Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
New Zealand Police / Ukash
Message
<blockquote data-quote="Sue64" data-source="post: 131008" data-attributes="member: 10541"><p>Hi,</p><p>We have done that now, here are the logs</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 04</p><p>Ran by SYSTEM on 31-07-2013 15:16:48</p><p>Running from D:\</p><p>Microsoft Windows XP (X86) OS Language: English(US)</p><p>Internet Explorer Version 8</p><p>Boot Mode: Recovery</p><p></p><p>The current controlset is ControlSet003</p><p><strong>ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.</strong></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [BrowserBrand] - C:\Program Files\ONLINE~1\XTRA\brand.exe [113408 2000-06-23] (Microsoft Corporation)</p><p>HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [282624 2007-04-26] (Apple Inc.)</p><p>HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-13] (CANON INC.)</p><p>HKLM\...\Run: [InCD] - C:\Program Files\Ahead\InCD\InCD.exe [1450096 2004-09-12] (Ahead Software AG)</p><p>HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-17] (Sun Microsystems, Inc.)</p><p>HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [151597 2003-11-23] (RealNetworks, Inc.)</p><p>HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1278064 2013-03-13] (McAfee, Inc.)</p><p>HKLM\...\Run: [LVCOMSX] - C:\WINDOWS\system32\LVCOMSX.EXE [221184 2005-07-19] (Logitech Inc.)</p><p>HKLM\...\Run: [DATAMNGR] - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE [1599920 2011-08-09] (iMesh, Inc)</p><p>HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-19] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k [x]</p><p>HKLM\...\Run: [Utility Chest Search Scope Monitor] - C:\PROGRA~1\UTILIT~2\bar\1.bin\49srchmn.exe [44784 2013-05-12] (MindSpark)</p><p>HKLM\...\Run: [UtilityChest_49 Browser Plugin Loader] - C:\PROGRA~1\UTILIT~2\bar\1.bin\49brmon.exe [30096 2013-05-12] (VER_COMPANY_NAME)</p><p>HKLM\...\Run: [Allin1Convert Search Scope Monitor] - C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hsrchmn.exe [44784 2013-07-27] (MindSpark)</p><p>HKLM\...\Run: [Allin1Convert_8h Browser Plugin Loader] - C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbrmon.exe [30096 2013-07-27] (VER_COMPANY_NAME)</p><p>Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation)</p><p>Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation)</p><p>HKU\Guest\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-13] (Microsoft Corporation)</p><p>HKU\Roger\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2007-04-26] (Apple Inc.)</p><p>HKU\Roger\...\Run: [DriverFinder] - C:\Documents and Settings\Roger\Desktop\New Folder\DriverFinder\DriverFinder.exe [x]</p><p>HKU\Roger\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Roger\Application Data\cache.dat [ 2010-12-09] () <==== ATTENTION </p><p>SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File</p><p>SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation)</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation)</p><p>S2 Allin1Convert_8hService; C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbarsvc.exe [42504 2013-07-27] (COMPANYVERS_NAME)</p><p>S2 InCDsrv; C:\Program Files\Ahead\InCD\InCDsrv.exe [1192050 2004-09-12] (Ahead Software AG)</p><p>S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-30] (McAfee, Inc.)</p><p>S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-30] (McAfee, Inc.)</p><p>S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-30] (McAfee, Inc.)</p><p>S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-30] (McAfee, Inc.)</p><p>S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)</p><p>S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-30] (McAfee, Inc.)</p><p>S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-18] (McAfee, Inc.)</p><p>S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-18] (McAfee, Inc.)</p><p>S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [172416 2013-02-18] (McAfee, Inc.)</p><p>S2 SLService; C:\Windows\System32\slserv.exe [73796 2004-01-07] (Smart Link)</p><p>S2 UtilityChest_49Service; C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe [42504 2013-05-12] (COMPANYVERS_NAME)</p><p>S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x]</p><p>S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [x]</p><p>S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S1 Asapi; C:\Windows\System32\Drivers\Asapi.sys [11264 2002-08-05] (VOB Computersysteme GmbH)</p><p>S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)</p><p>S1 cdrbsvsd; C:\Windows\System32\Drivers\cdrbsvsd.sys [13566 2003-12-03] (B.H.A Corporation)</p><p>S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-18] (McAfee, Inc.)</p><p>S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-01] ()</p><p>S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.)</p><p>S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-19] (McAfee, Inc.)</p><p>S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [80283 2002-10-24] (Intel Corporation)</p><p>S0 IdeBusDr; C:\Windows\System32\DRIVERS\IdeBusDr.sys [13891 2002-10-14] (Intel Corporation)</p><p>S0 IdeChnDr; C:\Windows\System32\DRIVERS\IdeChnDr.sys [101431 2002-10-14] (Intel Corporation)</p><p>S4 InCDfs; C:\Windows\System32\Drivers\InCDfs.sys [93440 2004-09-12] (Ahead Software AG)</p><p>S1 InCDPass; C:\Windows\System32\DRIVERS\InCDPass.sys [28672 2004-09-12] (Ahead Software AG)</p><p>S1 InCDrec; C:\Windows\System32\Drivers\InCDrec.sys [7680 2004-09-12] (Ahead Software AG)</p><p>S1 incdrm; C:\Windows\System32\Drivers\incdrm.sys [28080 2003-12-30] (Ahead Software AG)</p><p>S3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-05-26] (Logitech Inc.)