 2004-08-10 13:57 - 00001355 ____A C:\Windows\imsins.log</p><p>2013-01-01 16:36 - 2004-08-10 13:57 - 00001355 ____A C:\Windows\imsins.BAK</p><p>2013-01-01 16:35 - 2013-01-01 16:35 - 00008264 ____A C:\Windows\KB2779562.log</p><p>2013-01-01 16:35 - 2013-01-01 16:33 - 00016327 ____A C:\Windows\KB2761465-IE8.log</p><p>2013-01-01 16:35 - 2008-01-04 09:10 - 00881144 ____A C:\Windows\System32\TZLog.log</p><p>2013-01-01 16:35 - 2008-01-04 09:08 - 00339552 ____A C:\Windows\updspapi.log</p><p>2013-01-01 16:33 - 2008-01-04 09:08 - 00000000 ___HD C:\Windows\$hf_mig$</p><p>2013-01-01 16:30 - 2008-01-13 10:06 - 65087872 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>2013-01-01 16:15 - 2004-08-10 13:57 - 00593386 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-01-01 15:56 - 2013-01-01 15:56 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\Malwarebytes</p><p>2012-12-28 19:46 - 2012-12-28 19:46 - 00000000 ____D C:\Windows\Microsoft Antimalware</p><p>2012-12-28 16:20 - 2012-12-28 16:20 - 00751078 ____A C:\Documents and Settings\All Users\Application Data\1.bmp</p><p>2012-12-28 15:55 - 2011-05-19 15:01 - 00000286 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2592898406-2242705440-3200713710-1006.job</p><p>2012-12-28 15:49 - 2011-08-15 21:13 - 00000000 __HDC C:\Windows\$NtUninstallKB2570222$</p><p>2012-12-28 15:48 - 2012-12-28 13:55 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini</p><p>2012-12-28 14:16 - 2012-12-28 14:14 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk</p><p>2012-12-28 14:14 - 2012-12-28 14:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes</p><p>2012-12-28 14:14 - 2012-12-28 14:14 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes</p><p>2012-12-28 14:11 - 2012-12-28 14:10 - 00002698 ____A C:\Documents and Settings\Administrator\Desktop\Rkill.txt</p><p>2012-12-28 14:08 - 2012-12-28 13:55 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini</p><p>2012-12-28 14:02 - 2012-12-28 14:02 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE</p><p>2012-12-28 13:59 - 2012-12-28 13:59 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache</p><p>2012-12-28 13:37 - 2012-12-28 13:37 - 00000000 __SHD C:\found.000</p><p>2012-12-28 12:53 - 2012-12-28 12:53 - 00130192 ____A (?????????? ??????????) C:\Documents and Settings\All Users\Application Data\ifgxpers.exe</p><p>2012-12-26 21:11 - 2012-12-02 21:10 - 00000000 ____D C:\Program Files\JustCloud</p><p>2012-12-22 12:23 - 2012-12-06 22:01 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job</p><p>2012-12-14 17:49 - 2012-12-28 14:14 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys</p><p>2012-12-11 12:59 - 2012-04-12 17:27 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe</p><p>2012-12-11 12:59 - 2011-05-12 22:21 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl</p><p>2012-12-08 11:44 - 2009-05-14 15:03 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\Apple Computer</p><p>2012-12-07 13:19 - 2012-12-07 13:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData</p><p>2012-12-07 13:17 - 2012-12-07 13:17 - 00000000 ____D C:\Documents and Settings\Bruce\Local Settings\Application Data\MFAData</p><p>2012-12-07 13:17 - 2012-12-07 13:17 - 00000000 ____D C:\Documents and Settings\Bruce\Local Settings\Application Data\Avg2013</p><p>2012-12-06 22:04 - 2012-12-06 22:04 - 00111508 ___AH C:\Windows\System32\mlfcache.dat</p><p>2012-12-06 22:02 - 2012-12-06 22:02 - 00001854 ____A C:\Documents and Settings\All Users\Desktop\Safari.lnk</p><p>2012-12-06 22:02 - 2012-12-06 22:02 - 00000000 ____D C:\Program Files\Safari</p><p>2012-12-06 22:02 - 2009-02-19 22:40 - 00000000 ____D C:\Documents and Settings\Bruce\Local Settings\Application Data\Apple Computer</p><p>2012-12-06 22:01 - 2012-12-06 22:01 - 00000000 ____D C:\Program Files\Apple Software Update</p><p></p><p>==================== Known DLLs (Whitelisted) =================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points (XP) =====================</p><p></p><p>RP: -> 2013-01-02 23:33 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1490 </p><p></p><p>RP: -> 2013-01-01 16:30 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1487 </p><p></p><p>RP: -> 2012-12-31 17:59 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1486 </p><p></p><p>RP: -> 2012-12-27 17:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1485 </p><p></p><p>RP: -> 2012-12-26 16:55 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1484 </p><p></p><p>RP: -> 2012-12-25 13:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1483 </p><p></p><p>RP: -> 2012-12-24 07:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1482 </p><p></p><p>RP: -> 2012-12-23 01:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1481 </p><p></p><p>RP: -> 2012-12-21 19:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1480 </p><p></p><p>RP: -> 2012-12-20 13:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1479 </p><p></p><p>RP: -> 2012-12-19 07:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1478 </p><p></p><p>RP: -> 2012-12-18 01:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1477 </p><p></p><p>RP: -> 2012-12-16 19:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1476 </p><p></p><p>RP: -> 2012-12-15 13:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1475 </p><p></p><p>RP: -> 2012-12-14 10:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1474 </p><p></p><p>RP: -> 2012-12-13 01:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1473 </p><p></p><p>RP: -> 2012-12-11 19:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1472 </p><p></p><p>RP: -> 2012-12-10 13:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1471 </p><p></p><p>RP: -> 2012-12-09 07:39 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1470 </p><p></p><p>RP: -> 2012-12-08 01:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1469 </p><p></p><p>RP: -> 2012-12-06 22:01 