Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

zero access too


  • This topic is locked This topic is locked
20 replies to this topic

#1 2stumpy

2stumpy

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:north
  • Local time:09:45 PM

Posted 28 May 2014 - 07:06 PM

hello people

first i ran rkill which told me what i Attached File  attach.txt   18.57KB   1 downloadsAttached File  dds.txt   8.86KB   2 downloadshad.then i came here.dds logs are here.sorry about the attachments.wouldn,t copy and paste.

 

will check back tomorrow.around 6pm est. TIA


Edited by 2stumpy, 28 May 2014 - 07:37 PM.


BC AdBot (Login to Remove)

 


#2 2stumpy

2stumpy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:north
  • Local time:09:45 PM

Posted 29 May 2014 - 04:42 PM

sorry for the above post but i'am unable to cut paste the log.



#3 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:45 PM

Posted 29 May 2014 - 06:54 PM

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#4 2stumpy

2stumpy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:north
  • Local time:09:45 PM

Posted 30 May 2014 - 06:01 PM

Running from F:\
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
() C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe [113136 2007-08-14] ()
HKLM\...\Run: [Conime] => C:\WINDOWS\system32\conime.exe [27648 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.googlechrome.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN11582582302764825&UM=2
CHR StartupUrls: "https://www.google.com/webhp?hl=en&tab=ww"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-29]
CHR Extension: (Google Drive) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-29]
CHR Extension: (Google Search) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-29]

========================== Services (Whitelisted) =================

R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [72176 2007-08-24] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2007-08-24] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2007-08-24] (Sonic Solutions)
S4 SessionLauncher; C:\DOCUME~1\don\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-30] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [245248 2005-11-24] (Ralink Technology, Corp.)
S4 RxFilter; C:\WINDOWS\System32\DRIVERS\RxFilter.sys [57328 2007-08-18] (Sonic Solutions)
S3 catchme; \??\C:\DOCUME~1\don\LOCALS~1\Temp\catchme.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-30 18:44 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 18:43 - 2014-05-30 18:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 18:43 - 2014-05-12 07:35 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-30 18:43 - 2014-05-12 07:35 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-29 19:26 - 2014-05-29 19:26 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-29 19:26 - 2014-05-29 19:26 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-05-29 18:43 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\350564B8.sys
2014-05-29 18:43 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\22C6168A.sys
2014-05-29 18:41 - 2014-05-29 18:41 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-05-29 17:28 - 2014-05-29 17:28 - 00018691 _____ () C:\Documents and Settings\don\Desktop\attach.txt
2014-05-29 17:28 - 2014-05-29 17:28 - 00008817 _____ () C:\Documents and Settings\don\Desktop\dds.txt
2014-05-28 19:04 - 2014-05-28 19:04 - 00000000 ___HD () C:\WINDOWS\PIF
2014-05-28 17:44 - 2014-05-29 19:09 - 00028484 _____ () C:\WINDOWS\setupapi.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000116 _____ () C:\WINDOWS\setupact.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-28 17:44 - 2008-04-13 20:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2014-05-26 17:04 - 2014-05-26 17:04 - 00000259 _____ () C:\Documents and Settings\don\Desktop\Shortcut to FRST.lnk
2014-05-26 17:00 - 2014-05-30 18:46 - 00000000 ____D () C:\FRST
2014-05-25 09:27 - 2014-05-30 18:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-17 14:34 - 2014-05-17 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Sierra
2014-05-17 13:29 - 1996-04-29 08:20 - 00289280 _____ (InstallShield Corporation, Inc.) C:\WINDOWS\uninst.exe
2014-05-17 13:27 - 2014-05-17 14:34 - 00000000 ____D () C:\WINDOWS\solcache
2014-05-17 13:27 - 2014-05-17 14:34 - 00000000 ____D () C:\SIERRA
2014-05-17 13:27 - 2014-05-17 14:33 - 00000000 ____D () C:\Program Files\Sierra On-Line
2014-05-17 13:27 - 1997-11-18 08:35 - 01016832 _____ (CUC Software) C:\WINDOWS\system32\SierraNW.dll
2014-05-17 13:27 - 1997-11-18 08:35 - 00230400 _____ (CUC Software) C:\WINDOWS\system32\SNWValid.dll
2014-05-17 13:27 - 1997-11-18 08:34 - 00011113 _____ () C:\WINDOWS\system32\SNWVALID.HLP
2014-05-17 13:26 - 2014-05-17 14:34 - 00000351 _____ () C:\WINDOWS\SIERRA.INI
2014-05-16 16:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-15 23:53 - 2014-05-15 23:53 - 00054016 _____ () C:\WINDOWS\system32\Drivers\jwiuuw.sys
2014-05-13 18:33 - 2014-05-13 18:33 - 00000610 _____ () C:\Documents and Settings\don\Desktop\FMS.lnk
2014-05-01 18:48 - 2014-05-01 18:49 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log

==================== One Month Modified Files and Folders =======

2014-05-30 18:46 - 2014-05-26 17:00 - 00000000 ____D () C:\FRST
2014-05-30 18:44 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 18:44 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\350564B8.sys
2014-05-30 18:43 - 2014-05-30 18:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 18:43 - 2014-05-25 09:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-30 18:43 - 2012-01-05 21:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kodak
2014-05-30 18:42 - 2013-09-25 20:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-05-30 18:41 - 2012-11-14 21:23 - 01550023 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-30 18:39 - 2013-06-29 17:00 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 18:37 - 2014-03-27 07:44 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-30 18:37 - 2014-03-08 15:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-05-30 18:37 - 2013-06-29 17:00 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-30 18:37 - 2012-11-15 11:54 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-30 18:37 - 2012-11-15 11:54 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-30 18:37 - 2011-02-25 19:54 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-30 18:37 - 2004-08-04 08:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-29 19:41 - 2012-11-15 11:53 - 00032522 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-29 19:40 - 2011-02-25 19:56 - 00000178 ___SH () C:\Documents and Settings\don\ntuser.ini
2014-05-29 19:26 - 2014-05-29 19:26 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-29 19:26 - 2014-05-29 19:26 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-05-29 19:26 - 2012-12-06 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-05-29 19:26 - 2011-04-01 20:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-29 19:25 - 2011-04-01 20:21 - 00000000 ____D () C:\Program Files\Adobe
2014-05-29 19:13 - 2011-02-25 19:54 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-29 19:09 - 2014-05-28 17:44 - 00028484 _____ () C:\WINDOWS\setupapi.log
2014-05-29 19:09 - 2014-03-31 11:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-29 18:57 - 2012-04-06 13:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-29 18:43 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\22C6168A.sys
2014-05-29 18:41 - 2014-05-29 18:41 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-05-29 18:40 - 2011-12-03 17:20 - 00000000 ____D () C:\Documents and Settings\don\Application Data\Malwarebytes
2014-05-29 17:28 - 2014-05-29 17:28 - 00018691 _____ () C:\Documents and Settings\don\Desktop\attach.txt
2014-05-29 17:28 - 2014-05-29 17:28 - 00008817 _____ () C:\Documents and Settings\don\Desktop\dds.txt
2014-05-28 19:05 - 2013-04-14 00:23 - 00000000 ____D () C:\378fef47-f4a7-4133-99b4-18e9f3e076bbad
2014-05-28 19:04 - 2014-05-28 19:04 - 00000000 ___HD () C:\WINDOWS\PIF
2014-05-28 18:54 - 2011-03-12 19:35 - 00000000 ____D () C:\Qoobox
2014-05-28 18:25 - 2011-03-28 17:51 - 00057856 _____ () C:\Documents and Settings\don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-28 18:24 - 2013-09-21 14:43 - 00000000 ____D () C:\Program Files\Ares
2014-05-28 18:22 - 2012-03-03 20:57 - 00000000 ____D () C:\Program Files\Incomplete
2014-05-28 18:10 - 2012-06-27 22:54 - 00000000 ____D () C:\Documents and Settings\don\Application Data\Media Player Classic
2014-05-28 17:53 - 2012-01-09 15:18 - 00000000 ____D () C:\Documents and Settings\don\My Documents\01-09-2012
2014-05-28 17:44 - 2014-05-28 17:44 - 00000116 _____ () C:\WINDOWS\setupact.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-27 09:12 - 2011-03-01 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-27 08:52 - 2011-02-25 19:56 - 00000000 ____D () C:\Documents and Settings\don
2014-05-26 18:03 - 2004-08-04 08:00 - 00000264 _____ () C:\WINDOWS\system.ini
2014-05-26 17:12 - 2011-02-25 14:31 - 00000355 __RSH () C:\boot.ini
2014-05-26 17:12 - 2004-08-04 08:00 - 00000558 _____ () C:\WINDOWS\win.ini
2014-05-26 17:04 - 2014-05-26 17:04 - 00000259 _____ () C:\Documents and Settings\don\Desktop\Shortcut to FRST.lnk
2014-05-25 09:27 - 2011-12-03 17:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-22 18:41 - 2013-06-29 17:02 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-05-19 11:27 - 2011-02-25 14:26 - 00000000 ____D () C:\WINDOWS\twain_32
2014-05-19 08:53 - 2014-03-08 15:28 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-18 11:38 - 2012-01-05 21:25 - 00076656 ____C () C:\Documents and Settings\don\Local Settings\Application Data\installer.log
2014-05-17 14:34 - 2014-05-17 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Sierra
2014-05-17 14:34 - 2014-05-17 13:27 - 00000000 ____D () C:\WINDOWS\solcache
2014-05-17 14:34 - 2014-05-17 13:27 - 00000000 ____D () C:\SIERRA
2014-05-17 14:34 - 2014-05-17 13:26 - 00000351 _____ () C:\WINDOWS\SIERRA.INI
2014-05-17 14:33 - 2014-05-17 13:27 - 00000000 ____D () C:\Program Files\Sierra On-Line
2014-05-15 23:53 - 2014-05-15 23:53 - 00054016 _____ () C:\WINDOWS\system32\Drivers\jwiuuw.sys
2014-05-14 21:49 - 2013-07-19 00:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 21:46 - 2011-03-13 17:59 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-13 18:33 - 2014-05-13 18:33 - 00000610 _____ () C:\Documents and Settings\don\Desktop\FMS.lnk
2014-05-13 15:57 - 2012-04-06 13:28 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-13 15:57 - 2011-06-09 11:06 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-13 14:17 - 2013-11-25 22:56 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2013-10-31 23:30 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2013-08-01 17:08 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys
2014-05-12 07:35 - 2014-05-30 18:43 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:35 - 2014-05-30 18:43 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-08 15:59 - 2014-03-27 07:44 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-02 23:05 - 2011-03-13 12:45 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-01 18:49 - 2014-05-01 18:48 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
2014-05-01 18:49 - 2013-06-28 14:47 - 00000000 ____D () C:\Program Files\Java
2014-04-30 04:13 - 2004-08-04 08:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 04:13 - 2004-08-04 08:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

ZeroAccess:
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@

ZeroAccess:
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit


Running from F:\
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
() C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe [113136 2007-08-14] ()
HKLM\...\Run: [Conime] => C:\WINDOWS\system32\conime.exe [27648 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.googlechrome.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN11582582302764825&UM=2
CHR StartupUrls: "https://www.google.com/webhp?hl=en&tab=ww"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-29]
CHR Extension: (Google Drive) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-29]
CHR Extension: (Google Search) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-29]

========================== Services (Whitelisted) =================

R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [72176 2007-08-24] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2007-08-24] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2007-08-24] (Sonic Solutions)
S4 SessionLauncher; C:\DOCUME~1\don\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-30] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [245248 2005-11-24] (Ralink Technology, Corp.)
S4 RxFilter; C:\WINDOWS\System32\DRIVERS\RxFilter.sys [57328 2007-08-18] (Sonic Solutions)
S3 catchme; \??\C:\DOCUME~1\don\LOCALS~1\Temp\catchme.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-30 18:44 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 18:43 - 2014-05-30 18:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 18:43 - 2014-05-12 07:35 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-30 18:43 - 2014-05-12 07:35 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-29 19:26 - 2014-05-29 19:26 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-29 19:26 - 2014-05-29 19:26 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-05-29 18:43 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\350564B8.sys
2014-05-29 18:43 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\22C6168A.sys
2014-05-29 18:41 - 2014-05-29 18:41 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-05-29 17:28 - 2014-05-29 17:28 - 00018691 _____ () C:\Documents and Settings\don\Desktop\attach.txt
2014-05-29 17:28 - 2014-05-29 17:28 - 00008817 _____ () C:\Documents and Settings\don\Desktop\dds.txt
2014-05-28 19:04 - 2014-05-28 19:04 - 00000000 ___HD () C:\WINDOWS\PIF
2014-05-28 17:44 - 2014-05-29 19:09 - 00028484 _____ () C:\WINDOWS\setupapi.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000116 _____ () C:\WINDOWS\setupact.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-28 17:44 - 2008-04-13 20:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2014-05-26 17:04 - 2014-05-26 17:04 - 00000259 _____ () C:\Documents and Settings\don\Desktop\Shortcut to FRST.lnk
2014-05-26 17:00 - 2014-05-30 18:46 - 00000000 ____D () C:\FRST
2014-05-25 09:27 - 2014-05-30 18:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-17 14:34 - 2014-05-17 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Sierra
2014-05-17 13:29 - 1996-04-29 08:20 - 00289280 _____ (InstallShield Corporation, Inc.) C:\WINDOWS\uninst.exe
2014-05-17 13:27 - 2014-05-17 14:34 - 00000000 ____D () C:\WINDOWS\solcache
2014-05-17 13:27 - 2014-05-17 14:34 - 00000000 ____D () C:\SIERRA
2014-05-17 13:27 - 2014-05-17 14:33 - 00000000 ____D () C:\Program Files\Sierra On-Line
2014-05-17 13:27 - 1997-11-18 08:35 - 01016832 _____ (CUC Software) C:\WINDOWS\system32\SierraNW.dll
2014-05-17 13:27 - 1997-11-18 08:35 - 00230400 _____ (CUC Software) C:\WINDOWS\system32\SNWValid.dll
2014-05-17 13:27 - 1997-11-18 08:34 - 00011113 _____ () C:\WINDOWS\system32\SNWVALID.HLP
2014-05-17 13:26 - 2014-05-17 14:34 - 00000351 _____ () C:\WINDOWS\SIERRA.INI
2014-05-16 16:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-15 23:53 - 2014-05-15 23:53 - 00054016 _____ () C:\WINDOWS\system32\Drivers\jwiuuw.sys
2014-05-13 18:33 - 2014-05-13 18:33 - 00000610 _____ () C:\Documents and Settings\don\Desktop\FMS.lnk
2014-05-01 18:48 - 2014-05-01 18:49 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log