</p><p>S2 MASPINT; C:\Windows\System32\Drivers\MASPINT.sys [8096 2000-03-29] (MicroStaff Co.,Ltd.)</p><p>S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-18] (McAfee, Inc.)</p><p>S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-18] (McAfee, Inc.)</p><p>S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-18] (McAfee, Inc.)</p><p>S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-18] (McAfee, Inc.)</p><p>S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-18] (McAfee, Inc.)</p><p>S3 mfendisk; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-18] (McAfee, Inc.)</p><p>S3 mfendiskmp; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-18] (McAfee, Inc.)</p><p>S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-18] (McAfee, Inc.)</p><p>S1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [91640 2013-02-18] (McAfee, Inc.)</p><p>S3 MREMPR5; C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [19345 2007-03-04] (Motive, Inc.)</p><p>S3 MRENDIS5; C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [18003 2007-03-04] (Motive, Inc.)</p><p>S3 Mtlmnt5; C:\Windows\System32\DRIVERS\Mtlmnt5.sys [126686 2004-03-31] (Smart Link)</p><p>S3 Mtlstrm; C:\Windows\System32\DRIVERS\Mtlstrm.sys [1309184 2004-01-27] (Smart Link)</p><p>S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation)</p><p>S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)</p><p>S3 NtMtlFax; C:\Windows\System32\DRIVERS\NtMtlFax.sys [180360 2004-01-27] (Smart Link)</p><p>S3 PID_0920; C:\Windows\System32\DRIVERS\LV532AV.SYS [163328 2005-01-30] ()</p><p>S0 RecAgent; C:\Windows\System32\DRIVERS\RecAgent.sys [13776 2004-01-12] (Smart Link)</p><p>S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation)</p><p>S3 Slntamr; C:\Windows\System32\DRIVERS\slntamr.sys [404990 2004-03-31] (Smart Link)</p><p>S3 SlNtHal; C:\Windows\System32\DRIVERS\Slnthal.sys [95424 2004-01-27] (Smart Link)</p><p>S3 SlWdmSup; C:\Windows\System32\DRIVERS\SlWdmSup.sys [13240 2004-01-27] (Smart Link)</p><p>S1 sonypvd3; C:\Windows\System32\DRIVERS\sonypvd3.sys [64964 2004-12-06] (Sony Corporation)</p><p>S1 sonypvf3; C:\Windows\System32\Drivers\sonypvf3.sys [619390 2004-11-14] (Sony Corporation)</p><p>S0 sonypvl3; C:\Windows\System32\Drivers\sonypvl3.sys [19507 2011-04-17] (Sony Corporation)</p><p>S1 sonypvt3; C:\Windows\System32\Drivers\sonypvt3.sys [423454 2004-12-05] (Sony Corporation)</p><p>S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-16] (Sony Corporation)</p><p>S3 STAC97; C:\Windows\System32\drivers\STAC97.sys [179664 2002-08-11] (SigmaTel, Inc.)</p><p>S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation)</p><p>S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)</p><p>S3 vsdatant; C:\Windows\System32\vsdatant.sys [368256 2005-08-29] (Zone Labs, LLC)</p><p>S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation)</p><p>S1 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\Windows\System32\drivers\ialmsbw.sys [91774 2002-10-24] (Intel Corporation)</p><p>S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\Windows\System32\drivers\ialmkchw.sys [71514 2002-10-24] (Intel Corporation)</p><p>S3 mfeavfk01; No ImagePath</p><p>S3 Pcouffin; System32\Drivers\Pcouffin.sys [x]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>NETSVC: Ip6FwHlp -> No Registry Path.</p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-07-31 15:16 - 2013-07-31 15:16 - 00000000 ____D C:\FRST</p><p>2013-07-28 21:35 - 2013-07-28 21:35 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache</p><p>2013-07-28 21:32 - 2012-04-21 05:03 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe</p><p>2013-07-28 21:32 - 2007-04-10 20:30 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help</p><p>2013-07-28 21:32 - 2003-11-23 03:55 - 00000180 ___SH C:\Documents and Settings\Administrator\ntuser.ini</p><p>2013-07-28 21:32 - 2003-11-23 03:21 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Real</p><p>2013-07-28 21:32 - 2003-11-23 03:19 - 00000000 ____D C:\Documents and Settings\Administrator\WINDOWS</p><p>2013-07-28 21:32 - 2003-11-23 03:18 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My eBooks</p><p>2013-07-28 21:32 - 2003-11-23 03:18 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\InterTrust</p><p>2013-07-28 21:10 - 2013-07-30 21:18 - 00000004 _____ C:\Documents and Settings\Roger\Application Data\cache.ini</p><p>2013-07-28 19:35 - 2013-07-28 19:37 - 00000000 ____D C:\Program Files\Bridge Command 4.4GPL</p><p>2013-07-27 00:17 - 2013-07-27 00:17 - 00000000 ____D C:\Program Files\Allin1Convert_8h</p><p>2013-07-23 23:15 - 2013-07-25 19:45 - 00000000 ____D C:\Program Files\ExpressFiles</p><p>2013-07-23 23:15 - 2013-07-23 23:16 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\ExpressFiles</p><p>2013-07-22 19:53 - 2013-07-22 19:53 - 00001676 _____ C:\Documents and Settings\All Users\Desktop\PhoenixRC Demo.lnk</p><p>2013-07-22 19:51 - 2013-07-22 19:54 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\PhoenixRC Demo</p><p>2013-07-22 19:51 - 2013-07-22 19:53 - 00000000 ____D C:\Program Files\PhoenixRC Demo</p><p>2013-07-22 19:50 - 2013-07-22 19:50 - 00000000 ____D C:\Documents and Settings\Roger\Local Settings\Application Data\Downloaded Installations</p><p>2013-07-22 00:04 - 2013-07-22 18:51 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\My Games</p><p>2013-07-22 00:03 - 2013-07-22 18:51 - 00000000 ____D C:\Program Files\Demolition Company Demo</p><p>2013-07-21 17:37 - 2013-07-21 17:49 - 00000000 ____D C:\Windows\System32\MRT</p><p>2013-07-19 23:26 - 2013-07-21 23:11 - 00002299 _____ C:\Documents and Settings\All Users\Desktop\TriangleDigger.lnk</p><p>2013-07-19 23:26 - 2013-07-19 23:27 - 00000000 ____D C:\Program Files\TriangleDigger</p><p>2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Program Files\Delta</p><p>2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\Delta</p><p>2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\BabSolution</p><p>2013-07-19 21:59 - 2013-07-19 21:59 - 00000000 ____D C:\Tenstar</p><p>2013-07-14 21:12 - 2013-07-28 19:21 - 00000858 _____ C:\Documents and Settings\All Users\Desktop\Ship Simulator 2008 Demo.lnk</p><p>2013-07-14 21:12 - 2013-07-28 19:21 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\ShipSim2008 Demo UserData</p><p>2013-07-14 21:11 - 2013-07-14 21:11 - 00000000 ____D C:\Program Files\Vstep</p><p>2013-07-14 20:06 - 2013-07-14 20:06 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\Quest3D</p><p>2013-07-14 19:46 - 2013-07-14 19:46 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard</p><p>2013-07-12 22:18 - 2013-07-12 22:20 - 00000000 ____D C:\Program Files\HeliSim</p><p>2013-07-11 21:27 - 2013-07-11 21:27 - 00009820 _____ C:\Windows\KB2834886.log</p><p>2013-07-11 21:27 - 2013-07-11 21:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2850851$</p><p>2013-07-11 21:27 - 2013-07-11 21:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2834886$</p><p>2013-07-11 21:26 - 2013-07-11 21:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2845187$</p><p>2013-07-11 21:13 - 2013-07-11 21:13 - 00009147 _____ C:\Windows\KB2834902.log</p><p>2013-07-11 21:13 - 2013-07-11 21:13 - 00000000 __HDC C:\Windows\$NtUninstallKB2834902_WM10$</p><p>2013-07-11 21:08 - 2013-07-11 21:11 - 00022520 _____ C:\Windows\KB2846071-IE8.log</p><p>2013-07-11 17:56 - 2013-07-11 21:27 - 00016391 _____ C:\Windows\KB2850851.log</p><p>2013-07-11 17:55 - 2013-07-11 21:26 - 00015289 _____ C:\Windows\KB2845187.log</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-07-30 21:57 - 2012-07-22 22:36 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini</p><p>2013-07-30 21:57 - 2004-08-12 16:38 - 01177584 _____ C:\Windows\WindowsUpdate.log</p><p>2013-07-30 21:57 - 2003-06-20 16:14 - 00032500 _____ C:\Windows\SchedLgU.Txt</p><p>2013-07-30 21:57 - 2003-06-20 15:56 - 00000236 _____ C:\Windows\wiadebug.log</p><p>2013-07-30 21:56 - 2003-06-20 15:56 - 00000050 _____ C:\Windows\wiaservc.log</p><p>2013-07-30 21:18 - 2013-07-28 21:10 - 00000004 _____ C:\Documents and Settings\Roger\Application Data\cache.ini</p><p>2013-07-30 21:18 - 2006-12-21 15:59 - 00000278 ___SH C:\Documents and Settings\Roger\ntuser.ini</p><p>2013-07-30 21:17 - 2003-06-20 15:45 - 00001170 _____ C:\Windows\System32\wpa.dbl</p><p>2013-07-28 21:40 - 2012-05-10 16:16 - 00237453 _____ C:\Windows\setupapi.log</p><p>2013-07-28 21:40 - 2009-09-04 23:27 - 00000862 _____ C:\Windows\setupact.log</p><p>2013-07-28 21:35 - 2013-07-28 21:35 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache</p><p>2013-07-28 19:37 - 2013-07-28 19:35 - 00000000 ____D C:\Program Files\Bridge Command 4.4GPL</p><p>2013-07-28 19:21 - 2013-07-14 21:12 - 00000858 _____ C:\Documents and Settings\All Users\Desktop\Ship Simulator 2008 Demo.lnk</p><p>2013-07-28 19:21 - 2013-07-14 21:12 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\ShipSim2008 Demo UserData</p><p>2013-07-28 17:39 - 2012-04-21 04:58 - 00000000 ____D C:\Documents and Settings\Roger\Local Settings\Application Data\Adobe</p><p>2013-07-27 00:17 - 2013-07-27 00:17 - 00000000 ____D C:\Program Files\Allin1Convert_8h</p><p>2013-07-26 23:10 - 2013-05-14 18:43 - 00000000 ____D C:\Program Files\Google</p><p>2013-07-25 19:45 - 2013-07-23 23:15 - 00000000 ____D C:\Program Files\ExpressFiles</p><p>2013-07-23 23:16 - 2013-07-23 23:15 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\ExpressFiles</p><p>2013-07-22 19:54 - 2013-07-22 19:51 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\PhoenixRC Demo</p><p>2013-07-22 19:53 - 2013-07-22 19:53 - 00001676 _____ C:\Documents and Settings\All Users\Desktop\PhoenixRC Demo.lnk</p><p>2013-07-22 19:53 - 2013-07-22 19:51 - 00000000 ____D C:\Program Files\PhoenixRC Demo</p><p>2013-07-22 19:50 - 2013-07-22 19:50 - 00000000 ____D C:\Documents and Settings\Roger\Local Settings\Application Data\Downloaded Installations</p><p>2013-07-22 18:51 - 2013-07-22 00:04 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\My Games</p><p>2013-07-22 18:51 - 2013-07-22 00:03 - 00000000 ____D C:\Program Files\Demolition Company Demo</p><p>2013-07-22 00:04 - 2003-06-20 16:03 - 00000000 ____D C:\Windows\System32\DirectX</p><p>2013-07-21 23:11 - 2013-07-19 23:26 - 00002299 _____ C:\Documents and Settings\All Users\Desktop\TriangleDigger.lnk</p><p>2013-07-21 17:49 - 2013-07-21 17:37 - 00000000 ____D C:\Windows\System32\MRT</p><p>2013-07-19 23:27 - 2013-07-19 23:26 - 00000000 ____D C:\Program Files\TriangleDigger</p><p>2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Program