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1468 </p><p></p><p>RP: -> 2012-12-05 23:43 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1467 </p><p></p><p>RP: -> 2012-12-04 13:52 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1466 </p><p></p><p>RP: -> 2012-12-03 01:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1465 </p><p></p><p>RP: -> 2012-12-01 19:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1464 </p><p></p><p>RP: -> 2012-11-30 16:11 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1463 </p><p></p><p>RP: -> 2012-11-29 07:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1462 </p><p></p><p>RP: -> 2012-11-28 01:41 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1461 </p><p></p><p>RP: -> 2012-11-26 19:38 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1460 </p><p></p><p>RP: -> 2012-11-25 13:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1459 </p><p></p><p>RP: -> 2012-11-24 12:57 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1458 </p><p></p><p>RP: -> 2012-11-22 15:26 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1457 </p><p></p><p>RP: -> 2012-11-21 09:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1456 </p><p></p><p>RP: -> 2012-11-20 03:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1455 </p><p></p><p>RP: -> 2012-11-18 21:26 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1454 </p><p></p><p>RP: -> 2012-11-17 15:26 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1453 </p><p></p><p>RP: -> 2012-11-16 08:58 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1452 </p><p></p><p>RP: -> 2012-11-15 22:30 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1451 </p><p></p><p>RP: -> 2012-11-15 22:23 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1450 </p><p></p><p>RP: -> 2012-11-15 22:22 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1449 </p><p></p><p>RP: -> 2012-11-15 21:11 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1448 </p><p></p><p>RP: -> 2012-11-15 20:55 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1447 </p><p></p><p>RP: -> 2012-11-14 21:56 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1446 </p><p></p><p>RP: -> 2012-11-09 07:38 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1445 </p><p></p><p>RP: -> 2012-11-08 01:38 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1444 </p><p></p><p>RP: -> 2012-11-06 19:37 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1443 </p><p></p><p>RP: -> 2012-11-05 13:50 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1442 </p><p></p><p>RP: -> 2012-11-04 07:37 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441 </p><p></p><p>RP: -> 2012-11-03 01:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1440 </p><p></p><p>RP: -> 2012-11-01 20:15 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1439 </p><p></p><p>RP: -> 2012-10-31 13:37 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1438 </p><p></p><p>RP: -> 2012-10-30 07:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1437 </p><p></p><p>RP: -> 2012-10-29 01:37 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1436 </p><p></p><p>RP: -> 2012-10-27 19:38 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1435 </p><p></p><p>RP: -> 2012-10-26 13:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1434 </p><p></p><p>RP: -> 2012-10-25 07:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1433 </p><p></p><p>RP: -> 2012-10-24 01:37 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1432 </p><p></p><p>RP: -> 2012-10-22 20:22 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1431 </p><p></p><p>RP: -> 2012-10-21 13:38 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1430 </p><p></p><p>RP: -> 2012-10-20 07:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1429 </p><p></p><p>RP: -> 2012-10-19 01:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1428 </p><p></p><p>RP: -> 2012-10-17 19:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1427 </p><p></p><p>RP: -> 2012-10-16 13:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1426 </p><p></p><p>RP: -> 2012-10-15 07:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1425 </p><p></p><p>RP: -> 2012-10-14 01:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1424 </p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 10%</p><p>Total physical RAM: 3061.11 MB</p><p>Available physical RAM: 2749.37 MB</p><p>Total Pagefile: 2885.82 MB</p><p>Available Pagefile: 2816.7 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 2001.54 MB</p><p></p><p>==================== Partitions =============================</p><p></p><p>1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS</p><p>2 Drive c: () (Fixed) (Total:74.45 GB) (Free:18.9 GB) NTFS ==>[Drive with boot components (Windows XP)]</p><p>3 Drive d: (HITMANPRO) (Removable) (Total:7.46 GB) (Free:7.46 GB) FAT32</p><p>5 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS</p><p>6 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS</p><p></p><p> Disk ### Status Size Free Dyn Gpt</p><p> -------- ---------- ------- ------- --- ---</p><p> Disk 2 Online 74 GB 0 B </p><p></p><p>Partitions of Disk 2:</p><p>===============</p><p></p><p> Partition ### Type Size Offset</p><p> ------------- ---------------- ------- -------</p><p> Partition 1 OEM 47 MB 32 KB</p><p> Partition 2 Primary 74 GB 47 MB</p><p>=========================================================</p><p></p><p>Disk: 2</p><p>Partition 1</p><p>Type : DE</p><p>Hidden: Yes</p><p>Active: No</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 4 FAT Partition 47 MB Healthy </p><p>=========================================================</p><p></p><p>Disk: 2</p><p>Partition 2</p><p>Type : 07</p><p>Hidden: No</p><p>Active: Yes</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 5 C NTFS Partition 74 GB Healthy </p><p>=========================================================</p><p>==================== End Of