==================== One Month Modified Files and Folders =======

2014-05-30 18:46 - 2014-05-26 17:00 - 00000000 ____D () C:\FRST
2014-05-30 18:44 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 18:44 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\350564B8.sys
2014-05-30 18:43 - 2014-05-30 18:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 18:43 - 2014-05-25 09:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-30 18:43 - 2012-01-05 21:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kodak
2014-05-30 18:42 - 2013-09-25 20:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-05-30 18:41 - 2012-11-14 21:23 - 01550023 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-30 18:39 - 2013-06-29 17:00 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 18:37 - 2014-03-27 07:44 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-30 18:37 - 2014-03-08 15:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-05-30 18:37 - 2013-06-29 17:00 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-30 18:37 - 2012-11-15 11:54 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-30 18:37 - 2012-11-15 11:54 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-30 18:37 - 2011-02-25 19:54 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-30 18:37 - 2004-08-04 08:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-29 19:41 - 2012-11-15 11:53 - 00032522 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-29 19:40 - 2011-02-25 19:56 - 00000178 ___SH () C:\Documents and Settings\don\ntuser.ini
2014-05-29 19:26 - 2014-05-29 19:26 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-29 19:26 - 2014-05-29 19:26 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-05-29 19:26 - 2012-12-06 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-05-29 19:26 - 2011-04-01 20:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-29 19:25 - 2011-04-01 20:21 - 00000000 ____D () C:\Program Files\Adobe
2014-05-29 19:13 - 2011-02-25 19:54 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-29 19:09 - 2014-05-28 17:44 - 00028484 _____ () C:\WINDOWS\setupapi.log
2014-05-29 19:09 - 2014-03-31 11:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-29 18:57 - 2012-04-06 13:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-29 18:43 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\22C6168A.sys
2014-05-29 18:41 - 2014-05-29 18:41 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-05-29 18:40 - 2011-12-03 17:20 - 00000000 ____D () C:\Documents and Settings\don\Application Data\Malwarebytes
2014-05-29 17:28 - 2014-05-29 17:28 - 00018691 _____ () C:\Documents and Settings\don\Desktop\attach.txt
2014-05-29 17:28 - 2014-05-29 17:28 - 00008817 _____ () C:\Documents and Settings\don\Desktop\dds.txt
2014-05-28 19:05 - 2013-04-14 00:23 - 00000000 ____D () C:\378fef47-f4a7-4133-99b4-18e9f3e076bbad
2014-05-28 19:04 - 2014-05-28 19:04 - 00000000 ___HD () C:\WINDOWS\PIF
2014-05-28 18:54 - 2011-03-12 19:35 - 00000000 ____D () C:\Qoobox
2014-05-28 18:25 - 2011-03-28 17:51 - 00057856 _____ () C:\Documents and Settings\don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-28 18:24 - 2013-09-21 14:43 - 00000000 ____D () C:\Program Files\Ares
2014-05-28 18:22 - 2012-03-03 20:57 - 00000000 ____D () C:\Program Files\Incomplete
2014-05-28 18:10 - 2012-06-27 22:54 - 00000000 ____D () C:\Documents and Settings\don\Application Data\Media Player Classic
2014-05-28 17:53 - 2012-01-09 15:18 - 00000000 ____D () C:\Documents and Settings\don\My Documents\01-09-2012
2014-05-28 17:44 - 2014-05-28 17:44 - 00000116 _____ () C:\WINDOWS\setupact.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-27 09:12 - 2011-03-01 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-27 08:52 - 2011-02-25 19:56 - 00000000 ____D () C:\Documents and Settings\don
2014-05-26 18:03 - 2004-08-04 08:00 - 00000264 _____ () C:\WINDOWS\system.ini
2014-05-26 17:12 - 2011-02-25 14:31 - 00000355 __RSH () C:\boot.ini
2014-05-26 17:12 - 2004-08-04 08:00 - 00000558 _____ () C:\WINDOWS\win.ini
2014-05-26 17:04 - 2014-05-26 17:04 - 00000259 _____ () C:\Documents and Settings\don\Desktop\Shortcut to FRST.lnk
2014-05-25 09:27 - 2011-12-03 17:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-22 18:41 - 2013-06-29 17:02 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-05-19 11:27 - 2011-02-25 14:26 - 00000000 ____D () C:\WINDOWS\twain_32
2014-05-19 08:53 - 2014-03-08 15:28 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-18 11:38 - 2012-01-05 21:25 - 00076656 ____C () C:\Documents and Settings\don\Local Settings\Application Data\installer.log
2014-05-17 14:34 - 2014-05-17 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Sierra
2014-05-17 14:34 - 2014-05-17 13:27 - 00000000 ____D () C:\WINDOWS\solcache
2014-05-17 14:34 - 2014-05-17 13:27 - 00000000 ____D () C:\SIERRA
2014-05-17 14:34 - 2014-05-17 13:26 - 00000351 _____ () C:\WINDOWS\SIERRA.INI
2014-05-17 14:33 - 2014-05-17 13:27 - 00000000 ____D () C:\Program Files\Sierra On-Line
2014-05-15 23:53 - 2014-05-15 23:53 - 00054016 _____ () C:\WINDOWS\system32\Drivers\jwiuuw.sys
2014-05-14 21:49 - 2013-07-19 00:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 21:46 - 2011-03-13 17:59 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-13 18:33 - 2014-05-13 18:33 - 00000610 _____ () C:\Documents and Settings\don\Desktop\FMS.lnk
2014-05-13 15:57 - 2012-04-06 13:28 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-13 15:57 - 2011-06-09 11:06 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-13 14:17 - 2013-11-25 22:56 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2013-10-31 23:30 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2013-08-01 17:08 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys
2014-05-12 07:35 - 2014-05-30 18:43 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:35 - 2014-05-30 18:43 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-08 15:59 - 2014-03-27 07:44 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-02 23:05 - 2011-03-13 12:45 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-01 18:49 - 2014-05-01 18:48 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
2014-05-01 18:49 - 2013-06-28 14:47 - 00000000 ____D () C:\Program Files\Java
2014-04-30 04:13 - 2004-08-04 08:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 04:13 - 2004-08-04 08:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

ZeroAccess:
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@

ZeroAccess:
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit


Running from F:\
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
() C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe [113136 2007-08-14] ()
HKLM\...\Run: [Conime] => C:\WINDOWS\system32\conime.exe [27648 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.googlechrome.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN11582582302764825&UM=2
CHR StartupUrls: "https://www.google.com/webhp?hl=en&tab=ww"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-29]
CHR Extension: (Google Drive) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-29]
CHR Extension: (Google Search) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-29]

========================== Services (Whitelisted) =================

R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [72176 2007-08-24] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2007-08-24] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2007-08-24] (Sonic Solutions)
S4 SessionLauncher; C:\DOCUME~1\don\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-30] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [245248 2005-11-24] (Ralink Technology, Corp.)
S4 RxFilter; C:\WINDOWS\System32\DRIVERS\RxFilter.sys [57328 2007-08-18] (Sonic Solutions)
S3 catchme; \??\C:\DOCUME~1\don\LOCALS~1\Temp\catchme.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-30 18:44 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 18:43 - 2014-05-30 18:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 18:43 - 2014-05-12 07:35 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-30 18:43 - 2014-05-12 07:35 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-29 19:26 - 2014-05-29 19:26 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-29 19:26 - 2014-05-29 19:26 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-05-29 18:43 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\350564B8.sys
2014-05-29 18:43 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\22C6168A.sys
2014-05-29 18:41 - 2014-05-29 18:41 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-05-29 17:28 - 2014-05-29 17:28 - 00018691 _____ () C:\Documents and Settings\don\Desktop\attach.txt
2014-05-29 17:28 - 2014-05-29 17:28 - 00008817 _____ () C:\Documents and Settings\don\Desktop\dds.txt
2014-05-28 19:04 - 2014-05-28 19:04 - 00000000 ___HD () C:\WINDOWS\PIF
2014-05-28 17:44 - 2014-05-29 19:09 - 00028484 _____ () C:\WINDOWS\setupapi.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000116 _____ () C:\WINDOWS\setupact.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-28 17:44 - 2008-04-13 20:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2014-05-26 17:04 - 2014-05-26 17:04 - 00000259 _____ () C:\Documents and Settings\don\Desktop\Shortcut to FRST.lnk
2014-05-26 17:00 - 2014-05-30 18:46 - 00000000 ____D () C:\FRST
2014-05-25 09:27 - 2014-05-30 18:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-17 14:34 - 2014-05-17 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Sierra
2014-05-17 13:29 - 1996-04-29 08:20 - 00289280 _____ (InstallShield Corporation, Inc.) C:\WINDOWS\uninst.exe
2014-05-17 13:27 - 2014-05-17 14:34 - 00000000 ____D () C:\WINDOWS\solcache
2014-05-17 13:27 - 2014-05-17 14:34 - 00000000 ____D () C:\SIERRA
2014-05-17 13:27 - 2014-05-17 14:33 - 00000000 ____D () C:\Program Files\Sierra On-Line
2014-05-17 13:27 - 1997-11-18 08:35 - 01016832 _____ (CUC Software) C:\WINDOWS\system32\SierraNW.dll
2014-05-17 13:27 - 1997-11-18 08:35 - 00230400 _____ (CUC Software) C:\WINDOWS\system32\SNWValid.dll
2014-05-17 13:27 - 1997-11-18 08:34 - 00011113 _____ () C:\WINDOWS\system32\SNWVALID.HLP
2014-05-17 13:26 - 2014-05-17 14:34 - 00000351 _____ () C:\WINDOWS\SIERRA.INI
2014-05-16 16:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-15 23:53 - 2014-05-15 23:53 - 00054016 _____ () C:\WINDOWS\system32\Drivers\jwiuuw.sys
2014-05-13 18:33 - 2014-05-13 18:33 - 00000610 _____ () C:\Documents and Settings\don\Desktop\FMS.lnk
2014-05-01 18:48 - 2014-05-01 18:49 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log

==================== One Month Modified Files and Folders =======

2014-05-30 18:46 - 2014-05-26 17:00 - 00000000 ____D () C:\FRST
2014-05-30 18:44 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 18:44 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\350564B8.sys
2014-05-30 18:43 - 2014-05-30 18:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 18:43 - 2014-05-25 09:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-30 18:43 - 2012-01-05 21:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kodak
2014-05-30 18:42 - 2013-09-25 20:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-05-30 18:41 - 2012-11-14 21:23 - 01550023 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-30 18:39 - 2013-06-29 17:00 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 18:37 - 2014-03-27 07:44 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-30 18:37 - 2014-03-08 15:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-05-30 18:37 - 2013-06-29 17:00 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-30 18:37 - 2012-11-15 11:54 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-30 18:37 - 2012-11-15 11:54 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-30 18:37 - 2011-02-25 19:54 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-30 18:37 - 2004-08-04 08:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-29 19:41 - 2012-11-15 11:53 - 00032522 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-29 19:40 - 2011-02-25 19:56 - 00000178 ___SH () C:\Documents and Settings\don\ntuser.ini
2014-05-29 19:26 - 2014-05-29 19:26 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-29 19:26 - 2014-05-29 19:26 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-05-29 19:26 - 2012-12-06 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-05-29 19:26 - 2011-04-01 20:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-29 19:25 - 2011-04-01 20:21 - 00000000 ____D () C:\Program Files\Adobe
2014-05-29 19:13 - 2011-02-25 19:54 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-29 19:09 - 2014-05-28 17:44 - 00028484 _____ () C:\WINDOWS\setupapi.log
2014-05-29 19:09 - 2014-03-31 11:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-29 18:57 - 2012-04-06 13:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-29 18:43 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\22C6168A.sys
2014-05-29 18:41 - 2014-05-29 18:41 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-05-29 18:40 - 2011-12-03 17:20 - 00000000 ____D () C:\Documents and Settings\don\Application Data\Malwarebytes
2014-05-29 17:28 - 2014-05-29 17:28 - 00018691 _____ () C:\Documents and Settings\don\Desktop\attach.txt
2014-05-29 17:28 - 2014-05-29 17:28 - 00008817 _____ () C:\Documents and Settings\don\Desktop\dds.txt
2014-05-28 19:05 - 2013-04-14 00:23 - 00000000 ____D () C:\378fef47-f4a7-4133-99b4-18e9f3e076bbad
2014-05-28 19:04 - 2014-05-28 19:04 - 00000000 ___HD () C:\WINDOWS\PIF
2014-05-28 18:54 - 2011-03-12 19:35 - 00000000 ____D () C:\Qoobox
2014-05-28 18:25 - 2011-03-28 17:51 - 00057856 _____ () C:\Documents and Settings\don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-28 18:24 - 2013-09-21 14:43 - 00000000 ____D () C:\Program Files\Ares
2014-05-28 18:22 - 2012-03-03 20:57 - 00000000 ____D () C:\Program Files\Incomplete
2014-05-28 18:10 - 2012-06-27 22:54 - 00000000 ____D () C:\Documents and Settings\don\Application Data\Media Player Classic
2014-05-28 17:53 - 2012-01-09 15:18 - 00000000 ____D () C:\Documents and Settings\don\My Documents\01-09-2012
2014-05-28 17:44 - 2014-05-28 17:44 - 00000116 _____ () C:\WINDOWS\setupact.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-27 09:12 - 2011-03-01 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-27 08:52 - 2011-02-25 19:56 - 00000000 ____D () C:\Documents and Settings\don
2014-05-26 18:03 - 2004-08-04 08:00 - 00000264 _____ () C:\WINDOWS\system.ini
2014-05-26 17:12 - 2011-02-25 14:31 - 00000355 __RSH () C:\boot.ini
2014-05-26 17:12 - 2004-08-04 08:00 - 00000558 _____ () C:\WINDOWS\win.ini
2014-05-26 17:04 - 2014-05-26 17:04 - 00000259 _____ () C:\Documents and Settings\don\Desktop\Shortcut to FRST.lnk
2014-05-25 09:27 - 2011-12-03 17:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-22 18:41 - 2013-06-29 17:02 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-05-19 11:27 - 2011-02-25 14:26 - 00000000 ____D () C:\WINDOWS\twain_32
2014-05-19 08:53 - 2014-03-08 15:28 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-18 11:38 - 2012-01-05 21:25 - 00076656 ____C () C:\Documents and Settings\don\Local Settings\Application Data\installer.log
2014-05-17 14:34 - 2014-05-17 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Sierra
2014-05-17 14:34 - 2014-05-17 13:27 - 00000000 ____D () C:\WINDOWS\solcache
2014-05-17 14:34 - 2014-05-17 13:27 - 00000000 ____D () C:\SIERRA
2014-05-17 14:34 - 2014-05-17 13:26 - 00000351 _____ () C:\WINDOWS\SIERRA.INI
2014-05-17 14:33 - 2014-05-17 13:27 - 00000000 ____D () C:\Program Files\Sierra On-Line
2014-05-15 23:53 - 2014-05-15 23:53 - 00054016 _____ () C:\WINDOWS\system32\Drivers\jwiuuw.sys
2014-05-14 21:49 - 2013-07-19 00:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 21:46 - 2011-03-13 17:59 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-13 18:33 - 2014-05-13 18:33 - 00000610 _____ () C:\Documents and Settings\don\Desktop\FMS.lnk
2014-05-13 15:57 - 2012-04-06 13:28 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-13 15:57 - 2011-06-09 11:06 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-13 14:17 - 2013-11-25 22:56 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2013-10-31 23:30 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2013-08-01 17:08 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys
2014-05-12 07:35 - 2014-05-30 18:43 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:35 - 2014-05-30 18:43 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-08 15:59 - 2014-03-27 07:44 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-02 23:05 - 2011-03-13 12:45 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-01 18:49 - 2014-05-01 18:48 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
2014-05-01 18:49 - 2013-06-28 14:47 - 00000000 ____D () C:\Program Files\Java
2014-04-30 04:13 - 2004-08-04 08:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 04:13 - 2004-08-04 08:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

