Hi and thanks for your help.
I'm pretty sure you wanted me to scan my Win7 drive since the boot files are located there. However I also scanned the XP files. They're listed second. Here they are:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by SYSTEM on MININT-KAUREU1 on 29-03-2014 01:17:42
Running from H:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [12005080 2013-08-28] (Realtek Semiconductor)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Norton Ghost 15.0] - C:\Program Files\Norton Ghost\Agent\VProTray.exe [2596712 2009-10-01] (Symantec Corporation)
HKLM\...\Run: [XFastUSB] - C:\Program Files\XFastUSB\XFastUsb.exe [5019360 2013-11-14] (FNet Co., Ltd.)
HKLM\...\Run: [NUSB3MON] - C:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [106496 2009-11-20] (NEC Electronics Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer: [HideSCAHealth] 1
HKU\DefaultAppPool\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
HKU\Private User\...\Run: [swg] - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2013-10-24] (Google Inc.)
HKU\Private User\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [354304 2009-07-13] (Microsoft Corporation)
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] - C:\Program Files\Windows Mail\wab.exe [516096 2010-11-20] (Microsoft Corporation)
========================== Services (Whitelisted) =================
S2 AcronisOSSReinstallSvc; C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall_svc.exe [2217416 2007-02-22] ()
S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1363584 2014-03-03] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1748608 2014-03-03] (Microsoft Corporation)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc.exe [122000 2011-12-11] (Seiko Epson Corporation)
S2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2012-02-20] (SEIKO EPSON CORPORATION)
S3 GenericMount Helper Service; C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [1571336 2009-09-21] (Symantec)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S2 Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [4584288 2009-10-01] (Symantec Corporation)
S3 SandraAgentSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [93848 2009-08-17] (SiSoftware)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
S3 SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [1964528 2009-09-21] (Symantec)
S2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
==================== Drivers (Whitelisted) ====================
S0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [11944 2012-12-03] (Advanced Micro Devices Inc.)
S3 bdfsfltr; C:\Windows\System32\DRIVERS\bdfsfltr.sys [353096 2011-03-24] (BitDefender)
S3 FNETTBOH_305; C:\Windows\System32\drivers\FNETTBOH_305.SYS [29760 2014-03-28] (FNet Co., Ltd.)
S1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [14656 2013-11-14] (FNet Co., Ltd.)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [46192 2009-09-21] (Symantec Corporation)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [31560 2013-10-26] ()
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S1 MpKsl1dad47e9; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19185D92-86CF-40EA-B363-88C8B6CE6C96}\MpKsl1dad47e9.sys [39464 2014-03-28] ()
S1 MpKsl7c46071a; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{19185D92-86CF-40EA-B363-88C8B6CE6C96}\MpKsl7c46071a.sys [39464 2014-03-29] (Microsoft Corporation)
S2 PfModNT; C:\Windows\system32\PfModNT.sys [10194 2002-09-06] (Creative Technology Ltd.)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [16472 2012-01-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [11104 2012-01-18] ()
S3 SANDRA; C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\Sandra.sys [23112 2009-08-07] (SiSoftware)
S3 sbpci; C:\Windows\System32\drivers\sbpci.sys [668160 2002-10-22] (Creative Technology Ltd.)
S3 Si3132r5; C:\Windows\system32\DRIVERS\Si3132r5.sys [217128 2008-10-09] (Silicon Image, Inc)
S0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2008-10-09] (Silicon Image, Inc.)
S0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2008-10-09] (Silicon Image, Inc.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [12984 2012-01-23] ()
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2014-03-12] (The OpenVPN Project)
S1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [256904 2012-06-04] (Trend Micro Inc.)
S0 vidsflt58; C:\Windows\System32\DRIVERS\vsflt58.sys [84512 2012-05-10] (Acronis)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [15096 2009-09-21] (Symantec Corporation)
S2 V2iMount;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-29 01:03 - 2014-03-29 01:17 - 00000000 ____D () C:\FRST
2014-03-29 00:12 - 2014-03-29 01:06 - 00024936 _____ () C:\Users\Private User\Desktop\FRSTxp.txt
2014-03-28 23:43 - 2014-03-28 23:43 - 00003288 ____N () C:\bootsqm.dat
2014-03-28 23:16 - 2014-03-28 23:16 - 01145856 _____ (Farbar) C:\Users\Private User\Downloads\FRST.exe
2014-03-28 23:10 - 2014-03-28 23:10 - 00133581 _____ () C:\Users\Private User\Desktop\Cannot boot into XP drive in Win7_XP Dual Boot System - Computer Won't Boot - Malware Related.htm
2014-03-28 23:10 - 2014-03-28 23:10 - 00000000 ____D () C:\Users\Private User\Desktop\Cannot boot into XP drive in Win7_XP Dual Boot System - Computer Won't Boot - Malware Related_files
2014-03-28 18:48 - 2014-03-28 18:49 - 00000004 ____H () C:\Program Files\__iw3sp
2014-03-28 18:38 - 2014-03-26 01:32 - 1030228290 ____R () C:\Users\Private User\Desktop\Thief - Deadly Shadows.7z
2014-03-27 22:05 - 2014-03-27 22:05 - 00000249 _____ () C:\Users\Private User\Desktop\(14 unread) - jpeterb701 - Yahoo Mail.URL
2014-03-27 20:57 - 2014-03-27 21:05 - 00000468 _____ () C:\Users\Private User\Desktop\winxp loading problem.txt
2014-03-27 20:54 - 2014-03-27 20:54 - 00032768 _____ () C:\bcd_backup