Log ============================</p><p></p><p>ListParts by Farbar Version: 30-10-2012</p><p>Ran by SYSTEM (administrator) on 05-01-2013 at 22:03:16</p><p>Windows XP (X86)</p><p>Running From: D:\</p><p>Language: 0409</p><p>************************************************************</p><p></p><p>========================= Memory info ====================== </p><p></p><p>Percentage of memory in use: 7%</p><p>Total physical RAM: 3061.11 MB</p><p>Available physical RAM: 2836.72 MB</p><p>Total Pagefile: 2885.82 MB</p><p>Available Pagefile: 2823.37 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 2009.38 MB</p><p></p><p>======================= Partitions =========================</p><p></p><p>1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS</p><p>2 Drive c: () (Fixed) (Total:74.45 GB) (Free:18.9 GB) NTFS ==>[Drive with boot components (Windows XP)]</p><p>3 Drive d: (HITMANPRO) (Removable) (Total:7.46 GB) (Free:7.46 GB) FAT32</p><p>5 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS</p><p>6 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS</p><p></p><p> Disk ### Status Size Free Dyn Gpt</p><p> -------- ---------- ------- ------- --- ---</p><p> Disk 2 Online 74 GB 0 B </p><p></p><p>Partitions of Disk 2:</p><p>===============</p><p></p><p> Partition ### Type Size Offset</p><p> ------------- ---------------- ------- -------</p><p> Partition 1 OEM 47 MB 32 KB</p><p> Partition 2 Primary 74 GB 47 MB</p><p>======================================================================================================</p><p></p><p>Disk: 2</p><p>Partition 1</p><p>Type : DE</p><p>Hidden: Yes</p><p>Active: No</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 4 FAT Partition 47 MB Healthy </p><p>======================================================================================================</p><p></p><p>Disk: 2</p><p>Partition 2</p><p>Type : 07</p><p>Hidden: No</p><p>Active: Yes</p><p></p><p> Volume ### Ltr Label Fs Type Size Status Info</p><p> ---------- --- ----------- ----- ---------- ------- --------- --------</p><p>* Volume 5 C NTFS Partition 74 GB Healthy </p><p>======================================================================================================</p><p></p><p>****** End Of Log ******</p></blockquote><p></p>
[QUOTE="allstrick, post: 94241, member: 4452"] Thank you so such quick response. Here is the log from the FRST scan and the ListParts scan Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-12-2012 Ran by SYSTEM at 05-01-2013 22:01:20 Running from D:\ Microsoft Windows XP (X86) OS Language: English(US) The current controlset is ControlSet004 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [RTHDCPL] RTHDCPL.EXE [x] HKLM\...\Run: [Alcmtr] ALCMTR.EXE [x] HKLM\...\Run: [] [x] HKLM\...\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [221184 2006-11-05] (Sonic Solutions) HKLM\...\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [1116920 2006-08-17] (Roxio) HKLM\...\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe" [16384 2007-11-15] ( ) HKLM\...\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [241664 2003-12-22] (Hewlett-Packard Company) HKLM\...\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [128560 2007-06-08] (CyberLink Corp.) HKLM\...\Run: [USBToolTip] C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe [199752 2007-02-20] (Pinnacle Systems GmbH) HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [254696 2011-06-09] (Sun Microsystems, Inc.) HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime Alternative\qttask.exe" -atboottime [421888 2010-11-29] (Apple Inc.) HKLM\...\Run: [TkBellExe] "C:\program files\real\realplayer\update\realsched.exe" -osboot [296056 2012-02-17] (RealNetworks, Inc.) HKLM\...\Run: [tvncontrol] "C:\Program Files\TightVNC\tvnserver.exe" -controlservice -slave [815704 2010-07-08] (GlavSoft LLC.) HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [38872 2012-07-31] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] "C:\Documents and Settings\All Users\Application Data\ifgxpers.exe" [130192 2012-12-28] (?????????? ??????????) HKLM\...\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe [1061960 2012-08-29] (Carbonite, Inc.) HKLM\...\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize [387687 2005-10-21] (Defender Pro LLC) HKLM\...\Run: [RecoverFromReboot] C:\WINDOWS\Temp\RecoverFromReboot.exe [151552 2003-07-08] (Motive Communications, Inc.) HKLM\...\Run: [SiteAdvisor] C:\Program Files\SiteAdvisor\6145\SiteAdv.exe [36640 2007-06-21] () HKLM\...\Run: [McENUI] C:\PROGRA~1\McAfee\MHN\McENUI.exe /hide [1082920 2007-01-19] (McAfee, Inc.) HKLM\...\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k [x] HKU\Administrator\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation) HKU\Bruce\...\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation) HKU\Bruce\...\Run: [] [x] HKU\Bruce\...\Run: [PCShowServer] "C:\Documents and Settings\Bruce\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe" [x] HKU\Bruce\...\Run: [Jump Desktop] C:\Program Files\Jump Desktop\JumpDesktop.exe autorun [424040 2012-05-18] (Phase Five Systems) Winlogon\Notify\TPSvc: TPSvc.dll [X] Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Documents and Settings\Bruce\Start Menu\Programs\Startup\JustCloud.lnk ShortcutTarget: JustCloud.lnk -> C:\Program Files\JustCloud\JustCloud.exe (JustCloud.com) ==================== Services (Whitelisted) =================== 2 AdobeActiveFileMonitor8.0; C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [169312 2009-09-06] (Adobe Systems Incorporated) 2 BackupStack; C:\Program Files\JustCloud\BackupStack.exe [34344 2012-12-25] (Just Develop It) 2 CarboniteService; "C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe" [4643912 2012-08-29] (Carbonite, Inc. (www.carbonite.com)) 3 Emproxy; C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe [341584 2007-01-12] (McAfee, Inc.) 