Files\Delta</p><p>2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\Delta</p><p>2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\BabSolution</p><p>2013-07-19 21:59 - 2013-07-19 21:59 - 00000000 ____D C:\Tenstar</p><p>2013-07-14 21:11 - 2013-07-14 21:11 - 00000000 ____D C:\Program Files\Vstep</p><p>2013-07-14 20:06 - 2013-07-14 20:06 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\Quest3D</p><p>2013-07-14 19:46 - 2013-07-14 19:46 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard</p><p>2013-07-14 19:46 - 2012-07-22 22:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation</p><p>2013-07-13 04:13 - 2010-05-08 00:42 - 00000000 ____D C:\Documents and Settings\Roger\Desktop\Targetzones Promo</p><p>2013-07-12 22:20 - 2013-07-12 22:18 - 00000000 ____D C:\Program Files\HeliSim</p><p>2013-07-12 20:19 - 2013-05-14 18:49 - 00001816 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk</p><p>2013-07-12 01:43 - 2008-02-09 15:15 - 00000000 ____D C:\Windows\Microsoft.NET</p><p>2013-07-12 00:51 - 2003-06-20 15:52 - 00331480 _____ C:\Windows\System32\FNTCACHE.DAT</p><p>2013-07-11 21:27 - 2013-07-11 21:27 - 00009820 _____ C:\Windows\KB2834886.log</p><p>2013-07-11 21:27 - 2013-07-11 21:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2850851$</p><p>2013-07-11 21:27 - 2013-07-11 21:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2834886$</p><p>2013-07-11 21:27 - 2013-07-11 17:56 - 00016391 _____ C:\Windows\KB2850851.log</p><p>2013-07-11 21:27 - 2009-09-06 05:23 - 01467161 _____ C:\Windows\FaxSetup.log</p><p>2013-07-11 21:27 - 2009-09-06 05:23 - 00708840 _____ C:\Windows\ocgen.log</p><p>2013-07-11 21:27 - 2009-09-06 05:23 - 00562838 _____ C:\Windows\tsoc.log</p><p>2013-07-11 21:27 - 2009-09-06 05:23 - 00484617 _____ C:\Windows\comsetup.log</p><p>2013-07-11 21:27 - 2009-09-06 05:23 - 00294529 _____ C:\Windows\ntdtcsetup.log</p><p>2013-07-11 21:27 - 2009-09-06 05:23 - 00233312 _____ C:\Windows\iis6.log</p><p>2013-07-11 21:27 - 2009-09-06 05:23 - 00080912 _____ C:\Windows\ocmsn.log</p><p>2013-07-11 21:27 - 2009-09-06 05:23 - 00073587 _____ C:\Windows\msgsocm.log</p><p>2013-07-11 21:27 - 2009-09-06 05:23 - 00001374 _____ C:\Windows\imsins.log</p><p>2013-07-11 21:27 - 2009-09-06 05:23 - 00001374 _____ C:\Windows\imsins.BAK</p><p>2013-07-11 21:26 - 2013-07-11 21:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2845187$</p><p>2013-07-11 21:26 - 2013-07-11 17:55 - 00015289 _____ C:\Windows\KB2845187.log</p><p>2013-07-11 21:24 - 2003-06-20 15:54 - 00505530 ____C C:\Windows\System32\PerfStringBackup.INI</p><p>2013-07-11 21:21 - 2007-02-14 01:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help</p><p>2013-07-11 21:13 - 2013-07-11 21:13 - 00009147 _____ C:\Windows\KB2834902.log</p><p>2013-07-11 21:13 - 2013-07-11 21:13 - 00000000 __HDC C:\Windows\$NtUninstallKB2834902_WM10$</p><p>2013-07-11 21:11 - 2013-07-11 21:08 - 00022520 _____ C:\Windows\KB2846071-IE8.log</p><p>2013-07-11 21:10 - 2009-09-08 00:32 - 00000000 ____D C:\Windows\ie8updates</p><p>2013-07-11 21:10 - 2009-09-06 05:23 - 00246339 _____ C:\Windows\updspapi.log</p><p>2013-07-11 21:03 - 2008-02-09 15:22 - 00000000 ____D C:\Windows\System32\XPSViewer</p><p></p><p>==================== Known DLLs (Whitelisted) ============</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points (XP) =====================</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 20%</p><p>Total physical RAM: 1270.8 MB</p><p>Available physical RAM: 1011.45 MB</p><p>Total Pagefile: 1106.27 MB</p><p>Available Pagefile: 1042.55 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1986.33 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS</p><p>Drive c: (HDD) (Fixed) (Total:32.27 GB) (Free:3.24 GB) NTFS ==>[Drive with boot components (Windows XP)]</p><p>Drive d: (HITMANPRO) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32</p><p>Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (Size: 38 GB) (Disk ID: 0165E8AA)</p><p>Partition 1: (Not Active) - (Size=6 GB) - (Type=1B)</p><p>Partition 2: (Active) - (Size=32 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 4 GB) (Disk ID: E54FA68B)</p><p>Partition 1: (Active) - (Size=4 GB) - (Type=0B)</p><p></p><p>==================== End Of Log ============================</p><p></p><p></p><p></p><p>ListParts by Farbar Version: 10-05-2013</p><p>Ran by SYSTEM (administrator) on 31-07-2013 at 15:33:53</p><p>Windows XP (X86)</p><p>Running From: D:\</p><p>Language: 0409</p><p>************************************************************</p><p></p><p>========================= Memory info ====================== </p><p></p><p>Percentage of memory in use: 16%</p><p>Total physical RAM: 1270.8 MB</p><p>Available physical RAM: 1064.48 MB</p><p>Total Pagefile: 1106.27 MB</p><p>Available Pagefile: 1052.2 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 2007.38 MB</p><p></p><p>======================= Partitions =========================</p><p></p><p>2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS</p><p>3 Drive c: (HDD) (Fixed) (Total:32.27 GB) (Free:3.24 GB) NTFS ==>[Drive with boot components (Windows XP)]</p><p>4 Drive d: (HITMANPRO) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32</p><p>5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS</p><p></p><p> Disk ### Status Size Free Dyn Gpt</p><p> -------- ---------- ------- ------- --- ---</p><p> Disk 0 Online 38 GB 0 B </p><p></p><p>Partitions of Disk 0:</p><p>===============</p><p></p><p>The disk management services could not complete the operation.</p><p></p><p>======================================================================================================</p><p>============================== MBR Partition Table ==================</p><p></p><p>==============================</p><p>Partitions of Disk 0:</p><p>===============</p><p>Disk ID: 0165E8AA</p><p>Partition 1: (Not Active) - (Size=6 GB) - (Type=1B)</p><p>Partition 2: (Active) - (Size=32 GB) - (Type=07 NTFS)</p><p></p><p></p><p>****** End Of Log ******</p></blockquote><p></p>