2014-03-27 20:54 - 2014-03-27 20:54 - 00029696 ___SH () C:\bcd_backup.LOG
2014-03-27 20:53 - 2014-03-27 20:53 - 00000000 _____ () C:\Users\Private User\Desktop\New Text Document (2).txt
2014-03-27 20:01 - 2014-03-27 20:01 - 00000000 ____D () C:\NST
2014-03-27 19:22 - 2014-03-27 20:50 - 00000000 ____D () C:\Users\Private User\AppData\Local\NeoSmart_Technologies
2014-03-27 19:21 - 2014-03-27 19:21 - 00032768 _____ () C:\Users\Private User\Documents\EasyBCD Backup (2014-03-27) (2).bcd
2014-03-27 19:13 - 2014-03-27 19:13 - 00032768 _____ () C:\Users\Private User\Documents\EasyBCD Backup (2014-03-27).bcd
2014-03-27 19:13 - 2014-03-27 19:13 - 00001175 _____ () C:\Users\Public\Desktop\EasyBCD 2.2.lnk
2014-03-27 19:12 - 2014-03-27 19:12 - 01618440 _____ () C:\Users\Private User\Downloads\EasyBCD 2.2.exe
2014-03-27 19:12 - 2014-03-27 19:12 - 01618440 _____ () C:\Users\Private User\Desktop\EasyBCD 2.2.exe
2014-03-27 19:12 - 2014-03-27 19:12 - 00000000 ____D () C:\Program Files\NeoSmart Technologies
2014-03-25 23:39 - 2014-03-25 23:39 - 00000000 _____ () C:\Users\Private User\Desktop\New Text Document.txt
2014-03-25 18:07 - 2014-03-25 18:07 - 00000000 ____D () C:\ProgramData\Rockstar Games
2014-03-23 23:11 - 2014-03-23 23:22 - 00000000 ____D () C:\Users\Private User\Documents\S&M Lois
2014-03-23 17:46 - 2014-03-23 17:46 - 00000237 _____ () C:\Users\Private User\Desktop\Yahoo Mail.URL
2014-03-23 17:46 - 2014-03-23 17:46 - 00000109 _____ () C:\Users\Private User\Desktop\Yahoo!Mail.URL
2014-03-23 17:13 - 2014-03-23 17:13 - 00032819 _____ () C:\Users\Private User\Downloads\[kickass.to]max.payne.3.2012.pc.rip.torrent
2014-03-21 23:08 - 2014-03-21 23:08 - 00000000 ____D () C:\Users\Private User\AppData\Local\Chromium
2014-03-21 22:43 - 2008-10-15 05:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\System32\D3DCompiler_40.dll
2014-03-21 22:43 - 2008-10-15 05:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\System32\d3dx10_40.dll
2014-03-21 22:42 - 2008-10-15 05:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\System32\D3DX9_40.dll
2014-03-21 14:57 - 2014-03-21 14:57 - 00025028 _____ () C:\Users\Private User\Desktop\brynmarapartments.com.htm
2014-03-21 14:57 - 2014-03-21 14:57 - 00000000 ____D () C:\Users\Private User\Desktop\brynmarapartments.com_files
2014-03-21 12:06 - 2014-03-23 23:49 - 00000115 _____ () C:\Users\Private User\Desktop\apt shopping list.txt
2014-03-14 22:16 - 2014-03-14 22:16 - 00000000 ____D () C:\fbb0c41fe0d5c57d0fa249a8
2014-03-13 14:56 - 2014-03-13 14:59 - 00000000 ____D () C:\Users\Private User\Documents\kerwin pics
2014-03-12 19:55 - 2014-02-28 20:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-12 19:55 - 2014-02-28 20:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-12 19:55 - 2014-02-28 20:10 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-03-12 19:55 - 2014-02-28 19:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-03-12 19:55 - 2014-02-28 19:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-03-12 19:55 - 2014-02-28 19:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-12 19:55 - 2014-02-28 19:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-12 19:55 - 2014-02-28 19:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-03-12 19:55 - 2014-02-28 19:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-03-12 19:55 - 2014-02-28 19:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-03-12 19:55 - 2014-02-28 19:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-03-12 19:55 - 2014-02-28 19:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-03-12 19:55 - 2014-02-28 19:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-12 19:55 - 2014-02-28 19:25 - 00208896 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-03-12 19:55 - 2014-02-28 19:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-03-12 19:55 - 2014-02-28 19:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-12 19:55 - 2014-02-28 19:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-12 19:55 - 2014-02-28 19:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-03-12 19:55 - 2014-02-28 18:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-12 19:55 - 2014-02-28 18:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-12 19:55 - 2014-02-28 18:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-12 19:55 - 2014-02-28 18:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-03-12 19:55 - 2014-02-03 18:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-03-12 19:54 - 2014-02-06 17:07 - 02349056 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-03-12 19:54 - 2014-01-28 18:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\System32\wer.dll
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 ____D () C:\Users\Private User\AppData\Roaming\Titanium
2014-03-12 17:04 - 2014-03-12 17:05 - 00000000 ____D () C:\Program Files\pia_manager
2014-03-12 17:04 - 2014-03-12 17:04 - 00026624 _____ (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
2014-03-10 01:09 - 2014-03-12 17:04 - 00000000 ____D () C:\Users\Private User\Documents\vpn
2014-03-09 20:42 - 2014-03-10 16:15 - 00000000 ____D () C:\Users\Private User\Documents\insurance commissioner
2014-03-08 22:55 - 2014-03-08 22:55 - 00000165 _____ () C:\Users\Private User\Desktop\TV Listings.URL
2014-03-07 17:24 - 2014-03-07 17:24 - 00210903 _____ () C:\Users\Private User\Downloads\CenturyLink _ Customize.htm
2014-03-07 17:24 - 2014-03-07 17:24 - 00000000 ____D () C:\Users\Private User\Downloads\CenturyLink _ Customize_files
2014-03-04 18:16 - 2014-03-05 16:42 - 00013824 _____ () C:\Users\Private User\Documents\Peter's weight chart.xls
==================== One Month Modified Files and Folders =======
2014-03-29 01:17 - 2014-03-29 01:03 - 00000000 ____D () C:\FRST
2014-03-29 01:06 - 2014-03-29 00:12 - 00024936 _____ () C:\Users\Private User\Desktop\FRSTxp.txt