2 Eventlog; C:\Windows\System32\services.exe [110592 2009-02-06] (Microsoft Corporation) 2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [105832 2013-01-05] (SurfRight B.V.) 2 hnmsvc; "C:\Program Files\Dell Network Assistant\hnm_svc.exe" [112176 2007-05-25] (SingleClick Systems) 2 JumpDesktop; "C:\Program Files\Jump Desktop\JumpService.exe" [7680 2012-05-18] (Phase Five Systems) 2 kavsvc; "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe" [917610 2005-10-20] (Defender Pro LLC) 2 McAfee HackerWatch Service; "C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe" [540776 2007-02-13] (McAfee, Inc.) 3 mcmispupdmgr; C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe [689752 2007-01-05] (McAfee, Inc.) 2 mcmscsvc; C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe [361560 2007-01-05] (McAfee, Inc.) 2 McODS; C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe [362064 2007-01-16] (McAfee, Inc.) 2 mcpromgr; C:\PROGRA~1\McAfee\MSC\mcpromgr.exe [493144 2007-01-05] (McAfee, Inc.) 2 McShield; C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe [144960 2006-12-22] (McAfee, Inc.) 2 McSysmon; C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe [643664 2007-01-25] (McAfee, Inc.) 2 MpfService; "C:\Program Files\McAfee\MPF\MPFSrv.exe" [841256 2007-06-19] (McAfee, Inc.) 2 SiteAdvisor Service; C:\Program Files\SiteAdvisor\6145\SAService.exe [328992 2013-01-02] () 2 sprtsvc_dellsupportcenter; C:\Program Files\Dell Support Center\bin\sprtsvc.exe /service /p dellsupportcenter [201968 2008-08-13] (SupportSoft, Inc.) 2 tvnserver; "C:\Program Files\TightVNC\tvnserver.exe" -service [815704 2010-07-08] (GlavSoft LLC.) 3 Visual Studio Analyzer RPC bridge; C:\Program Files\Microsoft Visual Studio\Common\Tools\VS-Ent98\Vanalyzr\varpc.exe [34036 1998-06-06] (Microsoft Corporation) 3 AppMgmt; C:\Windows\System32\appmgmts.dll [x] 4 HidServ; C:\Windows\System32\hidserv.dll [x] 2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x] 2 LinksysUpdater; "C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe" -s "C:\Program Files\Linksys\Linksys Updater\conf\wrapper.conf" [x] 2 McNASvc; "c:\program files\common files\mcafee\mna\mcnasvc.exe" [x] 2 McRedirector; c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe [x] 2 MSSQL$SQLEXPRESS; "c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS [x] 4 MSSQLServerADHelper; "c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe" [x] 4 msvsmon80; "c:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe" /service msvsmon80 [x] 2 SQLBrowser; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe" [x] 2 SQLWriter; "c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" [x] ==================== Drivers (Whitelisted) ==================== 3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) 3 DCamUSBEMPIA; C:\Windows\System32\DRIVERS\emDevice.sys [100957 2005-12-21] (eMPIA Technology, Inc.) 3 emAudio; C:\Windows\System32\drivers\emAudio.sys [22528 2006-12-12] (Pinnacle Systems GmbH) 3 FiltUSBEMPIA; C:\Windows\System32\DRIVERS\emFilter.sys [5245 2005-12-21] (eMPIA Technology, Inc.) 3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows (R) Server 2003 DDK provider) 3 hitmanpro37; \??\C:\WINDOWS\system32\drivers\hitmanpro37.sys [30616 2013-01-05] () 3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [51056 2004-01-05] (HP) 3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2004-01-05] (HP) 3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21488 2004-01-05] (HP) 3 ivusb; C:\Windows\System32\DRIVERS\ivusb.sys [24216 2010-03-10] (Initio Corporation) 3 L6PODLV; C:\Windows\System32\Drivers\L6PODLV.sys [530560 2008-10-23] (Line 6) 3 MarvinBus; C:\Windows\System32\DRIVERS\MarvinBus.sys [171520 2005-09-24] (Pinnacle Systems GmbH) 3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [71496 2006-12-22] (McAfee, Inc.) 3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [34184 2006-12-22] (McAfee, Inc.) 3 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [170408 2006-12-22] (McAfee, Inc.) 3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [32008 2006-12-22] (McAfee, Inc.) 3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [37480 2006-12-22] (McAfee, Inc.) 3 MPE; C:\Windows\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation) 1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [109608 2007-03-02] (McAfee, Inc.) 3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) 3 NCHSSVAD; C:\Windows\System32\drivers\nchssvad.sys [27136 2009-01-09] (NCH Swift Sound) 3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) 2 Packet; C:\Windows\System32\DRIVERS\packet.sys [12672 2006-12-18] (SingleClick Systems) 3 SAMFILT; C:\Windows\System32\drivers\samfilt.sys [34688 2006-02-10] (Dolphin, Inc.) 3 ScanUSBEMPIA; C:\Windows\System32\DRIVERS\emScan.sys [4493 2005-12-21] (eMPIA Technology, Inc.) 3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) 1 StarOpen; C:\Windows\System32\Drivers\StarOpen.sys [5504 2007-12-13] () 3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) 3 USB_RNDIS_XP; C:\Windows\System32\DRIVERS\usb8023.sys [12800 2008-04-13] (Microsoft Corporation) 3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) 4 Abiosdsk; [x] 4 Atdisk; [x] 1 Changer; [x] 1 lbrtfdc; [x] 1 PCIDump; [x] 3 PDCOMP; [x] 3 PDFRAME; [x] 3 PDRELI; [x] 3 PDRFRAME; [x] 4 Simbad; [x] 3 WDICA; [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-01-05 21:21 - 2013-01-05 21:56 - 00030616 ____A C:\Windows\System32\Drivers\hitmanpro37.sys 2013-01-05 21:19 - 2013-01-05 21:19 - 00001610 ____A C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk 2013-01-05 21:19 - 2013-01-05 21:19 - 00000000 ____D C:\Program Files\HitmanPro 2013-01-05 21:11 - 2013-01-05 21:11 - 00090112 ____A C:\Windows\Minidump\Mini010513-01.dmp 2013-01-05 16:10 - 2013-01-05 22:08 - 00000664 ____A C:\Windows\System32\d3d9caps.dat 2013-01-05 16:07 - 2013-01-05 