ZeroAccess:
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@

ZeroAccess:
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit


Running from F:\
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
() C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe [113136 2007-08-14] ()
HKLM\...\Run: [Conime] => C:\WINDOWS\system32\conime.exe [27648 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.googlechrome.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN11582582302764825&UM=2
CHR StartupUrls: "https://www.google.com/webhp?hl=en&tab=ww"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-29]
CHR Extension: (Google Drive) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-29]
CHR Extension: (Google Search) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-29]

========================== Services (Whitelisted) =================

R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [72176 2007-08-24] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2007-08-24] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2007-08-24] (Sonic Solutions)
S4 SessionLauncher; C:\DOCUME~1\don\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-30] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [245248 2005-11-24] (Ralink Technology, Corp.)
S4 RxFilter; C:\WINDOWS\System32\DRIVERS\RxFilter.sys [57328 2007-08-18] (Sonic Solutions)
S3 catchme; \??\C:\DOCUME~1\don\LOCALS~1\Temp\catchme.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-30 18:44 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 18:43 - 2014-05-30 18:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 18:43 - 2014-05-12 07:35 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-30 18:43 - 2014-05-12 07:35 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-29 19:26 - 2014-05-29 19:26 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-29 19:26 - 2014-05-29 19:26 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-05-29 18:43 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\350564B8.sys
2014-05-29 18:43 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\22C6168A.sys
2014-05-29 18:41 - 2014-05-29 18:41 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-05-29 17:28 - 2014-05-29 17:28 - 00018691 _____ () C:\Documents and Settings\don\Desktop\attach.txt
2014-05-29 17:28 - 2014-05-29 17:28 - 00008817 _____ () C:\Documents and Settings\don\Desktop\dds.txt
2014-05-28 19:04 - 2014-05-28 19:04 - 00000000 ___HD () C:\WINDOWS\PIF
2014-05-28 17:44 - 2014-05-29 19:09 - 00028484 _____ () C:\WINDOWS\setupapi.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000116 _____ () C:\WINDOWS\setupact.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-28 17:44 - 2008-04-13 20:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2014-05-26 17:04 - 2014-05-26 17:04 - 00000259 _____ () C:\Documents and Settings\don\Desktop\Shortcut to FRST.lnk
2014-05-26 17:00 - 2014-05-30 18:46 - 00000000 ____D () C:\FRST
2014-05-25 09:27 - 2014-05-30 18:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-17 14:34 - 2014-05-17 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Sierra
2014-05-17 13:29 - 1996-04-29 08:20 - 00289280 _____ (InstallShield Corporation, Inc.) C:\WINDOWS\uninst.exe
2014-05-17 13:27 - 2014-05-17 14:34 - 00000000 ____D () C:\WINDOWS\solcache
2014-05-17 13:27 - 2014-05-17 14:34 - 00000000 ____D () C:\SIERRA
2014-05-17 13:27 - 2014-05-17 14:33 - 00000000 ____D () C:\Program Files\Sierra On-Line
2014-05-17 13:27 - 1997-11-18 08:35 - 01016832 _____ (CUC Software) C:\WINDOWS\system32\SierraNW.dll
2014-05-17 13:27 - 1997-11-18 08:35 - 00230400 _____ (CUC Software) C:\WINDOWS\system32\SNWValid.dll
2014-05-17 13:27 - 1997-11-18 08:34 - 00011113 _____ () C:\WINDOWS\system32\SNWVALID.HLP
2014-05-17 13:26 - 2014-05-17 14:34 - 00000351 _____ () C:\WINDOWS\SIERRA.INI
2014-05-16 16:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-15 23:53 - 2014-05-15 23:53 - 00054016 _____ () C:\WINDOWS\system32\Drivers\jwiuuw.sys
2014-05-13 18:33 - 2014-05-13 18:33 - 00000610 _____ () C:\Documents and Settings\don\Desktop\FMS.lnk
2014-05-01 18:48 - 2014-05-01 18:49 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log

==================== One Month Modified Files and Folders =======

2014-05-30 18:46 - 2014-05-26 17:00 - 00000000 ____D () C:\FRST
2014-05-30 18:44 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 18:44 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\350564B8.sys
2014-05-30 18:43 - 2014-05-30 18:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 18:43 - 2014-05-25 09:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-30 18:43 - 2012-01-05 21:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kodak
2014-05-30 18:42 - 2013-09-25 20:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-05-30 18:41 - 2012-11-14 21:23 - 01550023 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-30 18:39 - 2013-06-29 17:00 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 18:37 - 2014-03-27 07:44 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-30 18:37 - 2014-03-08 15:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-05-30 18:37 - 2013-06-29 17:00 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-30 18:37 - 2012-11-15 11:54 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-30 18:37 - 2012-11-15 11:54 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-30 18:37 - 2011-02-25 19:54 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-30 18:37 - 2004-08-04 08:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-29 19:41 - 2012-11-15 11:53 - 00032522 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-29 19:40 - 2011-02-25 19:56 - 00000178 ___SH () C:\Documents and Settings\don\ntuser.ini
2014-05-29 19:26 - 2014-05-29 19:26 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-29 19:26 - 2014-05-29 19:26 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-05-29 19:26 - 2012-12-06 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-05-29 19:26 - 2011-04-01 20:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-29 19:25 - 2011-04-01 20:21 - 00000000 ____D () C:\Program Files\Adobe
2014-05-29 19:13 - 2011-02-25 19:54 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-29 19:09 - 2014-05-28 17:44 - 00028484 _____ () C:\WINDOWS\setupapi.log
2014-05-29 19:09 - 2014-03-31 11:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-29 18:57 - 2012-04-06 13:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-29 18:43 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\22C6168A.sys
2014-05-29 18:41 - 2014-05-29 18:41 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-05-29 18:40 - 2011-12-03 17:20 - 00000000 ____D () C:\Documents and Settings\don\Application Data\Malwarebytes
2014-05-29 17:28 - 2014-05-29 17:28 - 00018691 _____ () C:\Documents and Settings\don\Desktop\attach.txt
2014-05-29 17:28 - 2014-05-29 17:28 - 00008817 _____ () C:\Documents and Settings\don\Desktop\dds.txt
2014-05-28 19:05 - 2013-04-14 00:23 - 00000000 ____D () C:\378fef47-f4a7-4133-99b4-18e9f3e076bbad
2014-05-28 19:04 - 2014-05-28 19:04 - 00000000 ___HD () C:\WINDOWS\PIF
2014-05-28 18:54 - 2011-03-12 19:35 - 00000000 ____D () C:\Qoobox
2014-05-28 18:25 - 2011-03-28 17:51 - 00057856 _____ () C:\Documents and Settings\don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-28 18:24 - 2013-09-21 14:43 - 00000000 ____D () C:\Program Files\Ares
2014-05-28 18:22 - 2012-03-03 20:57 - 00000000 ____D () C:\Program Files\Incomplete
2014-05-28 18:10 - 2012-06-27 22:54 - 00000000 ____D () C:\Documents and Settings\don\Application Data\Media Player Classic
2014-05-28 17:53 - 2012-01-09 15:18 - 00000000 ____D () C:\Documents and Settings\don\My Documents\01-09-2012
2014-05-28 17:44 - 2014-05-28 17:44 - 00000116 _____ () C:\WINDOWS\setupact.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-27 09:12 - 2011-03-01 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-27 08:52 - 2011-02-25 19:56 - 00000000 ____D () C:\Documents and Settings\don
2014-05-26 18:03 - 2004-08-04 08:00 - 00000264 _____ () C:\WINDOWS\system.ini
2014-05-26 17:12 - 2011-02-25 14:31 - 00000355 __RSH () C:\boot.ini
2014-05-26 17:12 - 2004-08-04 08:00 - 00000558 _____ () C:\WINDOWS\win.ini
2014-05-26 17:04 - 2014-05-26 17:04 - 00000259 _____ () C:\Documents and Settings\don\Desktop\Shortcut to FRST.lnk
2014-05-25 09:27 - 2011-12-03 17:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-22 18:41 - 2013-06-29 17:02 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-05-19 11:27 - 2011-02-25 14:26 - 00000000 ____D () C:\WINDOWS\twain_32
2014-05-19 08:53 - 2014-03-08 15:28 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-18 11:38 - 2012-01-05 21:25 - 00076656 ____C () C:\Documents and Settings\don\Local Settings\Application Data\installer.log
2014-05-17 14:34 - 2014-05-17 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Sierra
2014-05-17 14:34 - 2014-05-17 13:27 - 00000000 ____D () C:\WINDOWS\solcache
2014-05-17 14:34 - 2014-05-17 13:27 - 00000000 ____D () C:\SIERRA
2014-05-17 14:34 - 2014-05-17 13:26 - 00000351 _____ () C:\WINDOWS\SIERRA.INI
2014-05-17 14:33 - 2014-05-17 13:27 - 00000000 ____D () C:\Program Files\Sierra On-Line
2014-05-15 23:53 - 2014-05-15 23:53 - 00054016 _____ () C:\WINDOWS\system32\Drivers\jwiuuw.sys
2014-05-14 21:49 - 2013-07-19 00:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 21:46 - 2011-03-13 17:59 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-13 18:33 - 2014-05-13 18:33 - 00000610 _____ () C:\Documents and Settings\don\Desktop\FMS.lnk
2014-05-13 15:57 - 2012-04-06 13:28 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-13 15:57 - 2011-06-09 11:06 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-13 14:17 - 2013-11-25 22:56 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2013-10-31 23:30 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2013-08-01 17:08 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys
2014-05-12 07:35 - 2014-05-30 18:43 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:35 - 2014-05-30 18:43 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-08 15:59 - 2014-03-27 07:44 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-02 23:05 - 2011-03-13 12:45 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-01 18:49 - 2014-05-01 18:48 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
2014-05-01 18:49 - 2013-06-28 14:47 - 00000000 ____D () C:\Program Files\Java
2014-04-30 04:13 - 2004-08-04 08:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 04:13 - 2004-08-04 08:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

ZeroAccess:
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@

ZeroAccess:
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit


Running from F:\
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
() C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe [113136 2007-08-14] ()
HKLM\...\Run: [Conime] => C:\WINDOWS\system32\conime.exe [27648 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.googlechrome.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN11582582302764825&UM=2
CHR StartupUrls: "https://www.google.com/webhp?hl=en&tab=ww"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-29]
CHR Extension: (Google Drive) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-29]
CHR Extension: (Google Search) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-29]

========================== Services (Whitelisted) =================

R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [72176 2007-08-24] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2007-08-24] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2007-08-24] (Sonic Solutions)
S4 SessionLauncher; C:\DOCUME~1\don\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-30] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [245248 2005-11-24] (Ralink Technology, Corp.)
S4 RxFilter; C:\WINDOWS\System32\DRIVERS\RxFilter.sys [57328 2007-08-18] (Sonic Solutions)
S3 catchme; \??\C:\DOCUME~1\don\LOCALS~1\Temp\catchme.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-30 18:44 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 18:43 - 2014-05-30 18:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 18:43 - 2014-05-12 07:35 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-30 18:43 - 2014-05-12 07:35 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-29 19:26 - 2014-05-29 19:26 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-29 19:26 - 2014-05-29 19:26 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-05-29 18:43 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\350564B8.sys
2014-05-29 18:43 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\22C6168A.sys
2014-05-29 18:41 - 2014-05-29 18:41 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-05-29 17:28 - 2014-05-29 17:28 - 00018691 _____ () C:\Documents and Settings\don\Desktop\attach.txt
2014-05-29 17:28 - 2014-05-29 17:28 - 00008817 _____ () C:\Documents and Settings\don\Desktop\dds.txt
2014-05-28 19:04 - 2014-05-28 19:04 - 00000000 ___HD () C:\WINDOWS\PIF
2014-05-28 17:44 - 2014-05-29 19:09 - 00028484 _____ () C:\WINDOWS\setupapi.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000116 _____ () C:\WINDOWS\setupact.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-28 17:44 - 2008-04-13 20:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2014-05-26 17:04 - 2014-05-26 17:04 - 00000259 _____ () C:\Documents and Settings\don\Desktop\Shortcut to FRST.lnk
2014-05-26 17:00 - 2014-05-30 18:46 - 00000000 ____D () C:\FRST
2014-05-25 09:27 - 2014-05-30 18:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-17 14:34 - 2014-05-17 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Sierra
2014-05-17 13:29 - 1996-04-29 08:20 - 00289280 _____ (InstallShield Corporation, Inc.) C:\WINDOWS\uninst.exe
2014-05-17 13:27 - 2014-05-17 14:34 - 00000000 ____D () C:\WINDOWS\solcache
2014-05-17 13:27 - 2014-05-17 14:34 - 00000000 ____D () C:\SIERRA
2014-05-17 13:27 - 2014-05-17 14:33 - 00000000 ____D () C:\Program Files\Sierra On-Line
2014-05-17 13:27 - 1997-11-18 08:35 - 01016832 _____ (CUC Software) C:\WINDOWS\system32\SierraNW.dll
2014-05-17 13:27 - 1997-11-18 08:35 - 00230400 _____ (CUC Software) C:\WINDOWS\system32\SNWValid.dll
2014-05-17 13:27 - 1997-11-18 08:34 - 00011113 _____ () C:\WINDOWS\system32\SNWVALID.HLP
2014-05-17 13:26 - 2014-05-17 14:34 - 00000351 _____ () C:\WINDOWS\SIERRA.INI
2014-05-16 16:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-15 23:53 - 2014-05-15 23:53 - 00054016 _____ () C:\WINDOWS\system32\Drivers\jwiuuw.sys
2014-05-13 18:33 - 2014-05-13 18:33 - 00000610 _____ () C:\Documents and Settings\don\Desktop\FMS.lnk
2014-05-01 18:48 - 2014-05-01 18:49 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log