2014-03-29 00:12 - 2013-05-01 20:27 - 00000000 ____D () C:\Users\Private User\AppData\Roaming\ID Vault
2014-03-29 00:09 - 2009-07-13 20:39 - 12239408 ____C () C:\Windows\setupact.log
2014-03-29 00:08 - 2014-01-07 23:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-03-28 23:52 - 2014-01-07 23:21 - 01433708 _____ () C:\Windows\WindowsUpdate.log
2014-03-28 23:52 - 2013-05-01 20:27 - 00000000 ____D () C:\Users\Private User\AppData\Local\ID Vault
2014-03-28 23:52 - 2009-07-13 20:34 - 00013760 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-28 23:52 - 2009-07-13 20:34 - 00013760 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-28 23:51 - 2014-01-08 00:19 - 00782470 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-28 23:49 - 2013-11-14 20:48 - 00029760 _____ (FNet Co., Ltd.) C:\Windows\System32\Drivers\FNETTBOH_305.SYS
2014-03-28 23:43 - 2014-03-28 23:43 - 00003288 ____N () C:\bootsqm.dat
2014-03-28 23:16 - 2014-03-28 23:16 - 01145856 _____ (Farbar) C:\Users\Private User\Downloads\FRST.exe
2014-03-28 23:10 - 2014-03-28 23:10 - 00133581 _____ () C:\Users\Private User\Desktop\Cannot boot into XP drive in Win7_XP Dual Boot System - Computer Won't Boot - Malware Related.htm
2014-03-28 23:10 - 2014-03-28 23:10 - 00000000 ____D () C:\Users\Private User\Desktop\Cannot boot into XP drive in Win7_XP Dual Boot System - Computer Won't Boot - Malware Related_files
2014-03-28 18:49 - 2014-03-28 18:48 - 00000004 ____H () C:\Program Files\__iw3sp
2014-03-27 22:05 - 2014-03-27 22:05 - 00000249 _____ () C:\Users\Private User\Desktop\(14 unread) - jpeterb701 - Yahoo Mail.URL
2014-03-27 21:51 - 2012-03-15 15:43 - 00000000 ____D () C:\Users\Private User\AppData\Local\Google
2014-03-27 21:05 - 2014-03-27 20:57 - 00000468 _____ () C:\Users\Private User\Desktop\winxp loading problem.txt
2014-03-27 20:54 - 2014-03-27 20:54 - 00032768 _____ () C:\bcd_backup
2014-03-27 20:54 - 2014-03-27 20:54 - 00029696 ___SH () C:\bcd_backup.LOG
2014-03-27 20:53 - 2014-03-27 20:53 - 00000000 _____ () C:\Users\Private User\Desktop\New Text Document (2).txt
2014-03-27 20:50 - 2014-03-27 19:22 - 00000000 ____D () C:\Users\Private User\AppData\Local\NeoSmart_Technologies
2014-03-27 20:50 - 2009-07-13 23:48 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-03-27 20:50 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\wfp
2014-03-27 20:50 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\AppCompat
2014-03-27 20:30 - 2011-06-09 01:29 - 00000000 ____D () C:\Users\Private User\AppData\Roaming\uTorrent
2014-03-27 20:02 - 2009-07-13 20:57 - 00025600 ___SH () C:\Windows\System32\config\BCD-Template.LOG
2014-03-27 20:02 - 2009-07-13 20:52 - 00028672 _____ () C:\Windows\System32\config\BCD-Template
2014-03-27 20:01 - 2014-03-27 20:01 - 00000000 ____D () C:\NST
2014-03-27 20:01 - 2014-01-07 03:45 - 00000345 __RSH () C:\boot.ini
2014-03-27 20:01 - 2006-02-28 04:00 - 00297072 __RSH () C:\ntldr
2014-03-27 20:01 - 2006-02-28 04:00 - 00047772 __RSH () C:\NTDETECT.COM
2014-03-27 19:21 - 2014-03-27 19:21 - 00032768 _____ () C:\Users\Private User\Documents\EasyBCD Backup (2014-03-27) (2).bcd
2014-03-27 19:13 - 2014-03-27 19:13 - 00032768 _____ () C:\Users\Private User\Documents\EasyBCD Backup (2014-03-27).bcd
2014-03-27 19:13 - 2014-03-27 19:13 - 00001175 _____ () C:\Users\Public\Desktop\EasyBCD 2.2.lnk
2014-03-27 19:12 - 2014-03-27 19:12 - 01618440 _____ () C:\Users\Private User\Downloads\EasyBCD 2.2.exe
2014-03-27 19:12 - 2014-03-27 19:12 - 01618440 _____ () C:\Users\Private User\Desktop\EasyBCD 2.2.exe
2014-03-27 19:12 - 2014-03-27 19:12 - 00000000 ____D () C:\Program Files\NeoSmart Technologies
2014-03-26 01:32 - 2014-03-28 18:38 - 1030228290 ____R () C:\Users\Private User\Desktop\Thief - Deadly Shadows.7z
2014-03-25 23:41 - 2011-01-16 03:00 - 00000000 ____D () C:\!KillBox
2014-03-25 23:39 - 2014-03-25 23:39 - 00000000 _____ () C:\Users\Private User\Desktop\New Text Document.txt
2014-03-25 20:50 - 2014-01-08 17:30 - 00000000 ____D () C:\users\Administrator
2014-03-25 20:50 - 2014-01-07 23:23 - 00000000 ____D () C:\users\DefaultAppPool
2014-03-25 20:47 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-03-25 18:07 - 2014-03-25 18:07 - 00000000 ____D () C:\ProgramData\Rockstar Games
2014-03-25 18:07 - 2011-06-08 19:32 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-25 17:54 - 2012-06-26 16:21 - 00000000 ____D () C:\Users\Private User\Documents\Optional Tools
2014-03-23 23:49 - 2014-03-21 12:06 - 00000115 _____ () C:\Users\Private User\Desktop\apt shopping list.txt
2014-03-23 23:22 - 2014-03-23 23:11 - 00000000 ____D () C:\Users\Private User\Documents\S&M Lois
2014-03-23 18:15 - 2011-06-09 01:58 - 00000000 ____D () C:\Users\Private User\Downloads\eMule
2014-03-23 17:46 - 2014-03-23 17:46 - 00000237 _____ () C:\Users\Private User\Desktop\Yahoo Mail.URL
2014-03-23 17:46 - 2014-03-23 17:46 - 00000109 _____ () C:\Users\Private User\Desktop\Yahoo!Mail.URL
2014-03-23 17:21 - 2012-06-26 16:02 - 00000000 ____D () C:\Users\Private User\Documents\jpeg images
2014-03-23 17:20 - 2012-06-26 16:13 - 00000000 ____D () C:\Users\Private User\Documents\Notepad Docs
2014-03-23 17:13 - 2014-03-23 17:13 - 00032819 _____ () C:\Users\Private User\Downloads\[kickass.to]max.payne.3.2012.pc.rip.torrent
2014-03-21 23:48 - 2012-06-26 16:26 - 00000000 ____D () C:\Users\Private User\Documents\Rockstar Games
2014-03-21 23:08 - 2014-03-21 23:08 - 00000000 ____D () C:\Users\Private User\AppData\Local\Chromium
2014-03-21 15:27 - 2012-02-16 13:56 - 00000000 ____D () C:\ATI
2014-03-21 15:20 - 2011-06-09 02:37 - 00000000 ____D () C:\Windows\pss
2014-03-21 14:57 - 2014-03-21 14:57 - 00025028 _____ () C:\Users\Private User\Desktop\brynmarapartments.com.htm
2014-03-21 14:57 - 2014-03-21 14:57 - 00000000 ____D () C:\Users\Private User\Desktop\brynmarapartments.com_files