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro 2013-01-03 21:47 - 2013-01-03 21:47 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor 2013-01-02 23:38 - 2013-01-05 22:01 - 00003118 ____A C:\Windows\System32\Config.MPF 2013-01-02 23:34 - 2013-01-02 23:34 - 00000666 ____A C:\Documents and Settings\All Users\Desktop\McAfee Easy Network.lnk 2013-01-02 23:33 - 2013-01-02 23:33 - 00000671 ____A C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk 2013-01-02 23:20 - 2013-01-02 23:35 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\SiteAdvisor 2013-01-02 23:20 - 2013-01-02 23:20 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\SiteAdvisor 2013-01-02 23:18 - 2007-03-02 15:16 - 00109608 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\Mpfp.sys 2013-01-02 23:18 - 2006-12-22 17:02 - 00170408 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfehidk.sys 2013-01-02 23:18 - 2006-12-22 17:02 - 00071496 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfeavfk.sys 2013-01-02 23:18 - 2006-12-22 17:02 - 00037480 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfesmfk.sys 2013-01-02 23:18 - 2006-12-22 17:02 - 00034184 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mfebopk.sys 2013-01-02 23:18 - 2006-12-22 17:02 - 00032008 ____A (McAfee, Inc.) C:\Windows\System32\Drivers\mferkdk.sys 2013-01-02 23:17 - 2013-01-02 23:17 - 00000352 ____A C:\Windows\Tasks\McQcTask.job 2013-01-02 23:17 - 2013-01-02 23:17 - 00000350 ____A C:\Windows\Tasks\McDefragTask.job 2013-01-02 23:16 - 2013-01-02 23:16 - 00000000 ____D C:\Program Files\McAfee.com 2013-01-02 22:57 - 2013-01-02 23:05 - 35984276 ____A C:\BellSouthIW.reg 2013-01-02 22:06 - 2005-06-14 20:22 - 00008200 ____A (Kaspersky Labs) C:\Windows\System32\Drivers\klin.sys 2013-01-02 22:06 - 2005-06-14 19:27 - 00038123 ____A (Kaspersky Labs) C:\Windows\System32\Drivers\klick.sys 2013-01-02 22:04 - 2013-01-02 22:04 - 00001983 ____A C:\Documents and Settings\Bruce\Desktop\Defender Pro PC Tune-up and Repair.lnk 2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\PowerDVD DX 2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help 2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060} 2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\InstallShield 2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe 2013-01-01 16:36 - 2013-01-01 20:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2779030$ 2013-01-01 16:36 - 2013-01-01 20:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$ 2013-01-01 16:35 - 2013-01-01 20:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$ 2013-01-01 16:35 - 2013-01-01 20:55 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$ 2013-01-01 16:35 - 2013-01-01 16:35 - 00008264 ____A C:\Windows\KB2779562.log 2013-01-01 16:33 - 2013-01-01 16:35 - 00016327 ____A C:\Windows\KB2761465-IE8.log 2013-01-01 15:56 - 2013-01-01 15:56 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\Malwarebytes 2012-12-28 19:46 - 2012-12-28 19:46 - 00000000 ____D C:\Windows\Microsoft Antimalware 2012-12-28 16:20 - 2012-12-28 16:20 - 00751078 ____A C:\Documents and Settings\All Users\Application Data\1.bmp 2012-12-28 14:14 - 2013-01-01 20:57 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2012-12-28 14:14 - 2012-12-28 14:16 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2012-12-28 14:14 - 2012-12-28 14:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2012-12-28 14:14 - 2012-12-28 14:14 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2012-12-28 14:14 - 2012-12-14 17:49 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-12-28 14:10 - 2012-12-28 14:11 - 00002698 ____A C:\Documents and Settings\Administrator\Desktop\Rkill.txt 2012-12-28 14:02 - 2012-12-28 14:02 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE 2012-12-28 13:59 - 2012-12-28 13:59 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2012-12-28 13:55 - 2012-12-28 15:48 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini 2012-12-28 13:55 - 2012-12-28 14:08 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini 2012-12-28 13:55 - 2010-06-17 20:47 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Macromedia 2012-12-28 13:55 - 2008-01-04 09:24 - 00044976 ____A C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2012-12-28 13:55 - 2008-01-04 09:24 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My Google Gadgets 2012-12-28 13:55 - 2008-01-04 09:24 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Roxio 2012-12-28 13:55 - 2008-01-04 09:24 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Roxio 2012-12-28 13:55 - 2008-01-04 09:21 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\SingleClick Systems 2012-12-28 13:55 - 2008-01-04 09:21 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe 2012-12-28 13:55 - 2004-08-10 13:57 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini 2012-12-28 13:37 - 2012-12-28 13:37 - 00000000 __SHD C:\found.000 2012-12-28 12:53 - 2012-12-28 12:53 - 00130192 ____A (?????????? ??????????) C:\Documents and Settings\All Users\Application Data\ifgxpers.exe 2012-12-14 17:09 - 2013-01-01 16:36 - 00022511 ____A C:\Windows\KB2758857.log 2012-12-07 13:17 - 2012-12-07 13:19 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData 2012-12-07 13:17 - 2012-12-07 13:17 - 00000000 ____D C:\Documents and Settings\Bruce\Local Settings\Application Data\MFAData 2012-12-07 13:17 - 2012-12-07 13:17 - 00000000 ____D C:\Documents and Settings\Bruce\Local Settings\Application Data\Avg2013 2012-12-06 22:04 - 2012-12-06 22:04 - 00111508 ___AH C:\Windows\System32\mlfcache.dat 2012-12-06 22:02 - 2012-12-06 22:02 - 00001854 ____A C:\Documents and Settings\All Users\Desktop\Safari.lnk 2012-12-06 22:02 - 2012-12-06 22:02 - 00000000 ____D C:\Program Files\Safari 2012-12-06 22:01 - 2012-12-22 12:23 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job 2012-12-06 22:01 - 2012-12-06 22:01 - 00000000 ____D C:\Program Files\Apple