==================== One Month Modified Files and Folders =======

2014-05-30 18:46 - 2014-05-26 17:00 - 00000000 ____D () C:\FRST
2014-05-30 18:44 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 18:44 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\350564B8.sys
2014-05-30 18:43 - 2014-05-30 18:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 18:43 - 2014-05-25 09:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-30 18:43 - 2012-01-05 21:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kodak
2014-05-30 18:42 - 2013-09-25 20:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-05-30 18:41 - 2012-11-14 21:23 - 01550023 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-30 18:39 - 2013-06-29 17:00 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 18:37 - 2014-03-27 07:44 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-30 18:37 - 2014-03-08 15:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-05-30 18:37 - 2013-06-29 17:00 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-30 18:37 - 2012-11-15 11:54 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-30 18:37 - 2012-11-15 11:54 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-30 18:37 - 2011-02-25 19:54 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-30 18:37 - 2004-08-04 08:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-29 19:41 - 2012-11-15 11:53 - 00032522 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-29 19:40 - 2011-02-25 19:56 - 00000178 ___SH () C:\Documents and Settings\don\ntuser.ini
2014-05-29 19:26 - 2014-05-29 19:26 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-29 19:26 - 2014-05-29 19:26 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-05-29 19:26 - 2012-12-06 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-05-29 19:26 - 2011-04-01 20:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-29 19:25 - 2011-04-01 20:21 - 00000000 ____D () C:\Program Files\Adobe
2014-05-29 19:13 - 2011-02-25 19:54 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-29 19:09 - 2014-05-28 17:44 - 00028484 _____ () C:\WINDOWS\setupapi.log
2014-05-29 19:09 - 2014-03-31 11:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-29 18:57 - 2012-04-06 13:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-29 18:43 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\22C6168A.sys
2014-05-29 18:41 - 2014-05-29 18:41 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-05-29 18:40 - 2011-12-03 17:20 - 00000000 ____D () C:\Documents and Settings\don\Application Data\Malwarebytes
2014-05-29 17:28 - 2014-05-29 17:28 - 00018691 _____ () C:\Documents and Settings\don\Desktop\attach.txt
2014-05-29 17:28 - 2014-05-29 17:28 - 00008817 _____ () C:\Documents and Settings\don\Desktop\dds.txt
2014-05-28 19:05 - 2013-04-14 00:23 - 00000000 ____D () C:\378fef47-f4a7-4133-99b4-18e9f3e076bbad
2014-05-28 19:04 - 2014-05-28 19:04 - 00000000 ___HD () C:\WINDOWS\PIF
2014-05-28 18:54 - 2011-03-12 19:35 - 00000000 ____D () C:\Qoobox
2014-05-28 18:25 - 2011-03-28 17:51 - 00057856 _____ () C:\Documents and Settings\don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-28 18:24 - 2013-09-21 14:43 - 00000000 ____D () C:\Program Files\Ares
2014-05-28 18:22 - 2012-03-03 20:57 - 00000000 ____D () C:\Program Files\Incomplete
2014-05-28 18:10 - 2012-06-27 22:54 - 00000000 ____D () C:\Documents and Settings\don\Application Data\Media Player Classic
2014-05-28 17:53 - 2012-01-09 15:18 - 00000000 ____D () C:\Documents and Settings\don\My Documents\01-09-2012
2014-05-28 17:44 - 2014-05-28 17:44 - 00000116 _____ () C:\WINDOWS\setupact.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-27 09:12 - 2011-03-01 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-27 08:52 - 2011-02-25 19:56 - 00000000 ____D () C:\Documents and Settings\don
2014-05-26 18:03 - 2004-08-04 08:00 - 00000264 _____ () C:\WINDOWS\system.ini
2014-05-26 17:12 - 2011-02-25 14:31 - 00000355 __RSH () C:\boot.ini
2014-05-26 17:12 - 2004-08-04 08:00 - 00000558 _____ () C:\WINDOWS\win.ini
2014-05-26 17:04 - 2014-05-26 17:04 - 00000259 _____ () C:\Documents and Settings\don\Desktop\Shortcut to FRST.lnk
2014-05-25 09:27 - 2011-12-03 17:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-22 18:41 - 2013-06-29 17:02 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-05-19 11:27 - 2011-02-25 14:26 - 00000000 ____D () C:\WINDOWS\twain_32
2014-05-19 08:53 - 2014-03-08 15:28 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-18 11:38 - 2012-01-05 21:25 - 00076656 ____C () C:\Documents and Settings\don\Local Settings\Application Data\installer.log
2014-05-17 14:34 - 2014-05-17 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Sierra
2014-05-17 14:34 - 2014-05-17 13:27 - 00000000 ____D () C:\WINDOWS\solcache
2014-05-17 14:34 - 2014-05-17 13:27 - 00000000 ____D () C:\SIERRA
2014-05-17 14:34 - 2014-05-17 13:26 - 00000351 _____ () C:\WINDOWS\SIERRA.INI
2014-05-17 14:33 - 2014-05-17 13:27 - 00000000 ____D () C:\Program Files\Sierra On-Line
2014-05-15 23:53 - 2014-05-15 23:53 - 00054016 _____ () C:\WINDOWS\system32\Drivers\jwiuuw.sys
2014-05-14 21:49 - 2013-07-19 00:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 21:46 - 2011-03-13 17:59 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-13 18:33 - 2014-05-13 18:33 - 00000610 _____ () C:\Documents and Settings\don\Desktop\FMS.lnk
2014-05-13 15:57 - 2012-04-06 13:28 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-13 15:57 - 2011-06-09 11:06 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-13 14:17 - 2013-11-25 22:56 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2013-10-31 23:30 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2013-08-01 17:08 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys
2014-05-12 07:35 - 2014-05-30 18:43 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:35 - 2014-05-30 18:43 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-08 15:59 - 2014-03-27 07:44 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-02 23:05 - 2011-03-13 12:45 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-01 18:49 - 2014-05-01 18:48 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
2014-05-01 18:49 - 2013-06-28 14:47 - 00000000 ____D () C:\Program Files\Java
2014-04-30 04:13 - 2004-08-04 08:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 04:13 - 2004-08-04 08:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

ZeroAccess:
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@

ZeroAccess:
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit


Running from F:\
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatch10.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
() C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe
(Eastman Kodak Company) C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1404928 2004-10-14] (Analog Devices, Inc.)
HKLM\...\Run: [DMXLauncher] => C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe [113136 2007-08-14] ()
HKLM\...\Run: [Conime] => C:\WINDOWS\system32\conime.exe [27648 2008-04-13] (Microsoft Corporation)
HKLM\...\Run: [EKStatusMonitor] => C:\Program Files\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5181456 2014-05-13] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2014-05-08] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files\Kodak\AiO\Center\AiOHomeCenter.exe [2236792 2013-03-15] (Eastman Kodak Company)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.googlechrome.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR HomePage: hxxp://search.conduit.com/?ctid=CT3289847&SearchSource=48&CUI=UN11582582302764825&UM=2
CHR StartupUrls: "https://www.google.com/webhp?hl=en&tab=ww"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.114\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Acrobat 5.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.149\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-29]
CHR Extension: (Google Drive) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-29]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-29]
CHR Extension: (Google Search) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-29]
CHR Extension: (Google Wallet) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (Gmail) - C:\Documents and Settings\don\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-29]

========================== Services (Whitelisted) =================

R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [292424 2014-05-13] (AVG Technologies CZ, s.r.o.)
R2 Kodak AiO Network Discovery Service; C:\Program Files\Kodak\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Roxio UPnP Renderer 10; C:\Program Files\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [72176 2007-08-24] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2007-08-24] (Sonic Solutions)
S2 RoxLiveShare10; C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe [309744 2007-08-24] (Sonic Solutions)
S4 SessionLauncher; C:\DOCUME~1\don\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

R0 AVGIDSHX; C:\WINDOWS\System32\DRIVERS\avgidshx.sys [149784 2014-05-13] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\WINDOWS\System32\DRIVERS\avglogx.sys [237848 2014-05-13] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\WINDOWS\System32\DRIVERS\avgtdix.sys [210200 2014-05-13] (AVG Technologies CZ, s.r.o.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 cdrbsdrv; C:\WINDOWS\system32\Drivers\cdrbsdrv.sys [13567 2004-03-08] (B.H.A Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-30] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 RT73; C:\WINDOWS\System32\DRIVERS\rt73.sys [245248 2005-11-24] (Ralink Technology, Corp.)
S4 RxFilter; C:\WINDOWS\System32\DRIVERS\RxFilter.sys [57328 2007-08-18] (Sonic Solutions)
S3 catchme; \??\C:\DOCUME~1\don\LOCALS~1\Temp\catchme.sys [X]
S3 Lavasoft Kernexplorer; \??\C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-30 18:44 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 18:43 - 2014-05-30 18:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 18:43 - 2014-05-12 07:35 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-30 18:43 - 2014-05-12 07:35 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-29 19:26 - 2014-05-29 19:26 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-29 19:26 - 2014-05-29 19:26 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-05-29 18:43 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\350564B8.sys
2014-05-29 18:43 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\22C6168A.sys
2014-05-29 18:41 - 2014-05-29 18:41 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-05-29 17:28 - 2014-05-29 17:28 - 00018691 _____ () C:\Documents and Settings\don\Desktop\attach.txt
2014-05-29 17:28 - 2014-05-29 17:28 - 00008817 _____ () C:\Documents and Settings\don\Desktop\dds.txt
2014-05-28 19:04 - 2014-05-28 19:04 - 00000000 ___HD () C:\WINDOWS\PIF
2014-05-28 17:44 - 2014-05-29 19:09 - 00028484 _____ () C:\WINDOWS\setupapi.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000116 _____ () C:\WINDOWS\setupact.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-28 17:44 - 2008-04-13 20:11 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2014-05-26 17:04 - 2014-05-26 17:04 - 00000259 _____ () C:\Documents and Settings\don\Desktop\Shortcut to FRST.lnk
2014-05-26 17:00 - 2014-05-30 18:46 - 00000000 ____D () C:\FRST
2014-05-25 09:27 - 2014-05-30 18:43 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-17 14:34 - 2014-05-17 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Sierra
2014-05-17 13:29 - 1996-04-29 08:20 - 00289280 _____ (InstallShield Corporation, Inc.) C:\WINDOWS\uninst.exe
2014-05-17 13:27 - 2014-05-17 14:34 - 00000000 ____D () C:\WINDOWS\solcache
2014-05-17 13:27 - 2014-05-17 14:34 - 00000000 ____D () C:\SIERRA
2014-05-17 13:27 - 2014-05-17 14:33 - 00000000 ____D () C:\Program Files\Sierra On-Line
2014-05-17 13:27 - 1997-11-18 08:35 - 01016832 _____ (CUC Software) C:\WINDOWS\system32\SierraNW.dll
2014-05-17 13:27 - 1997-11-18 08:35 - 00230400 _____ (CUC Software) C:\WINDOWS\system32\SNWValid.dll
2014-05-17 13:27 - 1997-11-18 08:34 - 00011113 _____ () C:\WINDOWS\system32\SNWVALID.HLP
2014-05-17 13:26 - 2014-05-17 14:34 - 00000351 _____ () C:\WINDOWS\SIERRA.INI
2014-05-16 16:48 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-05-15 23:53 - 2014-05-15 23:53 - 00054016 _____ () C:\WINDOWS\system32\Drivers\jwiuuw.sys
2014-05-13 18:33 - 2014-05-13 18:33 - 00000610 _____ () C:\Documents and Settings\don\Desktop\FMS.lnk
2014-05-01 18:48 - 2014-05-01 18:49 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log