2014-03-20 19:20 - 2013-08-31 17:23 - 00000000 ____D () C:\Windows\System32\MRT
2014-03-20 19:17 - 2014-01-08 16:47 - 87350280 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-03-14 22:16 - 2014-03-14 22:16 - 00000000 ____D () C:\fbb0c41fe0d5c57d0fa249a8
2014-03-14 19:44 - 2011-06-09 18:34 - 00000000 ____D () C:\Program Files\Descent
2014-03-14 17:09 - 2013-04-20 12:57 - 00000000 ___RD () C:\Program Files\Skype
2014-03-13 14:59 - 2014-03-13 14:56 - 00000000 ____D () C:\Users\Private User\Documents\kerwin pics
2014-03-13 14:55 - 2012-06-26 16:05 - 00000000 ____D () C:\Users\Private User\Documents\Kerwin
2014-03-13 02:18 - 2009-07-13 20:33 - 00288536 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-03-13 02:17 - 2011-06-09 03:59 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 17:05 - 2014-03-12 17:05 - 00000000 ____D () C:\Users\Private User\AppData\Roaming\Titanium
2014-03-12 17:05 - 2014-03-12 17:04 - 00000000 ____D () C:\Program Files\pia_manager
2014-03-12 17:05 - 2012-07-30 21:03 - 00000000 ____D () C:\Users\Private User\AppData\Local\Apple Computer
2014-03-12 17:05 - 2011-12-05 22:49 - 00000000 ____D () C:\Users\Private User\AppData\Roaming\Apple Computer
2014-03-12 17:04 - 2014-03-12 17:04 - 00026624 _____ (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
2014-03-12 17:04 - 2014-03-10 01:09 - 00000000 ____D () C:\Users\Private User\Documents\vpn
2014-03-12 03:45 - 2012-07-05 19:29 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-03-12 03:45 - 2011-07-03 19:11 - 00071048 ____C (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-03-10 16:15 - 2014-03-09 20:42 - 00000000 ____D () C:\Users\Private User\Documents\insurance commissioner
2014-03-08 22:55 - 2014-03-08 22:55 - 00000165 _____ () C:\Users\Private User\Desktop\TV Listings.URL
2014-03-07 17:24 - 2014-03-07 17:24 - 00210903 _____ () C:\Users\Private User\Downloads\CenturyLink _ Customize.htm
2014-03-07 17:24 - 2014-03-07 17:24 - 00000000 ____D () C:\Users\Private User\Downloads\CenturyLink _ Customize_files
2014-03-05 16:42 - 2014-03-04 18:16 - 00013824 _____ () C:\Users\Private User\Documents\Peter's weight chart.xls
2014-02-28 20:30 - 2014-03-12 19:55 - 17074688 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-28 20:11 - 2014-03-12 19:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-28 20:10 - 2014-03-12 19:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-02-28 19:52 - 2014-03-12 19:55 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-28 19:51 - 2014-03-12 19:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-02-28 19:47 - 2014-03-12 19:55 - 02168320 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-28 19:43 - 2014-03-12 19:55 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-28 19:43 - 2014-03-12 19:55 - 00032768 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-28 19:40 - 2014-03-12 19:55 - 00440832 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-28 19:38 - 2014-03-12 19:55 - 00112128 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-02-28 19:38 - 2014-03-12 19:55 - 00108032 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-02-28 19:37 - 2014-03-12 19:55 - 00553472 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-02-28 19:31 - 2014-03-12 19:55 - 00646144 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-02-28 19:25 - 2014-03-12 19:55 - 00208896 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-28 19:16 - 2014-03-12 19:55 - 00164864 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-28 19:14 - 2014-03-12 19:55 - 04244480 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-28 19:03 - 2014-03-12 19:55 - 00524288 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-28 19:00 - 2014-03-12 19:55 - 01964032 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-02-28 18:57 - 2014-03-12 19:55 - 11266048 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-28 18:32 - 2014-03-12 19:55 - 01820160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-28 18:27 - 2014-03-12 19:55 - 01156096 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-28 18:25 - 2014-03-12 19:55 - 00703488 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
Some content of TEMP:
====================
C:\Users\Private User\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Private User\AppData\Local\Temp\drm_dyndata_7380014.dll
C:\Users\Private User\AppData\Local\Temp\flashinst.exe
C:\Users\Private User\AppData\Local\Temp\LTMSG.EXE
C:\Users\Private User\AppData\Local\Temp\LTREMOVE.EXE
C:\Users\Private User\AppData\Local\Temp\LTSETUP1.DLL
C:\Users\Private User\AppData\Local\Temp\LTSETUP2.DLL
C:\Users\Private User\AppData\Local\Temp\LTSETUP3.EXE
C:\Users\Private User\AppData\Local\Temp\MP3_Launcher_1_27_0_0.exe
C:\Users\Private User\AppData\Local\Temp\SETUP.EXE
C:\Users\Private User\AppData\Local\Temp\Uninst.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2014-03-24 21:06:13
Restore point made on: 2014-03-25 18:07:23
Restore point made on: 2014-03-28 17:26:59
==================== Memory info ===========================
Percentage of memory in use: 12%
Total physical RAM: 4095.24 MB
Available physical RAM: 3575.68 MB
Total Pagefile: 4093.52 MB
Available Pagefile: 3581.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.38 MB
==================== Drives ================================
Drive c: (WIN7) (Fixed) (Total:232.88 GB) (Free:161.14 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (WinXP) (Fixed) (Total:100 GB) (Free:66.34 GB) NTFS
Drive e: (Downloads) (Fixed) (Total:198.09 GB) (Free:64.6 GB) NTFS
Drive g: (GRMCHPFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
Drive h: (USB20FD16gb) (Removable) (Total:14.76 GB) (Free:12.7 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 4AA5C423)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 298 GB) (Disk ID: D49BF80A)
Partition: GPT Partition Type.