Software Update ==================== One Month Modified Files and Folders ======== 2013-01-05 22:22 - 2011-05-07 18:11 - 00000422 ___AH C:\Windows\Tasks\User_Feed_Synchronization-{DA2FC216-6A7D-45AC-8027-0EBD2CAB2220}.job 2013-01-05 22:13 - 2011-12-07 22:13 - 00000486 ____A C:\Windows\Tasks\Ad-Aware Update (Weekly).job 2013-01-05 22:08 - 2013-01-05 16:10 - 00000664 ____A C:\Windows\System32\d3d9caps.dat 2013-01-05 22:08 - 2008-02-26 21:41 - 00000000 ____D C:\MDT 2013-01-05 22:08 - 2008-01-09 23:38 - 00003120 ___AC C:\Windows\D9H7ADHB.ocx 2013-01-05 22:08 - 2008-01-09 23:38 - 00003120 ____A C:\Windows\System32\HAF9SE8J.ocx 2013-01-05 22:07 - 2004-08-10 14:02 - 01067755 ____A C:\Windows\WindowsUpdate.log 2013-01-05 22:03 - 2004-08-10 13:59 - 00000159 ____A C:\Windows\wiadebug.log 2013-01-05 22:03 - 2004-08-10 13:59 - 00000048 ____A C:\Windows\wiaservc.log 2013-01-05 22:02 - 2010-08-12 21:46 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-01-05 22:02 - 2008-01-09 21:35 - 00000062 __ASH C:\Documents and Settings\Bruce\Local Settings\desktop.ini 2013-01-05 22:02 - 2004-08-10 14:08 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini 2013-01-05 22:02 - 2004-08-10 14:08 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini 2013-01-05 22:02 - 2004-08-10 14:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-01-05 22:01 - 2013-01-05 22:01 - 00000000 ____D C:\FRST 2013-01-05 22:01 - 2013-01-02 23:38 - 00003118 ____A C:\Windows\System32\Config.MPF 2013-01-05 22:01 - 2008-01-09 21:35 - 00000278 ___SH C:\Documents and Settings\Bruce\ntuser.ini 2013-01-05 22:01 - 2004-08-10 14:08 - 00032358 ____A C:\Windows\SchedLgU.Txt 2013-01-05 21:56 - 2013-01-05 21:21 - 00030616 ____A C:\Windows\System32\Drivers\hitmanpro37.sys 2013-01-05 21:19 - 2013-01-05 21:19 - 00001610 ____A C:\Documents and Settings\All Users\Desktop\HitmanPro.lnk 2013-01-05 21:19 - 2013-01-05 21:19 - 00000000 ____D C:\Program Files\HitmanPro 2013-01-05 21:11 - 2013-01-05 21:11 - 00090112 ____A C:\Windows\Minidump\Mini010513-01.dmp 2013-01-05 21:11 - 2011-04-20 21:12 - 00000000 ____D C:\Windows\Minidump 2013-01-05 16:07 - 2013-01-05 16:07 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\HitmanPro 2013-01-05 16:06 - 2004-08-10 13:51 - 00002206 ____A C:\Windows\System32\wpa.dbl 2013-01-03 21:47 - 2013-01-03 21:47 - 00000000 ____D C:\Documents and Settings\NetworkService\Application Data\SiteAdvisor 2013-01-03 21:35 - 2009-07-19 10:31 - 00987101 ____A C:\Windows\setupapi.log 2013-01-03 02:31 - 2012-11-09 21:21 - 00000000 ____D C:\Program Files\Staples CD Labeler v5 2013-01-02 23:35 - 2013-01-02 23:20 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\SiteAdvisor 2013-01-02 23:34 - 2013-01-02 23:34 - 00000666 ____A C:\Documents and Settings\All Users\Desktop\McAfee Easy Network.lnk 2013-01-02 23:34 - 2008-05-01 20:29 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\McAfee 2013-01-02 23:33 - 2013-01-02 23:33 - 00000671 ____A C:\Documents and Settings\All Users\Desktop\McAfee Security Center.lnk 2013-01-02 23:20 - 2013-01-02 23:20 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\SiteAdvisor 2013-01-02 23:20 - 2009-07-18 21:50 - 00000000 ____D C:\Program Files\SiteAdvisor 2013-01-02 23:20 - 2009-07-18 21:50 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2013-01-02 23:19 - 2009-07-18 23:10 - 00000000 ____D C:\Program Files\McAfee 2013-01-02 23:18 - 2009-07-18 23:10 - 00000000 ____D C:\Program Files\Common Files\McAfee 2013-01-02 23:17 - 2013-01-02 23:17 - 00000352 ____A C:\Windows\Tasks\McQcTask.job 2013-01-02 23:17 - 2013-01-02 23:17 - 00000350 ____A C:\Windows\Tasks\McDefragTask.job 2013-01-02 23:16 - 2013-01-02 23:16 - 00000000 ____D C:\Program Files\McAfee.com 2013-01-02 23:06 - 2008-01-09 21:43 - 00000000 ___AC C:\Windows\BJCFDins.log 2013-01-02 23:05 - 2013-01-02 22:57 - 35984276 ____A C:\BellSouthIW.reg 2013-01-02 22:44 - 2008-07-26 13:29 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\FileZilla 2013-01-02 22:04 - 2013-01-02 22:04 - 00001983 ____A C:\Documents and Settings\Bruce\Desktop\Defender Pro PC Tune-up and Repair.lnk 2013-01-02 22:04 - 2008-01-09 23:33 - 00000000 ____D C:\Program Files\Defender Pro 2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\PowerDVD DX 2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help 2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Google 2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\{3248F0A6-6813-11D6-A77B-00B0D0150060} 2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\InstallShield 2013-01-01 20:57 - 2013-01-01 20:57 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Adobe 2013-01-01 20:57 - 2012-12-28 14:14 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware 2013-01-01 20:55 - 2013-01-01 16:36 - 00000000 __HDC C:\Windows\$NtUninstallKB2779030$ 2013-01-01 20:55 - 2013-01-01 16:36 - 00000000 __HDC C:\Windows\$NtUninstallKB2758857$ 2013-01-01 20:55 - 2013-01-01 16:35 - 00000000 __HDC C:\Windows\$NtUninstallKB2779562$ 2013-01-01 20:55 - 2013-01-01 16:35 - 00000000 __HDC C:\Windows\$NtUninstallKB2770660$ 2013-01-01 17:10 - 2004-08-10 13:57 - 00507400 ____A C:\Windows\System32\FNTCACHE.DAT 2013-01-01 16:36 - 2012-12-14 17:09 - 00022511 ____A C:\Windows\KB2758857.log 2013-01-01 16:36 - 2004-08-10 13:57 - 02190163 ____A C:\Windows\FaxSetup.log 2013-01-01 16:36 - 2004-08-10 13:57 - 01079774 ____A C:\Windows\ocgen.log 2013-01-01 16:36 - 2004-08-10 13:57 - 00841945 ____A C:\Windows\tsoc.log 2013-01-01 16:36 - 2004-08-10 13:57 - 00724294 ____A C:\Windows\comsetup.log 2013-01-01 16:36 - 2004-08-10 13:57 - 00442348 ____A C:\Windows\ntdtcsetup.log 2013-01-01 16:36 - 2004-08-10 13:57 - 00272356 ____A C:\Windows\iis6.log 2013-01-01 16:36 - 2004-08-10 13:57 - 00119375 ____A C:\Windows\ocmsn.log 2013-01-01 16:36 - 2004-08-10 13:57 - 00109735 ____A C:\Windows\msgsocm.log 2013-01-01 16:36 - 2004-08-10 13:57 - 00001355 ____A C:\Windows\imsins.log 