==================== One Month Modified Files and Folders =======

2014-05-30 18:46 - 2014-05-26 17:00 - 00000000 ____D () C:\FRST
2014-05-30 18:44 - 2014-05-30 18:44 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 18:44 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\350564B8.sys
2014-05-30 18:43 - 2014-05-30 18:43 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-30 18:43 - 2014-05-25 09:27 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-30 18:43 - 2012-01-05 21:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Kodak
2014-05-30 18:42 - 2013-09-25 20:22 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\MFAData
2014-05-30 18:41 - 2012-11-14 21:23 - 01550023 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-30 18:39 - 2013-06-29 17:00 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-30 18:37 - 2014-03-27 07:44 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-30 18:37 - 2014-03-08 15:28 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\AVG2014
2014-05-30 18:37 - 2013-06-29 17:00 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-30 18:37 - 2012-11-15 11:54 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-30 18:37 - 2012-11-15 11:54 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-30 18:37 - 2011-02-25 19:54 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-30 18:37 - 2004-08-04 08:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-29 19:41 - 2012-11-15 11:53 - 00032522 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-29 19:40 - 2011-02-25 19:56 - 00000178 ___SH () C:\Documents and Settings\don\ntuser.ini
2014-05-29 19:26 - 2014-05-29 19:26 - 00001804 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-29 19:26 - 2014-05-29 19:26 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-05-29 19:26 - 2012-12-06 13:08 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Adobe
2014-05-29 19:26 - 2011-04-01 20:21 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-29 19:25 - 2011-04-01 20:21 - 00000000 ____D () C:\Program Files\Adobe
2014-05-29 19:13 - 2011-02-25 19:54 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-29 19:09 - 2014-05-28 17:44 - 00028484 _____ () C:\WINDOWS\setupapi.log
2014-05-29 19:09 - 2014-03-31 11:02 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\AVG
2014-05-29 18:57 - 2012-04-06 13:28 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-29 18:43 - 2014-05-29 18:43 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\22C6168A.sys
2014-05-29 18:41 - 2014-05-29 18:41 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-05-29 18:40 - 2011-12-03 17:20 - 00000000 ____D () C:\Documents and Settings\don\Application Data\Malwarebytes
2014-05-29 17:28 - 2014-05-29 17:28 - 00018691 _____ () C:\Documents and Settings\don\Desktop\attach.txt
2014-05-29 17:28 - 2014-05-29 17:28 - 00008817 _____ () C:\Documents and Settings\don\Desktop\dds.txt
2014-05-28 19:05 - 2013-04-14 00:23 - 00000000 ____D () C:\378fef47-f4a7-4133-99b4-18e9f3e076bbad
2014-05-28 19:04 - 2014-05-28 19:04 - 00000000 ___HD () C:\WINDOWS\PIF
2014-05-28 18:54 - 2011-03-12 19:35 - 00000000 ____D () C:\Qoobox
2014-05-28 18:25 - 2011-03-28 17:51 - 00057856 _____ () C:\Documents and Settings\don\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-28 18:24 - 2013-09-21 14:43 - 00000000 ____D () C:\Program Files\Ares
2014-05-28 18:22 - 2012-03-03 20:57 - 00000000 ____D () C:\Program Files\Incomplete
2014-05-28 18:10 - 2012-06-27 22:54 - 00000000 ____D () C:\Documents and Settings\don\Application Data\Media Player Classic
2014-05-28 17:53 - 2012-01-09 15:18 - 00000000 ____D () C:\Documents and Settings\don\My Documents\01-09-2012
2014-05-28 17:44 - 2014-05-28 17:44 - 00000116 _____ () C:\WINDOWS\setupact.log
2014-05-28 17:44 - 2014-05-28 17:44 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-05-27 09:12 - 2011-03-01 20:52 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-05-27 08:52 - 2011-02-25 19:56 - 00000000 ____D () C:\Documents and Settings\don
2014-05-26 18:03 - 2004-08-04 08:00 - 00000264 _____ () C:\WINDOWS\system.ini
2014-05-26 17:12 - 2011-02-25 14:31 - 00000355 __RSH () C:\boot.ini
2014-05-26 17:12 - 2004-08-04 08:00 - 00000558 _____ () C:\WINDOWS\win.ini
2014-05-26 17:04 - 2014-05-26 17:04 - 00000259 _____ () C:\Documents and Settings\don\Desktop\Shortcut to FRST.lnk
2014-05-25 09:27 - 2011-12-03 17:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-22 18:41 - 2013-06-29 17:02 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-05-19 11:27 - 2011-02-25 14:26 - 00000000 ____D () C:\WINDOWS\twain_32
2014-05-19 08:53 - 2014-03-08 15:28 - 00000702 _____ () C:\Documents and Settings\All Users\Desktop\AVG 2014.lnk
2014-05-18 11:38 - 2012-01-05 21:25 - 00076656 ____C () C:\Documents and Settings\don\Local Settings\Application Data\installer.log
2014-05-17 14:34 - 2014-05-17 14:34 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Sierra
2014-05-17 14:34 - 2014-05-17 13:27 - 00000000 ____D () C:\WINDOWS\solcache
2014-05-17 14:34 - 2014-05-17 13:27 - 00000000 ____D () C:\SIERRA
2014-05-17 14:34 - 2014-05-17 13:26 - 00000351 _____ () C:\WINDOWS\SIERRA.INI
2014-05-17 14:33 - 2014-05-17 13:27 - 00000000 ____D () C:\Program Files\Sierra On-Line
2014-05-15 23:53 - 2014-05-15 23:53 - 00054016 _____ () C:\WINDOWS\system32\Drivers\jwiuuw.sys
2014-05-14 21:49 - 2013-07-19 00:02 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 21:46 - 2011-03-13 17:59 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-13 18:33 - 2014-05-13 18:33 - 00000610 _____ () C:\Documents and Settings\don\Desktop\FMS.lnk
2014-05-13 15:57 - 2012-04-06 13:28 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-13 15:57 - 2011-06-09 11:06 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-13 14:17 - 2013-11-25 22:56 - 00149784 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidshx.sys
2014-05-13 14:17 - 2013-10-31 23:30 - 00237848 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avglogx.sys
2014-05-13 14:17 - 2013-08-01 17:08 - 00210200 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgtdix.sys
2014-05-12 07:35 - 2014-05-30 18:43 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:35 - 2014-05-30 18:43 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-08 15:59 - 2014-03-27 07:44 - 00000212 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-02 23:05 - 2011-03-13 12:45 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-01 18:49 - 2014-05-01 18:48 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
2014-05-01 18:49 - 2013-06-28 14:47 - 00000000 ____D () C:\Program Files\Java
2014-04-30 04:13 - 2004-08-04 08:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 04:13 - 2004-08-04 08:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

ZeroAccess:
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@

ZeroAccess:
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit



#5 2stumpy

2stumpy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:north
  • Local time:09:45 PM

Posted 30 May 2014 - 06:02 PM

addditon logAdditional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 18:47:40
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (Version: 6.2.3.10 - Your Company Name) Hidden
aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden
Amazon Add to Wish List IE Extension 1.2 (HKLM\...\Amazon Add to Wish List IE Extension) (Version: 1.2 - Amazon)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
center (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
DirectXInstallService (Version: 9.0.1 - Roxio) Hidden
EMC 10 Content (HKLM\...\{FDB46DE7-9045-47BB-970A-3E4ED5369E03}) (Version: 1.0.015 - Roxo, Inc.)
essentials (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
FMS (HKLM\...\FMS) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
K-Lite Codec Pack 8.9.5 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.9.5 - )
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2572067) (HKLM\...\M2572067) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Red Baron II (HKLM\...\Red Baron II) (Version:  - )
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (HKLM\...\{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}) (Version: 1.1.0 - Roxio)
Roxio Central Audio (HKLM\...\{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}) (Version: 3.6.0 - Roxio)
Roxio Central Copy (HKLM\...\{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}) (Version: 3.6.0 - Roxio)
Roxio Central Core (HKLM\...\{ED439A64-F018-4DD4-8BA5-328D85AB09AB}) (Version: 3.6.0 - Roxio)
Roxio Central Data (HKLM\...\{08E81ABD-79F7-49C2-881F-FD6CB0975693}) (Version: 3.6.0 - Roxio)
Roxio Central Tools (HKLM\...\{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}) (Version: 3.6.0 - Roxio)
Roxio CinePlayer (HKLM\...\{1B683082-8791-4D00-8ADE-6C8986FCCC68}) (Version: 3.9 - Roxio)
Roxio CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.3.0 - Roxio)
Roxio Disc Gallery (HKLM\...\{3E67A8DA-FE7B-4160-8465-F5571EA18753}) (Version: 3.1 - Roxio)
Roxio Easy Media Creator 10 Suite (HKLM\...\{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}) (Version: 1.0.044 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.1.0 - Roxio)
Roxio MediaShare (HKLM\...\{9A9A1828-31D1-4590-A99F-022B7237AFAE}) (Version: 1.0.0 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Sierra Utilities (HKLM\...\Sierra Utilities) (Version:  - )
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
upapp (HKLM\...\{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}) (Version: 0.20.0000 - Hewlett-Packard)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

17-05-2014 03:59:19 Software Distribution Service 3.0
17-05-2014 18:30:42 Removed HiJackThis
17-05-2014 18:39:28 Software Distribution Service 3.0
18-05-2014 05:00:57 Software Distribution Service 3.0
19-05-2014 02:52:25 Software Distribution Service 3.0
20-05-2014 02:19:49 Software Distribution Service 3.0
21-05-2014 03:03:25 Software Distribution Service 3.0
22-05-2014 03:20:47 Software Distribution Service 3.0
23-05-2014 03:45:30 Software Distribution Service 3.0
24-05-2014 04:23:04 Software Distribution Service 3.0
24-05-2014 15:21:03 Software Distribution Service 3.0
25-05-2014 02:03:25 Software Distribution Service 3.0
25-05-2014 12:43:44 Software Distribution Service 3.0
25-05-2014 16:42:35 Software Distribution Service 3.0
26-05-2014 16:46:56 System Checkpoint
26-05-2014 18:52:10 Software Distribution Service 3.0
26-05-2014 21:19:42 Software Distribution Service 3.0
27-05-2014 00:39:47 Software Distribution Service 3.0
27-05-2014 01:18:40 Software Distribution Service 3.0
27-05-2014 02:10:39 Software Distribution Service 3.0
27-05-2014 14:13:14 Software Distribution Service 3.0
28-05-2014 22:37:10 Software Distribution Service 3.0
28-05-2014 23:09:16 Software Distribution Service 3.0
29-05-2014 00:38:03 Software Distribution Service 3.0
29-05-2014 23:19:55 Software Distribution Service 3.0
29-05-2014 23:40:32 Software Distribution Service 3.0

==================== Hosts content: ==========================

2004-08-04 08:00 - 2014-05-26 18:03 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2007-08-24 15:53 - 2007-08-24 15:53 - 05462512 _____ () C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\roxipp52.dll
2007-08-14 03:44 - 2007-08-14 03:44 - 00113136 _____ () C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\79703597.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\AppMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Base => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot file system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\CryptSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\DcomLaunch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmadmin => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmboot.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmload.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\EventLog => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\File system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\HelpSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Netlogon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PCI Configuration => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PlugPlay => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PNP Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Primary disk => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\RpcSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SCSI Class => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sermouse.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sr.sys => ""="FSFilter System Recovery"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SRService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\System Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vds => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vga.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vgasave.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\WinMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{36FC9E60-C465-11CF-8056-444553540000} => ""="Universal Serial Bus controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E965-E325-11CE-BFC1-08002BE10318} => ""="CD-ROM Drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E967-E325-11CE-BFC1-08002BE10318} => ""="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E969-E325-11CE-BFC1-08002BE10318} => ""="Standard floppy disk controller"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96A-E325-11CE-BFC1-08002BE10318} => ""="Hdc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96B-E325-11CE-BFC1-08002BE10318} => ""="Keyboard"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96F-E325-11CE-BFC1-08002BE10318} => ""="Mouse"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E977-E325-11CE-BFC1-08002BE10318} => ""="PCMCIA Adapters"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97B-E325-11CE-BFC1-08002BE10318} => ""="SCSIAdapter"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97D-E325-11CE-BFC1-08002BE10318} => ""="System"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E980-E325-11CE-BFC1-08002BE10318} => ""="Floppy disk drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{533C5B84-EC70-11D2-9505-00C04F79DEAF} => ""="Volume shadow copy"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{71A27CDD-812A-11D0-BEC7-08002BE2092F} => ""="Volume"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} => ""="Human Interface Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\79703597.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AFD => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AppMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Base => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot file system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Browser => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\CryptSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DcomLaunch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Dhcp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmadmin => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmboot.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmload.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DnsCache => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\EventLog => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\File system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\HelpSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ip6fw.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ipnat.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanWorkstation => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LmHosts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Messenger => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS Wrapper => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Ndisuio => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOSGroup => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBT => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetDDEGroup => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Netlogon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetMan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Network => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetworkProvider => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NtLmSsp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PCI Configuration => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PlugPlay => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP_TDI => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Primary disk => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpcdd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpdd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpwd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdsessmgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\RpcSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SCSI Class => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sermouse.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sr.sys => ""="FSFilter System Recovery"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SRService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Streams Drivers => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\System Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Tcpip => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\TDI => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdpipe.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdtcp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\termservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vga.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vgasave.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WinMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WZCSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{36FC9E60-C465-11CF-8056-444553540000} => ""="Universal Serial Bus controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E965-E325-11CE-BFC1-08002BE10318} => ""="CD-ROM Drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E967-E325-11CE-BFC1-08002BE10318} => ""="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E969-E325-11CE-BFC1-08002BE10318} => ""="Standard floppy disk controller"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96A-E325-11CE-BFC1-08002BE10318} => ""="Hdc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96B-E325-11CE-BFC1-08002BE10318} => ""="Keyboard"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96F-E325-11CE-BFC1-08002BE10318} => ""="Mouse"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E972-E325-11CE-BFC1-08002BE10318} => ""="Net"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E973-E325-11CE-BFC1-08002BE10318} => ""="NetClient"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E974-E325-11CE-BFC1-08002BE10318} => ""="NetService"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E975-E325-11CE-BFC1-08002BE10318} => ""="NetTrans"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E977-E325-11CE-BFC1-08002BE10318} => ""="PCMCIA Adapters"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97B-E325-11CE-BFC1-08002BE10318} => ""="SCSIAdapter"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97D-E325-11CE-BFC1-08002BE10318} => ""="System"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E980-E325-11CE-BFC1-08002BE10318} => ""="Floppy disk drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{71A27CDD-812A-11D0-BEC7-08002BE2092F} => ""="Volume"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} => ""="Human Interface Devices"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: ares => "C:\Program Files\Ares\Ares.exe" -h
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2014 07:41:08 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/29/2014 07:41:08 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (05/29/2014 07:41:06 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (05/29/2014 07:20:43 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/29/2014 07:20:42 PM) (Source: MsiInstaller) (EventID: 1023) (User: BCS-CF5C12E39D8)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\don\LOCALS~1\Temp\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (05/29/2014 07:20:40 PM) (Source: MsiInstaller) (EventID: 11706) (User: BCS-CF5C12E39D8)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (05/28/2014 08:38:53 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/28/2014 08:38:53 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (05/28/2014 08:38:51 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (05/28/2014 07:09:54 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560


System errors:
=============
Error: (05/30/2014 06:40:55 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.100.10 for the Network Card with network address 001320092BCB has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/30/2014 06:40:22 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 73.178.207.77 for the Network Card with network address 001320092BCB has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/30/2014 06:38:55 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (05/29/2014 07:41:09 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (05/29/2014 07:20:49 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (05/29/2014 06:37:53 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.10 on the
Network Card with network address 001320092BCB.

Error: (05/29/2014 06:37:19 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 73.178.207.77 for the Network Card with network address 001320092BCB has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/29/2014 04:54:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (05/28/2014 08:38:54 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (05/28/2014 07:27:50 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.10 on the
Network Card with network address 001320092BCB.