========================================================
Disk: 2 (Size: 15 GB) (Disk ID: AE410B24)
Partition: GPT Partition Type.
LastRegBack: 2014-03-21 14:17
==================== End Of Log ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by SYSTEM on MININT-GSEA22P on 29-03-2014 01:06:02
Running from H:\
Microsoft Windows XP (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMCTray.dll [223008 2013-02-09] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] - D:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
HKLM\...\Run: [EEventManager] - "D:\Program Files\Epson Software\Event Manager\EEventManager.exe"
HKLM\...\Run: [NUSB3MON] - "D:\Program Files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
HKLM\...\Run: [SunJavaUpdateSched] - "D:\Program Files\Common Files\Java\Java Update\jusched.exe"
HKLM\...\Run: [Bdagent] - "D:\Program Files\Bitdefender\Bitdefender\bdagent.exe"
HKLM\...\Winlogon: [Userinit] D:\WINDOWS\system32\userinit.exe,
HKU\Administrator\...\RunOnce: [TSClientMSIUninstaller] - cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
HKU\Administrator\...\RunOnce: [TSClientAXDisabler] - cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
HKU\Peter Bowman\...\Run: [ctfmon.exe] - D:\WINDOWS\system32\ctfmon.exe
HKU\Peter Bowman\...\Run: [Bitdefender Wallet Agent] - "D:\Program Files\Bitdefender\Bitdefender\pmbxag.exe"
HKU\Peter Bowman\...\Run: [Bitdefender Wallet] - "D:\Program Files\Bitdefender\Bitdefender\pwdmanui.exe" --hidden --nowizard
HKU\Peter Bowman\...\Run: [Bitdefender Wallet Application Agent] - "D:\Program Files\Bitdefender\Bitdefender\bdapppassmgr.exe"
HKU\Peter Bowman\...\Run: [eMuleAutoStart] - D:\Program Files\eMule\emule.exe -AutoStart
AppInit_DLLs: D:\PROGRA~1\KEYCRY~1\KEYCRY~3.DLL => D:\PROGRA~1\KEYCRY~1\KEYCRY~3.DLL File Not Found
Lsa: [Notification Packages] scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli scecli
SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - D:\WINDOWS\system32\webcheck.dll No File
SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - D:\WINDOWS\system32\stobject.dll No File
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - D:\WINDOWS\system32\WPDShServiceObj.dll No File
========================== Services (Whitelisted) =================
S2 MSFtpsvc; C:\Windows\system32\inetsrv\inetinfo.exe [15360 2008-04-14] (Microsoft Corporation)
S2 AcrSch2Svc; "D:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe" [X]
S2 afcdpsrv; D:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [X]
S4 BdDesktopParental; D:\Program Files\Bitdefender\Bitdefender\bdparentalservice.exe [X]
S2 BITS; D:\WINDOWS\system32\qmgr.dll [X]
S4 C-DillaCdaC11BA; D:\WINDOWS\system32\drivers\CDAC11BA.EXE [X]
S2 cisvc; D:\WINDOWS\system32\cisvc.exe [X]
S4 clr_optimization_v2.0.50727_32; D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_32; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S3 COMSysApp; D:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} [X]
S2 EpsonCustomerParticipation; "D:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe" [X]
S2 EpsonScanSvc; D:\WINDOWS\system32\EscSvc.exe [X]
S3 EventSystem; D:\WINDOWS\system32\es.dll [X]
S2 FontCache3.0.0.0; D:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [X]
S4 gupdate; "D:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]
S4 gupdatem; "D:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]
S4 idsvc; "D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]
S2 IDVaultSvc; "D:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe" [X]
S2 IISADMIN; D:\WINDOWS\system32\inetsrv\inetinfo.exe [X]
S3 ImapiService; D:\WINDOWS\system32\imapi.exe [X]
S4 JavaQuickStarterService; "D:\Program Files\Java\jre7\bin\jqs.exe" -service -config "D:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S3 mnmsrvc; D:\WINDOWS\system32\mnmsrvc.exe [X]
S3 MozillaMaintenance; "D:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S3 MSDTC; D:\WINDOWS\system32\msdtc.exe [X]
S2 Nero BackItUp Scheduler 4.0; D:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [X]
S2 Net Driver HPZ12; D:\WINDOWS\system32\HPZinw12.dll [X]
S4 NetTcpPortSharing; "D:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe" [X]
S2 nvUpdatusService; "D:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe" [X]
S2 Pml Driver HPZ12; D:\WINDOWS\system32\HPZipm12.dll [X]
S4 PnkBstrA; D:\WINDOWS\system32\PnkBstrA.exe [X]
S4 PnkBstrB; D:\WINDOWS\system32\PnkBstrB.exe [X]
S3 RDSessMgr; D:\WINDOWS\system32\sessmgr.exe [X]
S2 RPCQT; D:\WINDOWS\system32\Rpcqt.dll [X]
S4 SandraAgentSrv; D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\RpcAgentSrv.exe [X]
S2 SeaPort; "D:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe" [X]
S2 SHDSERV; No ImagePath
S2 ShieldClientService; D:\Program Files\Shield\shieldclnt.exe [X]
S2 Skype C2C Service; "D:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [X]
S2 SkypeUpdate; "D:\Program Files\Skype\Updater\Updater.exe" [X]
S2 srservice; D:\WINDOWS\system32\srsvc.dll [X]
S3 SwPrv; D:\WINDOWS\system32\dllhost.exe /Processid:{DA897ECD-9F3F-4EA2-AD59-888A5C804023} [X]
S4 TlntSvr; D:\WINDOWS\system32\tlntsvr.exe [X]
S2 UMVPFSrv; D:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [X]
S2 UPDATESRV; "D:\Program Files\Bitdefender\Bitdefender\updatesrv.exe" /service [X]
S2 VSSERV; "D:\Program Files\Bitdefender\Bitdefender\vsserv.exe" /service [X]
S2 W32Time; D:\WINDOWS\system32\w32time.dll [X]
S3 WmdmPmSN; D:\WINDOWS\system32\MsPMSNSv.dll [X]
S3 WmiApSrv; D:\WINDOWS\system32\wbem\wmiapsrv.exe [X]
S3 WMPNetworkSvc; "D:\Program Files\Windows Media Player\WMPNetwk.exe" [X]
S3 WPFFontCache_v0400; D:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]
S2 wuauserv; D:\WINDOWS\system32\wuauserv.dll [X]
==================== Drivers (Whitelisted) ====================
S3 Ambfilt; C:\Windows\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative)
S0 amdide; C:\Windows\System32\DRIVERS\amdide.sys [9096 2007-10-11] (Advanced Micro Devices)
S1 AmdPPM; C:\Windows\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [778032 2013-12-02] (BitDefender)
S3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [516936 2013-12-02] (BitDefender)
S1 BANTExt; C:\Windows\System32\Drivers\BANTExt.sys [3840 2003-03-06] ()
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [16384 2004-07-09] (Microsoft Corporation)
S3 CXFALCON; C:\Windows\System32\drivers\cxfalcon.sys [80384 2006-02-09] (Conexant Systems, Inc.)