[QUOTE="Sue64, post: 131008, member: 10541"] Hi, We have done that now, here are the logs Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-07-2013 04 Ran by SYSTEM on 31-07-2013 15:16:48 Running from D:\ Microsoft Windows XP (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet003 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [BrowserBrand] - C:\Program Files\ONLINE~1\XTRA\brand.exe [113408 2000-06-23] (Microsoft Corporation) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [282624 2007-04-26] (Apple Inc.) HKLM\...\Run: [Easy-PrintToolBox] - C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-13] (CANON INC.) HKLM\...\Run: [InCD] - C:\Program Files\Ahead\InCD\InCD.exe [1450096 2004-09-12] (Ahead Software AG) HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [248040 2010-02-17] (Sun Microsystems, Inc.) HKLM\...\Run: [TkBellExe] - C:\Program Files\Common Files\Real\Update_OB\realsched.exe [151597 2003-11-23] (RealNetworks, Inc.) HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [1278064 2013-03-13] (McAfee, Inc.) HKLM\...\Run: [LVCOMSX] - C:\WINDOWS\system32\LVCOMSX.EXE [221184 2005-07-19] (Logitech Inc.) HKLM\...\Run: [DATAMNGR] - C:\PROGRA~1\IMESHA~1\MediaBar\Datamngr\DATAMN~1.EXE [1599920 2011-08-09] (iMesh, Inc) HKLM\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [35760 2010-06-19] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated) HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k [x] HKLM\...\Run: [Utility Chest Search Scope Monitor] - C:\PROGRA~1\UTILIT~2\bar\1.bin\49srchmn.exe [44784 2013-05-12] (MindSpark) HKLM\...\Run: [UtilityChest_49 Browser Plugin Loader] - C:\PROGRA~1\UTILIT~2\bar\1.bin\49brmon.exe [30096 2013-05-12] (VER_COMPANY_NAME) HKLM\...\Run: [Allin1Convert Search Scope Monitor] - C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hsrchmn.exe [44784 2013-07-27] (MindSpark) HKLM\...\Run: [Allin1Convert_8h Browser Plugin Loader] - C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbrmon.exe [30096 2013-07-27] (VER_COMPANY_NAME) Winlogon\Notify\igfxcui: igfxsrvc.dll (Intel Corporation) Winlogon\Notify\WgaLogon: WgaLogon.dll (Microsoft Corporation) HKU\Guest\...\Run: [MSMSGS] - C:\Program Files\Messenger\msmsgs.exe [ 2008-04-13] (Microsoft Corporation) HKU\Roger\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [ 2007-04-26] (Apple Inc.) HKU\Roger\...\Run: [DriverFinder] - C:\Documents and Settings\Roger\Desktop\New Folder\DriverFinder\DriverFinder.exe [x] HKU\Roger\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Roger\Application Data\cache.dat [ 2010-12-09] () <==== ATTENTION SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - No File SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll (Microsoft Corporation) ========================== Services (Whitelisted) ================= S2 6to4; C:\Windows\System32\6to4svc.dll [100864 2010-02-12] (Microsoft Corporation) S2 Allin1Convert_8hService; C:\PROGRA~1\ALLIN1~2\bar\1.bin\8hbarsvc.exe [42504 2013-07-27] (COMPANYVERS_NAME) S2 InCDsrv; C:\Program Files\Ahead\InCD\InCDsrv.exe [1192050 2004-09-12] (Ahead Software AG) S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-30] (McAfee, Inc.) S2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-30] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-30] (McAfee, Inc.) S2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-30] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [167784 2012-08-30] (McAfee, Inc.) S2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [203840 2013-02-18] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169320 2013-02-18] (McAfee, Inc.) S2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [172416 2013-02-18] (McAfee, Inc.) S2 SLService; C:\Windows\System32\slserv.exe [73796 2004-01-07] (Smart Link) S2 UtilityChest_49Service; C:\PROGRA~1\UTILIT~2\bar\1.bin\49barsvc.exe [42504 2013-05-12] (COMPANYVERS_NAME) S3 AppMgmt; %SystemRoot%\System32\appmgmts.dll [x] S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [x] S2 JavaQuickStarterService; "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" [x] ==================== Drivers (Whitelisted) ==================== S1 Asapi; C:\Windows\System32\Drivers\Asapi.sys [11264 2002-08-05] (VOB Computersysteme GmbH) S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S1 cdrbsvsd; C:\Windows\System32\Drivers\cdrbsvsd.sys [13566 2003-12-03] (B.H.A Corporation) S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [60920 2013-02-18] (McAfee, Inc.) S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2011-06-01] () S3 FilterService; C:\Windows\System32\DRIVERS\lvuvcflt.sys [23832 2009-10-07] (Logitech Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [146872 2012-04-19] (McAfee, Inc.) S3 ialm; C:\Windows\System32\DRIVERS\ialmnt5.sys [80283 2002-10-24] (Intel Corporation) S0 IdeBusDr; C:\Windows\System32\DRIVERS\IdeBusDr.sys [13891 2002-10-14] (Intel Corporation) S0 IdeChnDr; C:\Windows\System32\DRIVERS\IdeChnDr.sys [101431 2002-10-14] (Intel Corporation) S4 InCDfs; C:\Windows\System32\Drivers\InCDfs.sys [93440 2004-09-12] (Ahead Software AG) S1 InCDPass; C:\Windows\System32\DRIVERS\InCDPass.sys [28672 2004-09-12] (Ahead Software AG) S1 InCDrec; C:\Windows\System32\Drivers\InCDrec.sys [7680 2004-09-12] (Ahead Software AG) S1 incdrm; C:\Windows\System32\Drivers\incdrm.sys [28080 2003-12-30] (Ahead Software AG) S3 LVUSBSta; C:\Windows\System32\drivers\lvusbsta.sys [22016 2005-05-26] (Logitech Inc.) S2 MASPINT; C:\Windows\System32\Drivers\MASPINT.sys [8096 2000-03-29] (MicroStaff Co.,Ltd.) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [133416 2013-02-18] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [235264 2013-02-18] (McAfee, Inc.) S3 mfebopk; C:\Windows\System32\drivers\mfebopk.sys [65928 2013-02-18] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [363080 2013-02-18] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [565888 2013-02-18] (McAfee, Inc.) S3 mfendisk; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-18] (McAfee, Inc.) S3 mfendiskmp; C:\Windows\System32\DRIVERS\mfendisk.sys [84904 2013-02-18] (McAfee, Inc.) S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [92632 2013-02-18] (McAfee, Inc.) S1 mfetdi2k; C:\Windows\System32\drivers\mfetdi2k.sys [91640 2013-02-18] (McAfee, Inc.) S3 MREMPR5; C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [19345 2007-03-04] (Motive, Inc.) S3 MRENDIS5; C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [18003 2007-03-04] (Motive, Inc.) S3 Mtlmnt5; C:\Windows\System32\DRIVERS\Mtlmnt5.sys [126686 2004-03-31] (Smart Link) S3 Mtlstrm; C:\Windows\System32\DRIVERS\Mtlstrm.sys [1309184 2004-01-27] (Smart Link) S3 NABTSFEC; C:\Windows\System32\DRIVERS\NABTSFEC.sys [85248 2008-04-13] (Microsoft Corporation) S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) S3 NtMtlFax; C:\Windows\System32\DRIVERS\NtMtlFax.sys [180360 2004-01-27] (Smart Link) S3 PID_0920; C:\Windows\System32\DRIVERS\LV532AV.SYS [163328 2005-01-30] () S0 RecAgent; C:\Windows\System32\DRIVERS\RecAgent.sys [13776 2004-01-12] (Smart Link) S3 SLIP; C:\Windows\System32\DRIVERS\SLIP.sys [11136 2008-04-13] (Microsoft Corporation) S3 Slntamr; C:\Windows\System32\DRIVERS\slntamr.sys [404990 2004-03-31] (Smart Link) S3 SlNtHal; C:\Windows\System32\DRIVERS\Slnthal.sys [95424 2004-01-27] (Smart Link) S3 SlWdmSup; C:\Windows\System32\DRIVERS\SlWdmSup.sys [13240 2004-01-27] (Smart Link) S1 sonypvd3; C:\Windows\System32\DRIVERS\sonypvd3.sys [64964 2004-12-06] (Sony Corporation) S1 sonypvf3; C:\Windows\System32\Drivers\sonypvf3.sys [619390 2004-11-14] (Sony Corporation) S0 sonypvl3; C:\Windows\System32\Drivers\sonypvl3.sys [19507 2011-04-17] (Sony Corporation) S1 sonypvt3; C:\Windows\System32\Drivers\sonypvt3.sys [423454 2004-12-05] (Sony Corporation) S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-16] (Sony Corporation) S3 STAC97; C:\Windows\System32\drivers\STAC97.sys [179664 2002-08-11] (SigmaTel, Inc.) S3 streamip; C:\Windows\System32\DRIVERS\StreamIP.sys [15232 2008-04-13] (Microsoft Corporation) S1 Tcpip6; C:\Windows\System32\DRIVERS\tcpip6.sys [226880 2010-02-11] (Microsoft Corporation) S3 vsdatant; C:\Windows\System32\vsdatant.sys [368256 2005-08-29] (Zone Labs, LLC) S3 WSTCODEC; C:\Windows\System32\DRIVERS\WSTCODEC.SYS [19200 2008-04-13] (Microsoft Corporation) S1 {6080A529-897E-4629-A488-ABA0C29B635E}; C:\Windows\System32\drivers\ialmsbw.sys [91774 2002-10-24] (Intel Corporation) S3 {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}; C:\Windows\System32\drivers\ialmkchw.sys [71514 2002-10-24] (Intel Corporation) S3 mfeavfk01; No ImagePath S3 Pcouffin; System32\Drivers\Pcouffin.sys [x] ==================== NetSvcs (Whitelisted) =================== NETSVC: Ip6FwHlp -> No Registry Path. ==================== One Month Created Files and Folders ======== 2013-07-31 15:16 - 2013-07-31 15:16 - 00000000 ____D C:\FRST 2013-07-28 21:35 - 2013-07-28 21:35 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-07-28 21:32 - 2012-04-21 05:03 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe 2013-07-28 21:32 - 2007-04-10 20:30 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft Help 2013-07-28 21:32 - 2003-11-23 03:55 - 00000180 ___SH C:\Documents and Settings\Administrator\ntuser.ini 2013-07-28 21:32 - 2003-11-23 03:21 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\Real 2013-07-28 21:32 - 2003-11-23 03:19 - 00000000 ____D C:\Documents and Settings\Administrator\WINDOWS 2013-07-28 21:32 - 2003-11-23 03:18 - 00000000 ____D C:\Documents and Settings\Administrator\My Documents\My eBooks 2013-07-28 21:32 - 2003-11-23 03:18 - 00000000 ____D C:\Documents and Settings\Administrator\Application Data\InterTrust 2013-07-28 21:10 - 2013-07-30 21:18 - 00000004 _____ C:\Documents and Settings\Roger\Application Data\cache.ini 2013-07-28 19:35 - 2013-07-28 19:37 - 00000000 ____D C:\Program Files\Bridge Command 4.4GPL 2013-07-27 00:17 - 2013-07-27 00:17 - 00000000 ____D C:\Program Files\Allin1Convert_8h 2013-07-23 23:15 - 2013-07-25 19:45 - 00000000 ____D C:\Program Files\ExpressFiles 2013-07-23 23:15 - 2013-07-23 23:16 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\ExpressFiles 2013-07-22 19:53 - 2013-07-22 19:53 - 00001676 _____ C:\Documents and Settings\All Users\Desktop\PhoenixRC Demo.lnk 2013-07-22 