Microsoft Office Sessions:
=========================
Error: (05/29/2014 07:41:08 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/29/2014 07:41:08 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (05/29/2014 07:41:06 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (05/29/2014 07:20:43 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/29/2014 07:20:42 PM) (Source: MsiInstaller) (EventID: 1023) (User: BCS-CF5C12E39D8)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\DOCUME~1\don\LOCALS~1\Temp\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (05/29/2014 07:20:40 PM) (Source: MsiInstaller) (EventID: 11706) (User: BCS-CF5C12E39D8)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (05/28/2014 08:38:53 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/28/2014 08:38:53 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (05/28/2014 08:38:51 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (05/28/2014 07:09:54 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 2038.98 MB
Available physical RAM: 1462.01 MB
Total Pagefile: 2645.29 MB
Available Pagefile: 2238.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:47.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: () (Removable) (Total:14.92 GB) (Free:14.7 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: F6F6F6F6)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 18:47:40
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (Version: 6.2.3.10 - Your Company Name) Hidden
aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden
Amazon Add to Wish List IE Extension 1.2 (HKLM\...\Amazon Add to Wish List IE Extension) (Version: 1.2 - Amazon)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
center (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
DirectXInstallService (Version: 9.0.1 - Roxio) Hidden
EMC 10 Content (HKLM\...\{FDB46DE7-9045-47BB-970A-3E4ED5369E03}) (Version: 1.0.015 - Roxo, Inc.)
essentials (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
FMS (HKLM\...\FMS) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
K-Lite Codec Pack 8.9.5 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.9.5 - )
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2572067) (HKLM\...\M2572067) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Red Baron II (HKLM\...\Red Baron II) (Version:  - )
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (HKLM\...\{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}) (Version: 1.1.0 - Roxio)
Roxio Central Audio (HKLM\...\{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}) (Version: 3.6.0 - Roxio)
Roxio Central Copy (HKLM\...\{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}) (Version: 3.6.0 - Roxio)
Roxio Central Core (HKLM\...\{ED439A64-F018-4DD4-8BA5-328D85AB09AB}) (Version: 3.6.0 - Roxio)
Roxio Central Data (HKLM\...\{08E81ABD-79F7-49C2-881F-FD6CB0975693}) (Version: 3.6.0 - Roxio)
Roxio Central Tools (HKLM\...\{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}) (Version: 3.6.0 - Roxio)
Roxio CinePlayer (HKLM\...\{1B683082-8791-4D00-8ADE-6C8986FCCC68}) (Version: 3.9 - Roxio)
Roxio CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.3.0 - Roxio)
Roxio Disc Gallery (HKLM\...\{3E67A8DA-FE7B-4160-8465-F5571EA18753}) (Version: 3.1 - Roxio)
Roxio Easy Media Creator 10 Suite (HKLM\...\{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}) (Version: 1.0.044 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.1.0 - Roxio)
Roxio MediaShare (HKLM\...\{9A9A1828-31D1-4590-A99F-022B7237AFAE}) (Version: 1.0.0 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Sierra Utilities (HKLM\...\Sierra Utilities) (Version:  - )
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
upapp (HKLM\...\{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}) (Version: 0.20.0000 - Hewlett-Packard)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

17-05-2014 03:59:19 Software Distribution Service 3.0
17-05-2014 18:30:42 Removed HiJackThis
17-05-2014 18:39:28 Software Distribution Service 3.0
18-05-2014 05:00:57 Software Distribution Service 3.0
19-05-2014 02:52:25 Software Distribution Service 3.0
20-05-2014 02:19:49 Software Distribution Service 3.0
21-05-2014 03:03:25 Software Distribution Service 3.0
22-05-2014 03:20:47 Software Distribution Service 3.0
23-05-2014 03:45:30 Software Distribution Service 3.0
24-05-2014 04:23:04 Software Distribution Service 3.0
24-05-2014 15:21:03 Software Distribution Service 3.0
25-05-2014 02:03:25 Software Distribution Service 3.0
25-05-2014 12:43:44 Software Distribution Service 3.0
25-05-2014 16:42:35 Software Distribution Service 3.0
26-05-2014 16:46:56 System Checkpoint
26-05-2014 18:52:10 Software Distribution Service 3.0
26-05-2014 21:19:42 Software Distribution Service 3.0
27-05-2014 00:39:47 Software Distribution Service 3.0
27-05-2014 01:18:40 Software Distribution Service 3.0
27-05-2014 02:10:39 Software Distribution Service 3.0
27-05-2014 14:13:14 Software Distribution Service 3.0
28-05-2014 22:37:10 Software Distribution Service 3.0
28-05-2014 23:09:16 Software Distribution Service 3.0
29-05-2014 00:38:03 Software Distribution Service 3.0
29-05-2014 23:19:55 Software Distribution Service 3.0
29-05-2014 23:40:32 Software Distribution Service 3.0

==================== Hosts content: ==========================

2004-08-04 08:00 - 2014-05-26 18:03 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2007-08-24 15:53 - 2007-08-24 15:53 - 05462512 _____ () C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\roxipp52.dll
2007-08-14 03:44 - 2007-08-14 03:44 - 00113136 _____ () C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\79703597.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\AppMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Base => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot file system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\CryptSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\DcomLaunch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmadmin => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmboot.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmload.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\EventLog => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\File system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\HelpSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Netlogon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PCI Configuration => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PlugPlay => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PNP Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Primary disk => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\RpcSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SCSI Class => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sermouse.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sr.sys => ""="FSFilter System Recovery"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SRService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\System Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vds => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vga.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vgasave.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\WinMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{36FC9E60-C465-11CF-8056-444553540000} => ""="Universal Serial Bus controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E965-E325-11CE-BFC1-08002BE10318} => ""="CD-ROM Drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E967-E325-11CE-BFC1-08002BE10318} => ""="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E969-E325-11CE-BFC1-08002BE10318} => ""="Standard floppy disk controller"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96A-E325-11CE-BFC1-08002BE10318} => ""="Hdc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96B-E325-11CE-BFC1-08002BE10318} => ""="Keyboard"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96F-E325-11CE-BFC1-08002BE10318} => ""="Mouse"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E977-E325-11CE-BFC1-08002BE10318} => ""="PCMCIA Adapters"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97B-E325-11CE-BFC1-08002BE10318} => ""="SCSIAdapter"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97D-E325-11CE-BFC1-08002BE10318} => ""="System"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E980-E325-11CE-BFC1-08002BE10318} => ""="Floppy disk drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{533C5B84-EC70-11D2-9505-00C04F79DEAF} => ""="Volume shadow copy"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{71A27CDD-812A-11D0-BEC7-08002BE2092F} => ""="Volume"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} => ""="Human Interface Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\79703597.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AFD => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AppMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Base => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot file system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Browser => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\CryptSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DcomLaunch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Dhcp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmadmin => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmboot.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmload.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DnsCache => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\EventLog => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\File system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\HelpSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ip6fw.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ipnat.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanWorkstation => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LmHosts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Messenger => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS Wrapper => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Ndisuio => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOSGroup => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBT => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetDDEGroup => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Netlogon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetMan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Network => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetworkProvider => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NtLmSsp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PCI Configuration => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PlugPlay => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP_TDI => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Primary disk => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpcdd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpdd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpwd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdsessmgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\RpcSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SCSI Class => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sermouse.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sr.sys => ""="FSFilter System Recovery"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SRService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Streams Drivers => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\System Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Tcpip => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\TDI => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdpipe.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdtcp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\termservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vga.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vgasave.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WinMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WZCSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{36FC9E60-C465-11CF-8056-444553540000} => ""="Universal Serial Bus controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E965-E325-11CE-BFC1-08002BE10318} => ""="CD-ROM Drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E967-E325-11CE-BFC1-08002BE10318} => ""="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E969-E325-11CE-BFC1-08002BE10318} => ""="Standard floppy disk controller"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96A-E325-11CE-BFC1-08002BE10318} => ""="Hdc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96B-E325-11CE-BFC1-08002BE10318} => ""="Keyboard"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96F-E325-11CE-BFC1-08002BE10318} => ""="Mouse"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E972-E325-11CE-BFC1-08002BE10318} => ""="Net"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E973-E325-11CE-BFC1-08002BE10318} => ""="NetClient"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E974-E325-11CE-BFC1-08002BE10318} => ""="NetService"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E975-E325-11CE-BFC1-08002BE10318} => ""="NetTrans"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E977-E325-11CE-BFC1-08002BE10318} => ""="PCMCIA Adapters"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97B-E325-11CE-BFC1-08002BE10318} => ""="SCSIAdapter"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97D-E325-11CE-BFC1-08002BE10318} => ""="System"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E980-E325-11CE-BFC1-08002BE10318} => ""="Floppy disk drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{71A27CDD-812A-11D0-BEC7-08002BE2092F} => ""="Volume"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} => ""="Human Interface Devices"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: ares => "C:\Program Files\Ares\Ares.exe" -h
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2014 07:41:08 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/29/2014 07:41:08 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (05/29/2014 07:41:06 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (05/29/2014 07:20:43 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/29/2014 07:20:42 PM) (Source: MsiInstaller) (EventID: 1023) (User: BCS-CF5C12E39D8)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\don\LOCALS~1\Temp\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (05/29/2014 07:20:40 PM) (Source: MsiInstaller) (EventID: 11706) (User: BCS-CF5C12E39D8)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (05/28/2014 08:38:53 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/28/2014 08:38:53 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (05/28/2014 08:38:51 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (05/28/2014 07:09:54 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560


System errors:
=============
Error: (05/30/2014 06:40:55 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.100.10 for the Network Card with network address 001320092BCB has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/30/2014 06:40:22 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 73.178.207.77 for the Network Card with network address 001320092BCB has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/30/2014 06:38:55 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (05/29/2014 07:41:09 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (05/29/2014 07:20:49 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (05/29/2014 06:37:53 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.10 on the
Network Card with network address 001320092BCB.

Error: (05/29/2014 06:37:19 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 73.178.207.77 for the Network Card with network address 001320092BCB has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/29/2014 04:54:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (05/28/2014 08:38:54 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (05/28/2014 07:27:50 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.10 on the
Network Card with network address 001320092BCB.


Microsoft Office Sessions:
=========================
Error: (05/29/2014 07:41:08 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/29/2014 07:41:08 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (05/29/2014 07:41:06 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (05/29/2014 07:20:43 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/29/2014 07:20:42 PM) (Source: MsiInstaller) (EventID: 1023) (User: BCS-CF5C12E39D8)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\DOCUME~1\don\LOCALS~1\Temp\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (05/29/2014 07:20:40 PM) (Source: MsiInstaller) (EventID: 11706) (User: BCS-CF5C12E39D8)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (05/28/2014 08:38:53 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/28/2014 08:38:53 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (05/28/2014 08:38:51 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (05/28/2014 07:09:54 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 2038.98 MB
Available physical RAM: 1462.01 MB
Total Pagefile: 2645.29 MB
Available Pagefile: 2238.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:47.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: () (Removable) (Total:14.92 GB) (Free:14.7 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: F6F6F6F6)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 18:47:40
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (Version: 6.2.3.10 - Your Company Name) Hidden
aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden
Amazon Add to Wish List IE Extension 1.2 (HKLM\...\Amazon Add to Wish List IE Extension) (Version: 1.2 - Amazon)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
center (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
DirectXInstallService (Version: 9.0.1 - Roxio) Hidden
EMC 10 Content (HKLM\...\{FDB46DE7-9045-47BB-970A-3E4ED5369E03}) (Version: 1.0.015 - Roxo, Inc.)
essentials (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
FMS (HKLM\...\FMS) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
K-Lite Codec Pack 8.9.5 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.9.5 - )
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2572067) (HKLM\...\M2572067) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Red Baron II (HKLM\...\Red Baron II) (Version:  - )
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (HKLM\...\{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}) (Version: 1.1.0 - Roxio)
Roxio Central Audio (HKLM\...\{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}) (Version: 3.6.0 - Roxio)
Roxio Central Copy (HKLM\...\{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}) (Version: 3.6.0 - Roxio)
Roxio Central Core (HKLM\...\{ED439A64-F018-4DD4-8BA5-328D85AB09AB}) (Version: 3.6.0 - Roxio)
Roxio Central Data (HKLM\...\{08E81ABD-79F7-49C2-881F-FD6CB0975693}) (Version: 3.6.0 - Roxio)
Roxio Central Tools (HKLM\...\{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}) (Version: 3.6.0 - Roxio)
Roxio CinePlayer (HKLM\...\{1B683082-8791-4D00-8ADE-6C8986FCCC68}) (Version: 3.9 - Roxio)
Roxio CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.3.0 - Roxio)
Roxio Disc Gallery (HKLM\...\{3E67A8DA-FE7B-4160-8465-F5571EA18753}) (Version: 3.1 - Roxio)
Roxio Easy Media Creator 10 Suite (HKLM\...\{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}) (Version: 1.0.044 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.1.0 - Roxio)
Roxio MediaShare (HKLM\...\{9A9A1828-31D1-4590-A99F-022B7237AFAE}) (Version: 1.0.0 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Sierra Utilities (HKLM\...\Sierra Utilities) (Version:  - )
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
upapp (HKLM\...\{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}) (Version: 0.20.0000 - Hewlett-Packard)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

17-05-2014 03:59:19 Software Distribution Service 3.0
17-05-2014 18:30:42 Removed HiJackThis
17-05-2014 18:39:28 Software Distribution Service 3.0
18-05-2014 05:00:57 Software Distribution Service 3.0
19-05-2014 02:52:25 Software Distribution Service 3.0
20-05-2014 02:19:49 Software Distribution Service 3.0
21-05-2014 03:03:25 Software Distribution Service 3.0
22-05-2014 03:20:47 Software Distribution Service 3.0
23-05-2014 03:45:30 Software Distribution Service 3.0
24-05-2014 04:23:04 Software Distribution Service 3.0
24-05-2014 15:21:03 Software Distribution Service 3.0
25-05-2014 02:03:25 Software Distribution Service 3.0
25-05-2014 12:43:44 Software Distribution Service 3.0
25-05-2014 16:42:35 Software Distribution Service 3.0
26-05-2014 16:46:56 System Checkpoint
26-05-2014 18:52:10 Software Distribution Service 3.0
26-05-2014 21:19:42 Software Distribution Service 3.0
27-05-2014 00:39:47 Software Distribution Service 3.0
27-05-2014 01:18:40 Software Distribution Service 3.0
27-05-2014 02:10:39 Software Distribution Service 3.0
27-05-2014 14:13:14 Software Distribution Service 3.0
28-05-2014 22:37:10 Software Distribution Service 3.0
28-05-2014 23:09:16 Software Distribution Service 3.0
29-05-2014 00:38:03 Software Distribution Service 3.0
29-05-2014 23:19:55 Software Distribution Service 3.0
29-05-2014 23:40:32 Software Distribution Service 3.0