2013-01-01 16:36 - 2004-08-10 13:57 - 00001355 ____A C:\Windows\imsins.BAK 2013-01-01 16:35 - 2013-01-01 16:35 - 00008264 ____A C:\Windows\KB2779562.log 2013-01-01 16:35 - 2013-01-01 16:33 - 00016327 ____A C:\Windows\KB2761465-IE8.log 2013-01-01 16:35 - 2008-01-04 09:10 - 00881144 ____A C:\Windows\System32\TZLog.log 2013-01-01 16:35 - 2008-01-04 09:08 - 00339552 ____A C:\Windows\updspapi.log 2013-01-01 16:33 - 2008-01-04 09:08 - 00000000 ___HD C:\Windows\$hf_mig$ 2013-01-01 16:30 - 2008-01-13 10:06 - 65087872 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-01-01 16:15 - 2004-08-10 13:57 - 00593386 ____A C:\Windows\System32\PerfStringBackup.INI 2013-01-01 15:56 - 2013-01-01 15:56 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\Malwarebytes 2012-12-28 19:46 - 2012-12-28 19:46 - 00000000 ____D C:\Windows\Microsoft Antimalware 2012-12-28 16:20 - 2012-12-28 16:20 - 00751078 ____A C:\Documents and Settings\All Users\Application Data\1.bmp 2012-12-28 15:55 - 2011-05-19 15:01 - 00000286 ____A C:\Windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-2592898406-2242705440-3200713710-1006.job 2012-12-28 15:49 - 2011-08-15 21:13 - 00000000 __HDC C:\Windows\$NtUninstallKB2570222$ 2012-12-28 15:48 - 2012-12-28 13:55 - 00000178 __ASH C:\Documents and Settings\Administrator\ntuser.ini 2012-12-28 14:16 - 2012-12-28 14:14 - 00000784 ____A C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2012-12-28 14:14 - 2012-12-28 14:14 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes 2012-12-28 14:14 - 2012-12-28 14:14 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Malwarebytes 2012-12-28 14:11 - 2012-12-28 14:10 - 00002698 ____A C:\Documents and Settings\Administrator\Desktop\Rkill.txt 2012-12-28 14:08 - 2012-12-28 13:55 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini 2012-12-28 14:02 - 2012-12-28 14:02 - 00000000 __SHD C:\Documents and Settings\Administrator\PrivacIE 2012-12-28 13:59 - 2012-12-28 13:59 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2012-12-28 13:37 - 2012-12-28 13:37 - 00000000 __SHD C:\found.000 2012-12-28 12:53 - 2012-12-28 12:53 - 00130192 ____A (?????????? ??????????) C:\Documents and Settings\All Users\Application Data\ifgxpers.exe 2012-12-26 21:11 - 2012-12-02 21:10 - 00000000 ____D C:\Program Files\JustCloud 2012-12-22 12:23 - 2012-12-06 22:01 - 00000284 ____A C:\Windows\Tasks\AppleSoftwareUpdate.job 2012-12-14 17:49 - 2012-12-28 14:14 - 00021104 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2012-12-11 12:59 - 2012-04-12 17:27 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2012-12-11 12:59 - 2011-05-12 22:21 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2012-12-08 11:44 - 2009-05-14 15:03 - 00000000 ____D C:\Documents and Settings\Bruce\Application Data\Apple Computer 2012-12-07 13:19 - 2012-12-07 13:17 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\MFAData 2012-12-07 13:17 - 2012-12-07 13:17 - 00000000 ____D C:\Documents and Settings\Bruce\Local Settings\Application Data\MFAData 2012-12-07 13:17 - 2012-12-07 13:17 - 00000000 ____D C:\Documents and Settings\Bruce\Local Settings\Application Data\Avg2013 2012-12-06 22:04 - 2012-12-06 22:04 - 00111508 ___AH C:\Windows\System32\mlfcache.dat 2012-12-06 22:02 - 2012-12-06 22:02 - 00001854 ____A C:\Documents and Settings\All Users\Desktop\Safari.lnk 2012-12-06 22:02 - 2012-12-06 22:02 - 00000000 ____D C:\Program Files\Safari 2012-12-06 22:02 - 2009-02-19 22:40 - 00000000 ____D C:\Documents and Settings\Bruce\Local Settings\Application Data\Apple Computer 2012-12-06 22:01 - 2012-12-06 22:01 - 00000000 ____D C:\Program Files\Apple Software Update ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points (XP) ===================== RP: -> 2013-01-02 23:33 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1490 RP: -> 2013-01-01 16:30 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1487 RP: -> 2012-12-31 17:59 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1486 RP: -> 2012-12-27 17:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1485 RP: -> 2012-12-26 16:55 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1484 RP: -> 2012-12-25 13:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1483 RP: -> 2012-12-24 07:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1482 RP: -> 2012-12-23 01:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1481 RP: -> 2012-12-21 19:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1480 RP: -> 2012-12-20 13:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1479 RP: -> 2012-12-19 07:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1478 RP: -> 2012-12-18 01:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1477 RP: -> 2012-12-16 19:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1476 RP: -> 2012-12-15 13:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1475 RP: -> 2012-12-14 10:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1474 RP: -> 2012-12-13 01:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1473 RP: -> 2012-12-11 19:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1472 RP: -> 2012-12-10 13:16 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1471 RP: -> 2012-12-09 07:39 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1470 RP: -> 2012-12-08 01:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1469 RP: -> 2012-12-06 22:01 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1468 RP: -> 2012-12-05 23:43 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1467 RP: -> 2012-12-04 13:52 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1466 RP: -> 2012-12-03 01:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1465 RP: -> 2012-12-01 19:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1464 RP: -> 2012-11-30 16:11 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1463 RP: -> 2012-11-29 07:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1462 RP: -> 2012-11-28 