S3 dtscsi; C:\Windows\System32\Drivers\dtscsi.sys [223128 2011-01-20] (DT Soft Ltd.)
S3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [4608 2002-09-25] (Elaborate Bytes)
S2 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [13896 2002-11-01] (Elaborate Bytes AG)
S3 es1371; C:\Windows\System32\drivers\es1371mp.sys [40704 2001-08-17] (Creative Technology Ltd.)
S3 gameenum; C:\Windows\System32\DRIVERS\gameenum.sys [10624 2008-04-14] (Microsoft Corporation)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-08-23] (BitDefender LLC)
S3 hcwPP2; C:\Windows\System32\DRIVERS\hcwPP2.sys [185728 2007-02-06] (Hauppauge Computer Works, Inc.)
S3 HPZid412; C:\Windows\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\Windows\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\Windows\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
S3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt32.sys [24760 2013-02-13] (Zemana Ltd.)
S3 ltmodem5; C:\Windows\System32\DRIVERS\ltmdmnt.sys [606684 2004-08-03] (LT)
S3 Monfilt; C:\Windows\System32\drivers\Monfilt.sys [1389056 2006-01-03] (Creative Technology Ltd.)
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10112 2004-07-09] (Microsoft Corporation)
S3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [128440 2012-12-18] (NVIDIA Corporation)
S1 PQNTDrv; C:\Windows\System32\Drivers\PQNTDrv.sys [4228 2002-09-16] (PowerQuest Corporation)
S3 sbpci; C:\Windows\System32\drivers\sbpci.sys [668160 2002-10-22] (Creative Technology Ltd.)
S0 Shdbus; C:\Windows\System32\Drivers\Shdbus.sys [7448 2010-03-04] ()
S0 Shield; C:\Windows\System32\Drivers\Shield.sys [104984 2010-03-04] ()
S0 Shieldf; C:\Windows\System32\Drivers\Shieldf.sys [26264 2010-03-04] ()
S0 Shieldm; C:\Windows\System32\Drivers\Shieldm.sys [32408 2010-03-04] ()
S0 Si3132r5; C:\Windows\System32\DRIVERS\Si3132r5.sys [217128 2008-10-09] (Silicon Image, Inc)
S0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [17064 2008-10-09] (Silicon Image, Inc.)
S0 SiRemFil; C:\Windows\System32\DRIVERS\SiRemFil.sys [12200 2008-10-09] (Silicon Image, Inc.)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [643072 2011-01-20] (Duplex Secure Ltd.)
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [26624 2014-03-16] (The OpenVPN Project)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [360376 2013-08-07] (BitDefender S.R.L.)
S0 viamraid; C:\Windows\System32\DRIVERS\viamraid.sys [117248 2008-07-09] (VIA Technologies inc,.ltd)
S1 AntiLog32; \??\D:\WINDOWS\system32\drivers\AntiLog32.sys [X]
S3 AsrCDDrv; \??\D:\WINDOWS\system32\Drivers\AsrCDDrv.sys [X]
S3 Bdfndisf; \??\D:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf.sys [X]
S1 bdftdif; \??\D:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdftdif.sys [X]
S3 BDSandBox; \??\D:\WINDOWS\system32\drivers\bdsandbox.sys [X]
S1 bdselfpr; \??\D:\Program Files\Bitdefender\Bitdefender\bdselfpr.sys [X]
S2 CdaC15BA; \??\D:\WINDOWS\system32\drivers\CDAC15BA.SYS [X]
S4 IntelIde; No ImagePath
S2 PfModNT; \??\D:\WINDOWS\system32\PfModNT.sys [X]
S3 SANDRA; \??\D:\Program Files\SiSoftware\SiSoftware Sandra Lite 2011\WNt500x86\Sandra.sys [X]
S5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
S2 V2iMount;
S1 WS2IFSL;
==================== NetSvcs (Whitelisted) ===================
NETSVC: RPCQT -> C:\WINDOWS\system32\Rpcqt.dll (Lavasoft )
==================== One Month Created Files and Folders ========
2014-03-29 01:05 - 2014-03-29 01:06 - 00000000 ____D () C:\FRST
2014-03-19 19:18 - 2014-03-19 19:18 - 00000092 _____ () C:\Documents and Settings\Peter Bowman\Desktop\apt shopping list.txt
2014-03-19 12:55 - 2014-03-19 12:55 - 00000000 _____ () C:\Documents and Settings\Peter Bowman\Desktop\New Text Document.txt
2014-03-17 04:21 - 2014-03-17 04:22 - 00012702 _____ () C:\Windows\KB2925418-IE8.log
2014-03-17 04:18 - 2014-03-17 04:18 - 00000000 __HDC () C:\Windows\$NtUninstallKB2930275$
2014-03-17 04:18 - 2014-03-17 04:18 - 00000000 __HDC () C:\Windows\$NtUninstallKB2929961$
2014-03-16 19:53 - 2014-03-16 19:54 - 00101616 _____ () C:\Windows\KB940157Uninst.log
2014-03-14 16:17 - 2014-03-14 16:29 - 00000242 _____ () C:\Documents and Settings\Peter Bowman\Desktop\Yahoo TV.URL
2014-03-14 15:28 - 2014-03-18 02:58 - 00000394 _____ () C:\Windows\System32\checkdnsid.xml
2014-03-14 15:23 - 2014-03-14 15:23 - 00072704 _____ (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
2014-03-14 15:19 - 2014-03-14 15:19 - 00000007 _____ () C:\Documents and Settings\Peter Bowman\My Documents\bd activation key.txt
2014-03-14 15:19 - 2014-03-14 15:19 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\QuickScan
2014-03-14 15:18 - 2014-03-14 15:18 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-03-14 15:18 - 2013-12-02 10:57 - 00516936 _____ (BitDefender) C:\Windows\System32\Drivers\avckf.sys
2014-03-14 15:18 - 2013-12-02 10:55 - 00778032 _____ (BitDefender) C:\Windows\System32\Drivers\avc3.sys
2014-03-14 15:18 - 2013-11-04 14:47 - 00074512 _____ (BitDefender SRL) C:\Windows\System32\bdsandboxuiskin.dll
2014-03-14 15:18 - 2013-11-04 14:47 - 00066832 _____ (BitDefender SRL) C:\Windows\System32\Drivers\bdsandbox.sys