==================== Hosts content: ==========================

2004-08-04 08:00 - 2014-05-26 18:03 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2007-08-24 15:53 - 2007-08-24 15:53 - 05462512 _____ () C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\roxipp52.dll
2007-08-14 03:44 - 2007-08-14 03:44 - 00113136 _____ () C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\79703597.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\AppMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Base => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot file system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\CryptSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\DcomLaunch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmadmin => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmboot.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmload.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\EventLog => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\File system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\HelpSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Netlogon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PCI Configuration => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PlugPlay => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PNP Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Primary disk => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\RpcSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SCSI Class => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sermouse.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sr.sys => ""="FSFilter System Recovery"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SRService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\System Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vds => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vga.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vgasave.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\WinMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{36FC9E60-C465-11CF-8056-444553540000} => ""="Universal Serial Bus controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E965-E325-11CE-BFC1-08002BE10318} => ""="CD-ROM Drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E967-E325-11CE-BFC1-08002BE10318} => ""="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E969-E325-11CE-BFC1-08002BE10318} => ""="Standard floppy disk controller"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96A-E325-11CE-BFC1-08002BE10318} => ""="Hdc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96B-E325-11CE-BFC1-08002BE10318} => ""="Keyboard"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96F-E325-11CE-BFC1-08002BE10318} => ""="Mouse"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E977-E325-11CE-BFC1-08002BE10318} => ""="PCMCIA Adapters"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97B-E325-11CE-BFC1-08002BE10318} => ""="SCSIAdapter"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97D-E325-11CE-BFC1-08002BE10318} => ""="System"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E980-E325-11CE-BFC1-08002BE10318} => ""="Floppy disk drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{533C5B84-EC70-11D2-9505-00C04F79DEAF} => ""="Volume shadow copy"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{71A27CDD-812A-11D0-BEC7-08002BE2092F} => ""="Volume"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} => ""="Human Interface Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\79703597.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AFD => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AppMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Base => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot file system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Browser => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\CryptSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DcomLaunch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Dhcp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmadmin => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmboot.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmload.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DnsCache => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\EventLog => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\File system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\HelpSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ip6fw.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ipnat.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanWorkstation => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LmHosts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Messenger => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS Wrapper => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Ndisuio => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOSGroup => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBT => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetDDEGroup => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Netlogon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetMan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Network => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetworkProvider => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NtLmSsp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PCI Configuration => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PlugPlay => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP_TDI => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Primary disk => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpcdd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpdd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpwd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdsessmgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\RpcSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SCSI Class => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sermouse.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sr.sys => ""="FSFilter System Recovery"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SRService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Streams Drivers => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\System Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Tcpip => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\TDI => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdpipe.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdtcp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\termservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vga.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vgasave.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WinMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WZCSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{36FC9E60-C465-11CF-8056-444553540000} => ""="Universal Serial Bus controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E965-E325-11CE-BFC1-08002BE10318} => ""="CD-ROM Drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E967-E325-11CE-BFC1-08002BE10318} => ""="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E969-E325-11CE-BFC1-08002BE10318} => ""="Standard floppy disk controller"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96A-E325-11CE-BFC1-08002BE10318} => ""="Hdc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96B-E325-11CE-BFC1-08002BE10318} => ""="Keyboard"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96F-E325-11CE-BFC1-08002BE10318} => ""="Mouse"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E972-E325-11CE-BFC1-08002BE10318} => ""="Net"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E973-E325-11CE-BFC1-08002BE10318} => ""="NetClient"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E974-E325-11CE-BFC1-08002BE10318} => ""="NetService"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E975-E325-11CE-BFC1-08002BE10318} => ""="NetTrans"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E977-E325-11CE-BFC1-08002BE10318} => ""="PCMCIA Adapters"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97B-E325-11CE-BFC1-08002BE10318} => ""="SCSIAdapter"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97D-E325-11CE-BFC1-08002BE10318} => ""="System"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E980-E325-11CE-BFC1-08002BE10318} => ""="Floppy disk drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{71A27CDD-812A-11D0-BEC7-08002BE2092F} => ""="Volume"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} => ""="Human Interface Devices"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: ares => "C:\Program Files\Ares\Ares.exe" -h
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2014 07:41:08 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/29/2014 07:41:08 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (05/29/2014 07:41:06 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (05/29/2014 07:20:43 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/29/2014 07:20:42 PM) (Source: MsiInstaller) (EventID: 1023) (User: BCS-CF5C12E39D8)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\don\LOCALS~1\Temp\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (05/29/2014 07:20:40 PM) (Source: MsiInstaller) (EventID: 11706) (User: BCS-CF5C12E39D8)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (05/28/2014 08:38:53 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/28/2014 08:38:53 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (05/28/2014 08:38:51 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (05/28/2014 07:09:54 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560


System errors:
=============
Error: (05/30/2014 06:40:55 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.100.10 for the Network Card with network address 001320092BCB has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/30/2014 06:40:22 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 73.178.207.77 for the Network Card with network address 001320092BCB has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/30/2014 06:38:55 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (05/29/2014 07:41:09 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (05/29/2014 07:20:49 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (05/29/2014 06:37:53 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.10 on the
Network Card with network address 001320092BCB.

Error: (05/29/2014 06:37:19 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 73.178.207.77 for the Network Card with network address 001320092BCB has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/29/2014 04:54:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (05/28/2014 08:38:54 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (05/28/2014 07:27:50 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.10 on the
Network Card with network address 001320092BCB.


Microsoft Office Sessions:
=========================
Error: (05/29/2014 07:41:08 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/29/2014 07:41:08 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (05/29/2014 07:41:06 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (05/29/2014 07:20:43 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/29/2014 07:20:42 PM) (Source: MsiInstaller) (EventID: 1023) (User: BCS-CF5C12E39D8)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\DOCUME~1\don\LOCALS~1\Temp\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (05/29/2014 07:20:40 PM) (Source: MsiInstaller) (EventID: 11706) (User: BCS-CF5C12E39D8)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (05/28/2014 08:38:53 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/28/2014 08:38:53 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (05/28/2014 08:38:51 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (05/28/2014 07:09:54 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 2038.98 MB
Available physical RAM: 1462.01 MB
Total Pagefile: 2645.29 MB
Available Pagefile: 2238.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:47.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: () (Removable) (Total:14.92 GB) (Free:14.7 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: F6F6F6F6)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 18:47:40
Running from F:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: AVG Internet Security 2014 (Disabled - Up to date) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

==================== Installed Programs ======================

Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
aioprnt (Version: 5.3.1.0 - Eastman Kodak Company) Hidden
aioscnnr (Version: 6.2.3.10 - Your Company Name) Hidden
aioscnnr (Version: 7.6.13.10 - Your Company Name) Hidden
Amazon Add to Wish List IE Extension 1.2 (HKLM\...\Amazon Add to Wish List IE Extension) (Version: 1.2 - Amazon)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4592 - AVG Technologies)
AVG 2014 (Version: 14.0.3955 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4592 - AVG Technologies) Hidden
C4USelfUpdater (Version: 1.00.0000 - Your Company Name) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.17 - Piriform)
center (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
DirectXInstallService (Version: 9.0.1 - Roxio) Hidden
EMC 10 Content (HKLM\...\{FDB46DE7-9045-47BB-970A-3E4ED5369E03}) (Version: 1.0.015 - Roxo, Inc.)
essentials (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
FMS (HKLM\...\FMS) (Version:  - )
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Intel® Extreme Graphics 2 Driver (HKLM\...\{8A708DD8-A5E6-11D4-A706-000629E95E20}) (Version: 6.14.10.4396 - )
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version:  - )
K-Lite Codec Pack 8.9.5 (Full) (HKLM\...\KLiteCodecPack_is1) (Version: 8.9.5 - )
Kodak AIO Printer (Version: 7.7.2.0 - Eastman Kodak Company) Hidden
KODAK AiO Software (HKLM\...\{E0F274B7-592B-4669-8FB8-8D9825A09858}) (Version: 7.7.6.0 - Eastman Kodak Company)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2572067) (HKLM\...\M2572067) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}) (Version: 6.10.1129.0 - Microsoft Corporation)
ocr (Version: 6.2.3.50 - Eastman Kodak Company) Hidden
PreReq (Version: 6.2.4.0 - Eastman Kodak Company) Hidden
PrintProjects (HKLM\...\PrintProjects) (Version: 1.0.0.9282 - RocketLife Inc.)
Red Baron II (HKLM\...\Red Baron II) (Version:  - )
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio BackOnTrack (HKLM\...\{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}) (Version: 1.1.0 - Roxio)
Roxio Central Audio (HKLM\...\{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}) (Version: 3.6.0 - Roxio)
Roxio Central Copy (HKLM\...\{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}) (Version: 3.6.0 - Roxio)
Roxio Central Core (HKLM\...\{ED439A64-F018-4DD4-8BA5-328D85AB09AB}) (Version: 3.6.0 - Roxio)
Roxio Central Data (HKLM\...\{08E81ABD-79F7-49C2-881F-FD6CB0975693}) (Version: 3.6.0 - Roxio)
Roxio Central Tools (HKLM\...\{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}) (Version: 3.6.0 - Roxio)
Roxio CinePlayer (HKLM\...\{1B683082-8791-4D00-8ADE-6C8986FCCC68}) (Version: 3.9 - Roxio)
Roxio CinePlayer Decoder Pack (HKLM\...\{8D337F77-BE7F-41A2-A7CB-D5A63FD7049B}) (Version: 4.3.0 - Roxio)
Roxio Disc Gallery (HKLM\...\{3E67A8DA-FE7B-4160-8465-F5571EA18753}) (Version: 3.1 - Roxio)
Roxio Easy Media Creator 10 Suite (HKLM\...\{BF83EFE2-C9F0-40D4-841C-2066668C1D7A}) (Version: 1.0.044 - Roxio)
Roxio File Backup (HKLM\...\{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}) (Version: 1.1.0 - Roxio)
Roxio MediaShare (HKLM\...\{9A9A1828-31D1-4590-A99F-022B7237AFAE}) (Version: 1.0.0 - Roxio)
Roxio Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 6.0.0 - Roxio)
Sierra Utilities (HKLM\...\Sierra Utilities) (Version:  - )
SmartSound Quicktracks Plugin (HKLM\...\InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}) (Version: 3.0.8.0 - SmartSound Software Inc)
SmartSound Quicktracks Plugin (Version: 3.0.8.0 - SmartSound Software Inc) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 5.12.01.5246 - Analog Devices)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
upapp (HKLM\...\{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}) (Version: 0.20.0000 - Hewlett-Packard)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2141007) (HKLM\...\KB2141007) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)

==================== Restore Points  =========================

17-05-2014 03:59:19 Software Distribution Service 3.0
17-05-2014 18:30:42 Removed HiJackThis
17-05-2014 18:39:28 Software Distribution Service 3.0
18-05-2014 05:00:57 Software Distribution Service 3.0
19-05-2014 02:52:25 Software Distribution Service 3.0
20-05-2014 02:19:49 Software Distribution Service 3.0
21-05-2014 03:03:25 Software Distribution Service 3.0
22-05-2014 03:20:47 Software Distribution Service 3.0
23-05-2014 03:45:30 Software Distribution Service 3.0
24-05-2014 04:23:04 Software Distribution Service 3.0
24-05-2014 15:21:03 Software Distribution Service 3.0
25-05-2014 02:03:25 Software Distribution Service 3.0
25-05-2014 12:43:44 Software Distribution Service 3.0
25-05-2014 16:42:35 Software Distribution Service 3.0
26-05-2014 16:46:56 System Checkpoint
26-05-2014 18:52:10 Software Distribution Service 3.0
26-05-2014 21:19:42 Software Distribution Service 3.0
27-05-2014 00:39:47 Software Distribution Service 3.0
27-05-2014 01:18:40 Software Distribution Service 3.0
27-05-2014 02:10:39 Software Distribution Service 3.0
27-05-2014 14:13:14 Software Distribution Service 3.0
28-05-2014 22:37:10 Software Distribution Service 3.0
28-05-2014 23:09:16 Software Distribution Service 3.0
29-05-2014 00:38:03 Software Distribution Service 3.0
29-05-2014 23:19:55 Software Distribution Service 3.0
29-05-2014 23:40:32 Software Distribution Service 3.0

==================== Hosts content: ==========================

2004-08-04 08:00 - 2014-05-26 18:03 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2007-08-24 15:53 - 2007-08-24 15:53 - 05462512 _____ () C:\Program Files\Common Files\Roxio Shared\10.0\DLLShared\roxipp52.dll
2007-08-14 03:44 - 2007-08-14 03:44 - 00113136 _____ () C:\Program Files\Roxio\CinePlayer\DMXLauncher.exe

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\79703597.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\AppMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Base => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Boot file system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\CryptSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\DcomLaunch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmadmin => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmboot.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmload.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\dmserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\EventLog => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\File system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\HelpSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Netlogon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PCI Configuration => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PlugPlay => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\PNP Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\Primary disk => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\RpcSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SCSI Class => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sermouse.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\sr.sys => ""="FSFilter System Recovery"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\SRService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\System Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vds => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vga.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\vgasave.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\WinMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{36FC9E60-C465-11CF-8056-444553540000} => ""="Universal Serial Bus controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E965-E325-11CE-BFC1-08002BE10318} => ""="CD-ROM Drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E967-E325-11CE-BFC1-08002BE10318} => ""="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E969-E325-11CE-BFC1-08002BE10318} => ""="Standard floppy disk controller"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96A-E325-11CE-BFC1-08002BE10318} => ""="Hdc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96B-E325-11CE-BFC1-08002BE10318} => ""="Keyboard"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E96F-E325-11CE-BFC1-08002BE10318} => ""="Mouse"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E977-E325-11CE-BFC1-08002BE10318} => ""="PCMCIA Adapters"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97B-E325-11CE-BFC1-08002BE10318} => ""="SCSIAdapter"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E97D-E325-11CE-BFC1-08002BE10318} => ""="System"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{4D36E980-E325-11CE-BFC1-08002BE10318} => ""="Floppy disk drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{533C5B84-EC70-11D2-9505-00C04F79DEAF} => ""="Volume shadow copy"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{71A27CDD-812A-11D0-BEC7-08002BE2092F} => ""="Volume"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\mini\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} => ""="Human Interface Devices"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\79703597.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AFD => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\AppMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Base => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Boot file system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Browser => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\CryptSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DcomLaunch => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Dhcp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmadmin => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmboot.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmio.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmload.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\dmserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\DnsCache => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\EventLog => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\File system => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\HelpSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ip6fw.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\ipnat.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanServer => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LanmanWorkstation => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\LmHosts => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Messenger => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NDIS Wrapper => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Ndisuio => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBIOSGroup => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetBT => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetDDEGroup => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Netlogon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetMan => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Network => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NetworkProvider => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\NtLmSsp => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PCI Configuration => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PlugPlay => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP Filter => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\PNP_TDI => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Primary disk => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpcdd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpdd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdpwd.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\rdsessmgr => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\RpcSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SCSI Class => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sermouse.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\sr.sys => ""="FSFilter System Recovery"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\SRService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Streams Drivers => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\System Bus Extender => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\Tcpip => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\TDI => ""="Driver Group"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdpipe.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\tdtcp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\termservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vga.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\vgasave.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WinMgmt => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\WZCSVC => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{36FC9E60-C465-11CF-8056-444553540000} => ""="Universal Serial Bus controllers"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E965-E325-11CE-BFC1-08002BE10318} => ""="CD-ROM Drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E967-E325-11CE-BFC1-08002BE10318} => ""="DiskDrive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E969-E325-11CE-BFC1-08002BE10318} => ""="Standard floppy disk controller"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96A-E325-11CE-BFC1-08002BE10318} => ""="Hdc"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96B-E325-11CE-BFC1-08002BE10318} => ""="Keyboard"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E96F-E325-11CE-BFC1-08002BE10318} => ""="Mouse"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E972-E325-11CE-BFC1-08002BE10318} => ""="Net"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E973-E325-11CE-BFC1-08002BE10318} => ""="NetClient"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E974-E325-11CE-BFC1-08002BE10318} => ""="NetService"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E975-E325-11CE-BFC1-08002BE10318} => ""="NetTrans"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E977-E325-11CE-BFC1-08002BE10318} => ""="PCMCIA Adapters"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97B-E325-11CE-BFC1-08002BE10318} => ""="SCSIAdapter"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E97D-E325-11CE-BFC1-08002BE10318} => ""="System"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{4D36E980-E325-11CE-BFC1-08002BE10318} => ""="Floppy disk drive"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{71A27CDD-812A-11D0-BEC7-08002BE2092F} => ""="Volume"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\net\{745A17A0-74D3-11D0-B6FE-00A0C90F57DA} => ""="Human Interface Devices"