19:51 - 2013-07-22 19:54 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\PhoenixRC Demo 2013-07-22 19:51 - 2013-07-22 19:53 - 00000000 ____D C:\Program Files\PhoenixRC Demo 2013-07-22 19:50 - 2013-07-22 19:50 - 00000000 ____D C:\Documents and Settings\Roger\Local Settings\Application Data\Downloaded Installations 2013-07-22 00:04 - 2013-07-22 18:51 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\My Games 2013-07-22 00:03 - 2013-07-22 18:51 - 00000000 ____D C:\Program Files\Demolition Company Demo 2013-07-21 17:37 - 2013-07-21 17:49 - 00000000 ____D C:\Windows\System32\MRT 2013-07-19 23:26 - 2013-07-21 23:11 - 00002299 _____ C:\Documents and Settings\All Users\Desktop\TriangleDigger.lnk 2013-07-19 23:26 - 2013-07-19 23:27 - 00000000 ____D C:\Program Files\TriangleDigger 2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Program Files\Delta 2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\Delta 2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\BabSolution 2013-07-19 21:59 - 2013-07-19 21:59 - 00000000 ____D C:\Tenstar 2013-07-14 21:12 - 2013-07-28 19:21 - 00000858 _____ C:\Documents and Settings\All Users\Desktop\Ship Simulator 2008 Demo.lnk 2013-07-14 21:12 - 2013-07-28 19:21 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\ShipSim2008 Demo UserData 2013-07-14 21:11 - 2013-07-14 21:11 - 00000000 ____D C:\Program Files\Vstep 2013-07-14 20:06 - 2013-07-14 20:06 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\Quest3D 2013-07-14 19:46 - 2013-07-14 19:46 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2013-07-12 22:18 - 2013-07-12 22:20 - 00000000 ____D C:\Program Files\HeliSim 2013-07-11 21:27 - 2013-07-11 21:27 - 00009820 _____ C:\Windows\KB2834886.log 2013-07-11 21:27 - 2013-07-11 21:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2850851$ 2013-07-11 21:27 - 2013-07-11 21:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2834886$ 2013-07-11 21:26 - 2013-07-11 21:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2845187$ 2013-07-11 21:13 - 2013-07-11 21:13 - 00009147 _____ C:\Windows\KB2834902.log 2013-07-11 21:13 - 2013-07-11 21:13 - 00000000 __HDC C:\Windows\$NtUninstallKB2834902_WM10$ 2013-07-11 21:08 - 2013-07-11 21:11 - 00022520 _____ C:\Windows\KB2846071-IE8.log 2013-07-11 17:56 - 2013-07-11 21:27 - 00016391 _____ C:\Windows\KB2850851.log 2013-07-11 17:55 - 2013-07-11 21:26 - 00015289 _____ C:\Windows\KB2845187.log ==================== One Month Modified Files and Folders ======= 2013-07-30 21:57 - 2012-07-22 22:36 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini 2013-07-30 21:57 - 2004-08-12 16:38 - 01177584 _____ C:\Windows\WindowsUpdate.log 2013-07-30 21:57 - 2003-06-20 16:14 - 00032500 _____ C:\Windows\SchedLgU.Txt 2013-07-30 21:57 - 2003-06-20 15:56 - 00000236 _____ C:\Windows\wiadebug.log 2013-07-30 21:56 - 2003-06-20 15:56 - 00000050 _____ C:\Windows\wiaservc.log 2013-07-30 21:18 - 2013-07-28 21:10 - 00000004 _____ C:\Documents and Settings\Roger\Application Data\cache.ini 2013-07-30 21:18 - 2006-12-21 15:59 - 00000278 ___SH C:\Documents and Settings\Roger\ntuser.ini 2013-07-30 21:17 - 2003-06-20 15:45 - 00001170 _____ C:\Windows\System32\wpa.dbl 2013-07-28 21:40 - 2012-05-10 16:16 - 00237453 _____ C:\Windows\setupapi.log 2013-07-28 21:40 - 2009-09-04 23:27 - 00000862 _____ C:\Windows\setupact.log 2013-07-28 21:35 - 2013-07-28 21:35 - 00000000 __SHD C:\Documents and Settings\Administrator\IETldCache 2013-07-28 19:37 - 2013-07-28 19:35 - 00000000 ____D C:\Program Files\Bridge Command 4.4GPL 2013-07-28 19:21 - 2013-07-14 21:12 - 00000858 _____ C:\Documents and Settings\All Users\Desktop\Ship Simulator 2008 Demo.lnk 2013-07-28 19:21 - 2013-07-14 21:12 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\ShipSim2008 Demo UserData 2013-07-28 17:39 - 2012-04-21 04:58 - 00000000 ____D C:\Documents and Settings\Roger\Local Settings\Application Data\Adobe 2013-07-27 00:17 - 2013-07-27 00:17 - 00000000 ____D C:\Program Files\Allin1Convert_8h 2013-07-26 23:10 - 2013-05-14 18:43 - 00000000 ____D C:\Program Files\Google 2013-07-25 19:45 - 2013-07-23 23:15 - 00000000 ____D C:\Program Files\ExpressFiles 2013-07-23 23:16 - 2013-07-23 23:15 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\ExpressFiles 2013-07-22 19:54 - 2013-07-22 19:51 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\PhoenixRC Demo 2013-07-22 19:53 - 2013-07-22 19:53 - 00001676 _____ C:\Documents and Settings\All Users\Desktop\PhoenixRC Demo.lnk 2013-07-22 19:53 - 2013-07-22 19:51 - 00000000 ____D C:\Program Files\PhoenixRC Demo 2013-07-22 19:50 - 2013-07-22 19:50 - 00000000 ____D C:\Documents and Settings\Roger\Local Settings\Application Data\Downloaded Installations 2013-07-22 18:51 - 2013-07-22 00:04 - 00000000 ____D C:\Documents and Settings\Roger\My Documents\My Games 2013-07-22 18:51 - 2013-07-22 00:03 - 00000000 ____D C:\Program Files\Demolition Company Demo 2013-07-22 00:04 - 2003-06-20 16:03 - 00000000 ____D C:\Windows\System32\DirectX 2013-07-21 23:11 - 2013-07-19 23:26 - 00002299 _____ C:\Documents and Settings\All Users\Desktop\TriangleDigger.lnk 2013-07-21 17:49 - 2013-07-21 17:37 - 00000000 ____D C:\Windows\System32\MRT 2013-07-19 23:27 - 2013-07-19 23:26 - 00000000 ____D C:\Program Files\TriangleDigger 2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Program Files\Delta 2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\Delta 2013-07-19 22:12 - 2013-07-19 