01:41 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1461 RP: -> 2012-11-26 19:38 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1460 RP: -> 2012-11-25 13:28 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1459 RP: -> 2012-11-24 12:57 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1458 RP: -> 2012-11-22 15:26 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1457 RP: -> 2012-11-21 09:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1456 RP: -> 2012-11-20 03:14 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1455 RP: -> 2012-11-18 21:26 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1454 RP: -> 2012-11-17 15:26 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1453 RP: -> 2012-11-16 08:58 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1452 RP: -> 2012-11-15 22:30 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1451 RP: -> 2012-11-15 22:23 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1450 RP: -> 2012-11-15 22:22 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1449 RP: -> 2012-11-15 21:11 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1448 RP: -> 2012-11-15 20:55 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1447 RP: -> 2012-11-14 21:56 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1446 RP: -> 2012-11-09 07:38 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1445 RP: -> 2012-11-08 01:38 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1444 RP: -> 2012-11-06 19:37 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1443 RP: -> 2012-11-05 13:50 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1442 RP: -> 2012-11-04 07:37 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1441 RP: -> 2012-11-03 01:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1440 RP: -> 2012-11-01 20:15 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1439 RP: -> 2012-10-31 13:37 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1438 RP: -> 2012-10-30 07:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1437 RP: -> 2012-10-29 01:37 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1436 RP: -> 2012-10-27 19:38 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1435 RP: -> 2012-10-26 13:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1434 RP: -> 2012-10-25 07:49 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1433 RP: -> 2012-10-24 01:37 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1432 RP: -> 2012-10-22 20:22 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1431 RP: -> 2012-10-21 13:38 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1430 RP: -> 2012-10-20 07:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1429 RP: -> 2012-10-19 01:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1428 RP: -> 2012-10-17 19:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1427 RP: -> 2012-10-16 13:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1426 RP: -> 2012-10-15 07:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1425 RP: -> 2012-10-14 01:36 - 028672 _restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP1424 ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 3061.11 MB Available physical RAM: 2749.37 MB Total Pagefile: 2885.82 MB Available Pagefile: 2816.7 MB Total Virtual: 2047.88 MB Available Virtual: 2001.54 MB ==================== Partitions ============================= 1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS 2 Drive c: () (Fixed) (Total:74.45 GB) (Free:18.9 GB) NTFS ==>[Drive with boot components (Windows XP)] 3 Drive d: (HITMANPRO) (Removable) (Total:7.46 GB) (Free:7.46 GB) FAT32 5 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS 6 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 2 Online 74 GB 0 B Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 47 MB 32 KB Partition 2 Primary 74 GB 47 MB ========================================================= Disk: 2 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 47 MB Healthy ========================================================= Disk: 2 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 C NTFS Partition 74 GB Healthy ========================================================= ==================== End Of Log ============================ ListParts by Farbar Version: 30-10-2012 Ran by SYSTEM (administrator) on 05-01-2013 at 22:03:16 Windows XP (X86) Running From: D:\ Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 7% Total physical RAM: 3061.11 MB Available physical RAM: 2836.72 MB Total Pagefile: 2885.82 MB Available Pagefile: 2823.37 MB Total Virtual: 2047.88 MB Available Virtual: 2009.38 MB ======================= Partitions ========================= 1 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS 2 Drive c: () (Fixed) (Total:74.45 GB) (Free:18.9 GB) NTFS ==>[Drive with boot components (Windows XP)] 3 Drive d: (HITMANPRO) (Removable) (Total:7.46 GB) (Free:7.46 GB) FAT32 5 Drive f: (U3 System) (CDROM) (Total:0.01 GB) (Free:0 GB) CDFS 6 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 2 Online 74 GB 0 B Partitions of Disk 2: =============== Partition ### Type Size Offset ------------- ---------------- ------- ------- Partition 1 OEM 47 MB 32 KB Partition 2 Primary 74 GB 47 MB ====================================================================================================== Disk: 2 Partition 1 Type : DE Hidden: Yes Active: No Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 4 FAT Partition 47 MB Healthy ====================================================================================================== Disk: 2 Partition 2 Type : 07 Hidden: No Active: Yes Volume ### Ltr Label Fs Type Size Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 5 C NTFS Partition 74 GB Healthy ====================================================================================================== ****** End Of Log ****** [/QUOTE]
Insert quotes…
Verification
Post reply
Top