2014-03-14 15:18 - 2013-11-04 14:46 - 00027168 _____ (BitDefender SRL) C:\Windows\System32\bdsandboxuh.dll
2014-03-14 15:18 - 2013-02-22 17:46 - 00116560 _____ (BitDefender LLC) C:\Windows\System32\Drivers\bdfndisf.sys
2014-03-14 15:18 - 2012-11-02 12:17 - 00242504 _____ (BitDefender) C:\Windows\System32\Drivers\avchv.sys
2014-03-14 15:18 - 2007-04-11 09:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2014-03-14 15:17 - 2014-03-14 15:17 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\Application Data\Bitdefender
2014-03-14 15:14 - 2014-03-14 15:14 - 00000000 ____D () C:\Program Files\Bitdefender
2014-03-14 15:14 - 2013-08-23 11:48 - 00165744 _____ (BitDefender LLC) C:\Windows\System32\Drivers\gzflt.sys
2014-03-14 15:14 - 2013-08-07 11:46 - 00360376 _____ (BitDefender S.R.L.) C:\Windows\System32\Drivers\trufos.sys
2014-03-14 15:12 - 2014-03-14 15:12 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\My Documents\bitdefender 2014
2014-03-12 17:12 - 2014-03-20 19:55 - 00000000 ____D () C:\Program Files\pia_manager
2014-03-12 17:12 - 2014-03-16 22:01 - 00026624 _____ (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\Application Data\Titanium
2014-03-12 17:11 - 2014-03-17 04:18 - 00009964 _____ () C:\Windows\KB2930275.log
2014-03-12 17:11 - 2014-03-17 04:18 - 00008585 _____ () C:\Windows\KB2929961.log
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\Windows\$NtUninstallKB963093$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\Windows\$NtUninstallKB2916036$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\My Documents\vpn
2014-03-12 17:10 - 2014-03-12 17:11 - 00010141 _____ () C:\Windows\KB963093.log
==================== One Month Modified Files and Folders =======
2014-03-29 01:06 - 2014-03-29 01:05 - 00000000 ____D () C:\FRST
2014-03-27 21:44 - 2012-11-12 22:52 - 00000000 ___RD () C:\Documents and Settings\Peter Bowman\Desktop\GAMES
2014-03-21 04:54 - 2011-01-14 23:57 - 01975361 ____C () C:\Windows\WindowsUpdate.log
2014-03-21 04:21 - 2011-01-16 21:40 - 00000000 ____D () C:\Program Files\eMule
2014-03-20 21:24 - 2013-08-16 13:13 - 00006202 ____C () C:\Windows\System32\nvAppTimestamps
2014-03-20 21:18 - 2011-01-14 15:48 - 00585372 ____C () C:\Windows\System32\PerfStringBackup.INI
2014-03-20 21:16 - 2011-01-14 15:40 - 00000000 ____D () C:\Windows\System32\inetsrv
2014-03-20 21:14 - 2011-01-14 15:50 - 00000159 ____C () C:\Windows\wiadebug.log
2014-03-20 21:14 - 2011-01-14 15:50 - 00000049 ____C () C:\Windows\wiaservc.log
2014-03-20 21:13 - 2006-02-28 04:00 - 00005240 ____C () C:\Windows\System32\wpa.dbl
2014-03-20 20:34 - 2011-09-24 18:34 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\My Documents\Optional Tools
2014-03-20 20:31 - 2011-01-27 01:04 - 00083456 ____C () C:\Documents and Settings\Peter Bowman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-20 19:55 - 2014-03-12 17:12 - 00000000 ____D () C:\Program Files\pia_manager
2014-03-20 19:55 - 2013-11-02 20:37 - 00225688 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-03-20 19:55 - 2011-01-15 00:33 - 00000178 __SHC () C:\Documents and Settings\Peter Bowman\ntuser.ini
2014-03-20 19:55 - 2011-01-15 00:28 - 00032594 _____ () C:\Windows\SchedLgU.Txt
2014-03-19 19:18 - 2014-03-19 19:18 - 00000092 _____ () C:\Documents and Settings\Peter Bowman\Desktop\apt shopping list.txt
2014-03-19 12:55 - 2014-03-19 12:55 - 00000000 _____ () C:\Documents and Settings\Peter Bowman\Desktop\New Text Document.txt
2014-03-18 20:05 - 2011-01-16 20:36 - 00000000 ____D () C:\Program Files\Adobe
2014-03-18 02:58 - 2014-03-14 15:28 - 00000394 _____ () C:\Windows\System32\checkdnsid.xml
2014-03-17 22:50 - 2011-01-16 05:42 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-03-17 21:56 - 2006-02-28 04:00 - 00000662 ____C () C:\Windows\win.ini
2014-03-17 21:56 - 2006-02-28 04:00 - 00000227 ____C () C:\Windows\system.ini
2014-03-17 17:12 - 2011-01-16 23:01 - 00000000 ____D () C:\Windows\pss
2014-03-17 11:57 - 2011-01-14 15:47 - 00121336 ____C () C:\Windows\System32\FNTCACHE.DAT
2014-03-17 04:22 - 2014-03-17 04:21 - 00012702 _____ () C:\Windows\KB2925418-IE8.log
2014-03-17 04:22 - 2013-05-25 17:33 - 00000000 ____D () C:\Windows\ie8updates
2014-03-17 04:22 - 2011-06-20 16:25 - 01570261 ____C () C:\Windows\iis6.log
2014-03-17 04:22 - 2011-06-20 16:25 - 01104278 ____C () C:\Windows\FaxSetup.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00579622 ____C () C:\Windows\ocgen.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00523681 ____C () C:\Windows\tsoc.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00370109 ____C () C:\Windows\comsetup.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00359638 ____C () C:\Windows\msmqinst.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00232606 ____C () C:\Windows\updspapi.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00229774 ____C () C:\Windows\ntdtcsetup.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00196382 ____C () C:\Windows\netfxocm.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00078973 ____C () C:\Windows\MedCtrOC.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00062810 ____C () C:\Windows\ocmsn.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00056756 ____C () C:\Windows\msgsocm.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00054425 ____C () C:\Windows\tabletoc.log