22:12 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\BabSolution 2013-07-19 21:59 - 2013-07-19 21:59 - 00000000 ____D C:\Tenstar 2013-07-14 21:11 - 2013-07-14 21:11 - 00000000 ____D C:\Program Files\Vstep 2013-07-14 20:06 - 2013-07-14 20:06 - 00000000 ____D C:\Documents and Settings\Roger\Application Data\Quest3D 2013-07-14 19:46 - 2013-07-14 19:46 - 00000000 ____D C:\Program Files\Common Files\Wise Installation Wizard 2013-07-14 19:46 - 2012-07-22 22:32 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-07-13 04:13 - 2010-05-08 00:42 - 00000000 ____D C:\Documents and Settings\Roger\Desktop\Targetzones Promo 2013-07-12 22:20 - 2013-07-12 22:18 - 00000000 ____D C:\Program Files\HeliSim 2013-07-12 20:19 - 2013-05-14 18:49 - 00001816 _____ C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2013-07-12 01:43 - 2008-02-09 15:15 - 00000000 ____D C:\Windows\Microsoft.NET 2013-07-12 00:51 - 2003-06-20 15:52 - 00331480 _____ C:\Windows\System32\FNTCACHE.DAT 2013-07-11 21:27 - 2013-07-11 21:27 - 00009820 _____ C:\Windows\KB2834886.log 2013-07-11 21:27 - 2013-07-11 21:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2850851$ 2013-07-11 21:27 - 2013-07-11 21:27 - 00000000 __HDC C:\Windows\$NtUninstallKB2834886$ 2013-07-11 21:27 - 2013-07-11 17:56 - 00016391 _____ C:\Windows\KB2850851.log 2013-07-11 21:27 - 2009-09-06 05:23 - 01467161 _____ C:\Windows\FaxSetup.log 2013-07-11 21:27 - 2009-09-06 05:23 - 00708840 _____ C:\Windows\ocgen.log 2013-07-11 21:27 - 2009-09-06 05:23 - 00562838 _____ C:\Windows\tsoc.log 2013-07-11 21:27 - 2009-09-06 05:23 - 00484617 _____ C:\Windows\comsetup.log 2013-07-11 21:27 - 2009-09-06 05:23 - 00294529 _____ C:\Windows\ntdtcsetup.log 2013-07-11 21:27 - 2009-09-06 05:23 - 00233312 _____ C:\Windows\iis6.log 2013-07-11 21:27 - 2009-09-06 05:23 - 00080912 _____ C:\Windows\ocmsn.log 2013-07-11 21:27 - 2009-09-06 05:23 - 00073587 _____ C:\Windows\msgsocm.log 2013-07-11 21:27 - 2009-09-06 05:23 - 00001374 _____ C:\Windows\imsins.log 2013-07-11 21:27 - 2009-09-06 05:23 - 00001374 _____ C:\Windows\imsins.BAK 2013-07-11 21:26 - 2013-07-11 21:26 - 00000000 __HDC C:\Windows\$NtUninstallKB2845187$ 2013-07-11 21:26 - 2013-07-11 17:55 - 00015289 _____ C:\Windows\KB2845187.log 2013-07-11 21:24 - 2003-06-20 15:54 - 00505530 ____C C:\Windows\System32\PerfStringBackup.INI 2013-07-11 21:21 - 2007-02-14 01:42 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Microsoft Help 2013-07-11 21:13 - 2013-07-11 21:13 - 00009147 _____ C:\Windows\KB2834902.log 2013-07-11 21:13 - 2013-07-11 21:13 - 00000000 __HDC C:\Windows\$NtUninstallKB2834902_WM10$ 2013-07-11 21:11 - 2013-07-11 21:08 - 00022520 _____ C:\Windows\KB2846071-IE8.log 2013-07-11 21:10 - 2009-09-08 00:32 - 00000000 ____D C:\Windows\ie8updates 2013-07-11 21:10 - 2009-09-06 05:23 - 00246339 _____ C:\Windows\updspapi.log 2013-07-11 21:03 - 2008-02-09 15:22 - 00000000 ____D C:\Windows\System32\XPSViewer ==================== Known DLLs (Whitelisted) ============ ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points (XP) ===================== ==================== Memory info =========================== Percentage of memory in use: 20% Total physical RAM: 1270.8 MB Available physical RAM: 1011.45 MB Total Pagefile: 1106.27 MB Available Pagefile: 1042.55 MB Total Virtual: 2047.88 MB Available Virtual: 1986.33 MB ==================== Drives ================================ Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS Drive c: (HDD) (Fixed) (Total:32.27 GB) (Free:3.24 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (HITMANPRO) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 38 GB) (Disk ID: 0165E8AA) Partition 1: (Not Active) - (Size=6 GB) - (Type=1B) Partition 2: (Active) - (Size=32 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 4 GB) (Disk ID: E54FA68B) Partition 1: (Active) - (Size=4 GB) - (Type=0B) ==================== End Of Log ============================ ListParts by Farbar Version: 10-05-2013 Ran by SYSTEM (administrator) on 31-07-2013 at 15:33:53 Windows XP (X86) Running From: D:\ Language: 0409 ************************************************************ ========================= Memory info ====================== Percentage of memory in use: 16% Total physical RAM: 1270.8 MB Available physical RAM: 1064.48 MB Total Pagefile: 1106.27 MB Available Pagefile: 1052.2 MB Total Virtual: 2047.88 MB Available Virtual: 2007.38 MB ======================= Partitions ========================= 2 Drive b: (RAMDisk) (Fixed) (Total:0.06 GB) (Free:0.06 GB) NTFS 3 Drive c: (HDD) (Fixed) (Total:32.27 GB) (Free:3.24 GB) NTFS ==>[Drive with boot components (Windows XP)] 4 Drive d: (HITMANPRO) (Removable) (Total:3.72 GB) (Free:3.72 GB) FAT32 5 Drive x: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS Disk ### Status Size Free Dyn Gpt -------- ---------- ------- ------- --- --- Disk 0 Online 38 GB 0 B Partitions of Disk 0: =============== The disk management services could not complete the operation. ====================================================================================================== ============================== MBR Partition Table ================== ============================== Partitions of Disk 0: =============== Disk ID: 0165E8AA Partition 1: (Not Active) - (Size=6 GB) - (Type=1B) Partition 2: (Active) - (Size=32 GB) - (Type=07 NTFS) ****** End Of Log ****** [/QUOTE]
Insert quotes…
Verification
Post reply
Top