==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: ares => "C:\Program Files\Ares\Ares.exe" -h
MSCONFIG\startupreg: Conime => %windir%\system32\conime.exe
MSCONFIG\startupreg: ctfmon.exe => C:\WINDOWS\system32\ctfmon.exe
MSCONFIG\startupreg: igfxhkcmd => C:\WINDOWS\system32\hkcmd.exe
MSCONFIG\startupreg: igfxpers => C:\WINDOWS\system32\igfxpers.exe
MSCONFIG\startupreg: igfxtray => C:\WINDOWS\system32\igfxtray.exe
MSCONFIG\startupreg: ISUSScheduler => "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
MSCONFIG\startupreg: RoxWatchTray => "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxWatchTray10.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/29/2014 07:41:08 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/29/2014 07:41:08 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (05/29/2014 07:41:06 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (05/29/2014 07:20:43 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/29/2014 07:20:42 PM) (Source: MsiInstaller) (EventID: 1023) (User: BCS-CF5C12E39D8)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\DOCUME~1\don\LOCALS~1\Temp\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (05/29/2014 07:20:40 PM) (Source: MsiInstaller) (EventID: 11706) (User: BCS-CF5C12E39D8)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (05/28/2014 08:38:53 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/28/2014 08:38:53 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 - Update '{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}' could not be installed. Error code 1603. Additional information is available in the log file C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log.

Error: (05/28/2014 08:38:51 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.

Error: (05/28/2014 07:09:54 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560


System errors:
=============
Error: (05/30/2014 06:40:55 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 192.168.100.10 for the Network Card with network address 001320092BCB has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/30/2014 06:40:22 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 73.178.207.77 for the Network Card with network address 001320092BCB has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/30/2014 06:38:55 PM) (Source: Windows Update Agent) (EventID: 16) (User: )
Description: Unable to Connect: Windows is unable to connect to the automatic updates service and therefore cannot download and install updates according to the set schedule. Windows will continue to try to establish a connection.

Error: (05/29/2014 07:41:09 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (05/29/2014 07:20:49 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (05/29/2014 06:37:53 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.10 on the
Network Card with network address 001320092BCB.

Error: (05/29/2014 06:37:19 PM) (Source: Dhcp) (EventID: 1002) (User: )
Description: The IP address lease 73.178.207.77 for the Network Card with network address 001320092BCB has been
denied by the DHCP server 192.168.100.1 (The DHCP Server sent a DHCPNACK message).

Error: (05/29/2014 04:54:17 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (05/28/2014 08:38:54 PM) (Source: Windows Update Agent) (EventID: 20) (User: )
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Microsoft .NET Framework 1.1 SP1 on Windows XP, Windows Vista, and Windows Server 2008 x86 (KB2833941).

Error: (05/28/2014 07:27:50 PM) (Source: Dhcp) (EventID: 1000) (User: )
Description: Your computer has lost the lease to its IP address 192.168.100.10 on the
Network Card with network address 001320092BCB.


Microsoft Office Sessions:
=========================
Error: (05/29/2014 07:41:08 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/29/2014 07:41:08 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (05/29/2014 07:41:06 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (05/29/2014 07:20:43 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/29/2014 07:20:42 PM) (Source: MsiInstaller) (EventID: 1023) (User: BCS-CF5C12E39D8)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\DOCUME~1\don\LOCALS~1\Temp\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (05/29/2014 07:20:40 PM) (Source: MsiInstaller) (EventID: 11706) (User: BCS-CF5C12E39D8)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (05/28/2014 08:38:53 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560

Error: (05/28/2014 08:38:53 PM) (Source: MsiInstaller) (EventID: 1023) (User: NT AUTHORITY)
Description: Microsoft .NET Framework 1.1{C0F0DCDC-99EA-4405-BDAE-CACABD3D2DF0}1603C:\WINDOWS\TEMP\NDP1.1sp1-KB2833941-X86\NDP1.1sp1-KB2833941-X86-msi.0.log

Error: (05/28/2014 08:38:51 PM) (Source: MsiInstaller) (EventID: 11706) (User: NT AUTHORITY)
Description: Product: Microsoft .NET Framework 1.1 -- Error 1706.No valid source could be found for product Microsoft .NET Framework 1.1.  The Windows installer cannot continue.(NULL)(NULL)(NULL)

Error: (05/28/2014 07:09:54 PM) (Source: NativeWrapper) (EventID: 5000) (User: )
Description: visualstudio7x80updatemsiexec.exe1.0.1722.5085kb28339411033643finstallx865.1.2600.2.3.0.2560


==================== Memory info ===========================

Percentage of memory in use: 28%
Total physical RAM: 2038.98 MB
Available physical RAM: 1462.01 MB
Total Pagefile: 2645.29 MB
Available Pagefile: 2238.98 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.56 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.52 GB) (Free:47.04 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: () (Removable) (Total:14.92 GB) (Free:14.7 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: F6F6F6F6)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 15 GB) (Disk ID: 6F20736B)
No partition Table on disk 1.
Disk 1 is a removable device.

==================== End Of Log ============================



#6 2stumpy

2stumpy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:north
  • Local time:09:45 PM

Posted 30 May 2014 - 06:12 PM

fireman4it thanks for the reply.real sorry for multiple log posts.



#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:45 PM

Posted 30 May 2014 - 06:14 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   381bytes   3 downloads

 

 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 2stumpy

2stumpy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:north
  • Local time:09:45 PM

Posted 30 May 2014 - 06:32 PM

what the!! again multiple posts

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-05-2014 02
Ran by don at 2014-05-30 19:21:10 Run:1
Running from F:\
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@
*****************

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Windows\Installer\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.
C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9} => Moved successfully.
"C:\Documents and Settings\don\Local Settings\Application Data\{30a73fb9-468e-8830-7341-a56188b719d9}\@" => File/Directory not found.

==== End of Fixlog ====



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:45 PM

Posted 30 May 2014 - 07:07 PM

  •    
  • Download RogueKiller on the desktop
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Scan 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 2stumpy

2stumpy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:north
  • Local time:09:45 PM

Posted 30 May 2014 - 07:36 PM

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software

mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : don [Admin rights]
Mode : Scan -- Date : 05/30/2014 20:25:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[SERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 5793 (C:\Documents and Settings\don\Local Settings\Temp\5793.sys [x]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD800BB-56JKC0 +++++
--- User ---
[MBR] f70610cc4ef6bca14d8b3b1e3eccec0d
[BSP] d3fc424c1e1bc7b31e9b19b7b349e540 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Corsair Voyager USB Device +++++
--- User ---
[MBR] cee5c74ca316fb7e7cbdf30174893a3b
[BSP] 86b205225c57d2b290a86d7c837dbdfe : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 MB
1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 MB
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 MB
3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): -1409286144 | Size: 27 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_05302014_202536.txt >>



RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : don [Admin rights]
Mode : Scan -- Date : 05/30/2014 20:25:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[SERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 5793 (C:\Documents and Settings\don\Local Settings\Temp\5793.sys [x]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD800BB-56JKC0 +++++
--- User ---
[MBR] f70610cc4ef6bca14d8b3b1e3eccec0d
[BSP] d3fc424c1e1bc7b31e9b19b7b349e540 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Corsair Voyager USB Device +++++
--- User ---
[MBR] cee5c74ca316fb7e7cbdf30174893a3b
[BSP] 86b205225c57d2b290a86d7c837dbdfe : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 MB
1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 MB
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 MB
3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): -1409286144 | Size: 27 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_05302014_202536.txt >>



RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : don [Admin rights]
Mode : Scan -- Date : 05/30/2014 20:25:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[SERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 5793 (C:\Documents and Settings\don\Local Settings\Temp\5793.sys [x]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD800BB-56JKC0 +++++
--- User ---
[MBR] f70610cc4ef6bca14d8b3b1e3eccec0d
[BSP] d3fc424c1e1bc7b31e9b19b7b349e540 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Corsair Voyager USB Device +++++
--- User ---
[MBR] cee5c74ca316fb7e7cbdf30174893a3b
[BSP] 86b205225c57d2b290a86d7c837dbdfe : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 MB
1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 MB
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 MB
3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): -1409286144 | Size: 27 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_05302014_202536.txt >>



RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : don [Admin rights]
Mode : Scan -- Date : 05/30/2014 20:25:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[SERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 5793 (C:\Documents and Settings\don\Local Settings\Temp\5793.sys [x]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD800BB-56JKC0 +++++
--- User ---
[MBR] f70610cc4ef6bca14d8b3b1e3eccec0d
[BSP] d3fc424c1e1bc7b31e9b19b7b349e540 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Corsair Voyager USB Device +++++
--- User ---
[MBR] cee5c74ca316fb7e7cbdf30174893a3b
[BSP] 86b205225c57d2b290a86d7c837dbdfe : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 MB
1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 MB
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 MB
3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): -1409286144 | Size: 27 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_05302014_202536.txt >>

fireman4it much appreciation.



#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:45 PM

Posted 30 May 2014 - 08:02 PM

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 2stumpy

2stumpy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:north
  • Local time:09:45 PM

Posted 30 May 2014 - 08:23 PM

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : don [Admin rights]
Mode : Scan -- Date : 05/30/2014 20:25:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[SERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 5793 (C:\Documents and Settings\don\Local Settings\Temp\5793.sys [x]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD800BB-56JKC0 +++++
--- User ---
[MBR] f70610cc4ef6bca14d8b3b1e3eccec0d
[BSP] d3fc424c1e1bc7b31e9b19b7b349e540 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Corsair Voyager USB Device +++++
--- User ---
[MBR] cee5c74ca316fb7e7cbdf30174893a3b
[BSP] 86b205225c57d2b290a86d7c837dbdfe : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 MB
1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 MB
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 MB
3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): -1409286144 | Size: 27 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_05302014_202536.txt >>



RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : don [Admin rights]
Mode : Scan -- Date : 05/30/2014 20:25:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[SERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 5793 (C:\Documents and Settings\don\Local Settings\Temp\5793.sys [x]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD800BB-56JKC0 +++++
--- User ---
[MBR] f70610cc4ef6bca14d8b3b1e3eccec0d
[BSP] d3fc424c1e1bc7b31e9b19b7b349e540 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Corsair Voyager USB Device +++++
--- User ---
[MBR] cee5c74ca316fb7e7cbdf30174893a3b
[BSP] 86b205225c57d2b290a86d7c837dbdfe : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 MB
1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 MB
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 MB
3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): -1409286144 | Size: 27 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_05302014_202536.txt >>



RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : don [Admin rights]
Mode : Scan -- Date : 05/30/2014 20:25:36
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[SERVICE][ROGUE ST] HKLM\[...]\CS002\[...]\Services : 5793 (C:\Documents and Settings\don\Local Settings\Temp\5793.sys [x]) -> FOUND
[HJ POL][PUM] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1       localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) WDC WD800BB-56JKC0 +++++
--- User ---
[MBR] f70610cc4ef6bca14d8b3b1e3eccec0d
[BSP] d3fc424c1e1bc7b31e9b19b7b349e540 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76308 MB
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: (\\.\PHYSICALDRIVE1 @ USB) Corsair Voyager USB Device +++++
--- User ---
[MBR] cee5c74ca316fb7e7cbdf30174893a3b
[BSP] 86b205225c57d2b290a86d7c837dbdfe : MBR Code unknown
Partition table:
0 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 778135908 | Size: 557377 MB
1 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 168689522 | Size: 945326 MB
2 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): 1869881465 | Size: 945326 MB
3 - [XXXXXX] UNKNOWN (0x00) [VISIBLE] Offset (sectors): -1409286144 | Size: 27 MB
User = LL1 ... OK!
Error reading LL2 MBR! ([0x32] The request is not supported. )

Finished : << RKreport[0]_S_05302014_202536.txt >>



new log



#13 2stumpy

2stumpy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:north
  • Local time:09:45 PM

Posted 30 May 2014 - 09:07 PM

fireman4it thanks for your time and help.got to crash now.will check back tomorrow  around 2 pm est.



#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:08:45 PM

Posted 31 May 2014 - 02:56 PM

  •    
  • Re-Run RogueKiller
       
  • Close all the running processes
       
  • Under Vista/Seven, right click -> Run as Administrator
       
  • Otherwise just double-click on RogueKiller.exe
       
  • When prompted, Click Delete 
       
  • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
       
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 2stumpy

2stumpy
  • Topic Starter

  • Members
  • 22 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:north
  • Local time:09:45 PM

Posted 31 May 2014 - 05:18 PM

fireman4it close processe or programs.last log should be no programs






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users