2014-03-17 04:22 - 2011-06-20 16:25 - 00001374 _____ () C:\Windows\imsins.log
2014-03-17 04:18 - 2014-03-17 04:18 - 00000000 __HDC () C:\Windows\$NtUninstallKB2930275$
2014-03-17 04:18 - 2014-03-17 04:18 - 00000000 __HDC () C:\Windows\$NtUninstallKB2929961$
2014-03-17 04:18 - 2014-03-12 17:11 - 00009964 _____ () C:\Windows\KB2930275.log
2014-03-17 04:18 - 2014-03-12 17:11 - 00008585 _____ () C:\Windows\KB2929961.log
2014-03-17 04:18 - 2011-06-20 16:25 - 00001374 _____ () C:\Windows\imsins.BAK
2014-03-16 22:16 - 2014-02-07 12:53 - 00088901 _____ () C:\Windows\setupapi.log
2014-03-16 22:15 - 2014-02-05 19:04 - 00001163 _____ () C:\Windows\setupact.log
2014-03-16 22:01 - 2014-03-12 17:12 - 00026624 _____ (The OpenVPN Project) C:\Windows\System32\Drivers\tap0901.sys
2014-03-16 22:01 - 2013-03-19 11:39 - 00000000 ____D () C:\Program Files\Constant Guard Protection Suite
2014-03-16 21:36 - 2013-04-08 22:46 - 01079188 ____C () C:\Windows\System32\nvdrsdb0.bin
2014-03-16 21:36 - 2013-04-08 22:46 - 00000001 ____C () C:\Windows\System32\nvdrssel.bin
2014-03-16 21:35 - 2013-04-08 22:46 - 01079188 ____C () C:\Windows\System32\nvdrsdb1.bin
2014-03-16 20:12 - 2011-02-13 21:18 - 00000021 ____C () C:\Windows\System32\nvModes.dat
2014-03-16 19:55 - 2014-02-05 15:52 - 00000000 ____D () C:\Program Files\Windows Desktop Search
2014-03-16 19:55 - 2011-01-16 23:40 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-16 19:54 - 2014-03-16 19:53 - 00101616 _____ () C:\Windows\KB940157Uninst.log
2014-03-14 17:03 - 2011-01-16 21:29 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\Application Data\uTorrent
2014-03-14 16:29 - 2014-03-14 16:17 - 00000242 _____ () C:\Documents and Settings\Peter Bowman\Desktop\Yahoo TV.URL
2014-03-14 15:23 - 2014-03-14 15:23 - 00072704 _____ (BitDefender) C:\Windows\System32\Drivers\bdvedisk.sys
2014-03-14 15:19 - 2014-03-14 15:19 - 00000007 _____ () C:\Documents and Settings\Peter Bowman\My Documents\bd activation key.txt
2014-03-14 15:19 - 2014-03-14 15:19 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\QuickScan
2014-03-14 15:18 - 2014-03-14 15:18 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_avchv_01009.Wdf
2014-03-14 15:17 - 2014-03-14 15:17 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\Application Data\Bitdefender
2014-03-14 15:14 - 2014-03-14 15:14 - 00000000 ____D () C:\Program Files\Bitdefender
2014-03-14 15:14 - 2011-01-16 06:07 - 00000000 ____D () C:\Program Files\Common Files\BitDefender
2014-03-14 15:12 - 2014-03-14 15:12 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\My Documents\bitdefender 2014
2014-03-14 15:12 - 2014-02-04 23:24 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\My Documents\bizarre books
2014-03-12 17:13 - 2012-03-19 17:05 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\Application Data\Apple Computer
2014-03-12 17:13 - 2012-03-16 22:37 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\Local Settings\Application Data\Apple Computer
2014-03-12 17:12 - 2014-03-12 17:12 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\Application Data\Titanium
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\Windows\$NtUninstallKB963093$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 __HDC () C:\Windows\$NtUninstallKB2916036$
2014-03-12 17:11 - 2014-03-12 17:11 - 00000000 ____D () C:\Documents and Settings\Peter Bowman\My Documents\vpn
2014-03-12 17:11 - 2014-03-12 17:10 - 00010141 _____ () C:\Windows\KB963093.log
2014-03-12 17:11 - 2014-02-12 16:07 - 00010046 _____ () C:\Windows\KB2916036.log
2014-03-12 17:11 - 2013-05-25 17:37 - 00007803 ____C () C:\Windows\System32\lvcoinst.log
Files to move or delete:
====================
C:\Documents and Settings\Peter Bowman\abr_cleanup.exe
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points (XP) =====================
==================== Memory info ===========================
Percentage of memory in use: 12%
Total physical RAM: 4095.24 MB
Available physical RAM: 3602.57 MB
Total Pagefile: 4093.52 MB
Available Pagefile: 3614.12 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.48 MB
==================== Drives ================================
Drive c: (WinXP) (Fixed) (Total:100 GB) (Free:66.34 GB) NTFS
Drive e: (Downloads) (Fixed) (Total:198.09 GB) (Free:64.6 GB) NTFS
Drive g: (GRMCHPFRER_EN_DVD) (CDROM) (Total:2.33 GB) (Free:0 GB) UDF
Drive h: (USB20FD16gb) (Removable) (Total:14.76 GB) (Free:12.7 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (WIN7) (Fixed) (Total:232.88 GB) (Free:161.17 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 4AA5C423)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 298 GB) (Disk ID: D49BF80A)
Partition: GPT Partition Type.
========================================================
Disk: 2 (Size: 15 GB) (Disk ID: AE410B24)
Partition: GPT Partition Type.
==================== End Of Log ============================
What now?