Thank you for your reply, it's much appreciated. My apologies for the delay.
The sysanti.exe keeps regenerating in all its locations in safe mode and I didn't find any of the other files and services you mentioned.
C:\Program Files\Common Files\SysAnti.exe in particular says that it can't be deleted because another program is using it,
which is someting I knew how to work around once upon a time, but not any more.
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by Administrator (administrator) on ZPLANE on 27-01-2015 19:39:40
Running from C:\Documents and Settings\z-plane\Desktop
Loaded Profiles: z-plane & Administrator (Available profiles: z-plane & Administrator)
Platform: Microsoft Windows XP Professional Service Pack 2 (X86) OS Language: English (United States)
Internet Explorer Version 6 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Matrox PowerDesk 8] => C:\Program Files\Matrox Graphics Inc\PowerDesk HF\matrox.powerdesk.exe [278898 2005-08-10] (Matrox Graphics Inc.)
HKLM\...\Run: [HDSPTray1] => C:\WINDOWS\system32\hdsp32.exe [824759 2013-04-08] (RME)
HKLM\...\Run: [HDSPTray2] => C:\WINDOWS\system32\hdspmix.exe [1335636 2013-04-08] (RME)
HKLM\...\Run: [StartAlphaTrackApplet] => C:\WINDOWS\system32\AlphaTrackApplet.exe [590208 2007-09-25] (Frontier Design Group, LLC)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\WINDOWS\system32\NeroCheck.exe [155648 2006-01-12] (Nero AG)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS\system32\userinit.exe,,C:\Program Files\lvqssqln\tcifdtre.exe
HKLM\...\Policies\Explorer\Run: [SysAnti] => C:\Program Files\Common Files\SysAnti.exe [52121 2015-01-27] ( ())
HKU\S-1-5-21-1801674531-796845957-839522115-1003\...\MountPoints2: C - C:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-1003\...\MountPoints2: D - D:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-1003\...\MountPoints2: E - E:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-1003\...\MountPoints2: F - F:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-1003\...\MountPoints2: G - G:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-1003\...\MountPoints2: H - H:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-1003\...\MountPoints2: {2106317c-9a82-11e4-8689-000423c3e0ad} - J:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-1003\...\MountPoints2: {414391e7-d3ab-11e3-8653-000423c3e0ad} - K:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-1003\...\MountPoints2: {41e28fe2-b077-11e2-98ad-806d6172696f} - C:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-1003\...\MountPoints2: {41e28fe3-b077-11e2-98ad-806d6172696f} - F:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-1003\...\MountPoints2: {41e28fe4-b077-11e2-98ad-806d6172696f} - D:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-1003\...\MountPoints2: {41e28fe5-b077-11e2-98ad-806d6172696f} - G:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-1003\...\MountPoints2: {41e28fe6-b077-11e2-98ad-806d6172696f} - E:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-1003\...\MountPoints2: {41e28fe7-b077-11e2-98ad-806d6172696f} - H:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-500\...\MountPoints2: C - C:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-500\...\MountPoints2: D - D:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-500\...\MountPoints2: E - E:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-500\...\MountPoints2: F - F:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-500\...\MountPoints2: G - G:\SysAnti.exe
HKU\S-1-5-21-1801674531-796845957-839522115-500\...\MountPoints2: H - H:\SysAnti.exe
IFEO\360hotfix.exe: [Debugger] ntsd -d
IFEO\360rpt.exe: [Debugger] ntsd -d
IFEO\360Safe.exe: [Debugger] ntsd -d
IFEO\360safebox.exe: [Debugger] ntsd -d
IFEO\360tray.exe: [Debugger] ntsd -d
IFEO\adam.exe: [Debugger] ntsd -d
IFEO\AgentSvr.exe: [Debugger] ntsd -d
IFEO\AntiArp.exe: [Debugger] ntsd -d
IFEO\AppSvc32.exe: [Debugger] ntsd -d
IFEO\arvmon.exe: [Debugger] ntsd -d
IFEO\AutoGuarder.exe: [Debugger] ntsd -d
IFEO\autoruns.exe: [Debugger] ntsd -d
IFEO\avgrssvc.exe: [Debugger] ntsd -d
IFEO\AvMonitor.exe: [Debugger] ntsd -d
IFEO\avp.com: [Debugger] ntsd -d
IFEO\avp.exe: [Debugger] ntsd -d
IFEO\CCenter.exe: [Debugger] ntsd -d
IFEO\ccSvcHst.exe: [Debugger] ntsd -d
IFEO\FileDsty.exe: [Debugger] ntsd -d
IFEO\findt2005.exe: [Debugger] ntsd -d
IFEO\FTCleanerShell.exe: [Debugger] ntsd -d
IFEO\HijackThis.exe: [Debugger] ntsd -d
IFEO\IceSword.exe: [Debugger] ntsd -d
IFEO\iparmo.exe: [Debugger] ntsd -d
IFEO\Iparmor.exe: [Debugger] ntsd -d
IFEO\IsHelp.exe: [Debugger] ntsd -d
IFEO\isPwdSvc.exe: [Debugger] ntsd -d
IFEO\kabaload.exe: [Debugger] ntsd -d
IFEO\KaScrScn.SCR: [Debugger] ntsd -d
IFEO\KASMain.exe: [Debugger] ntsd -d
IFEO\KASTask.exe: [Debugger] ntsd -d
IFEO\KAV32.exe: [Debugger] ntsd -d
IFEO\KAVDX.exe: [Debugger] ntsd -d
IFEO\KAVPFW.exe: [Debugger] ntsd -d
IFEO\KAVSetup.exe: [Debugger] ntsd -d
IFEO\KAVStart.exe: [Debugger] ntsd -d
IFEO\killhidepid.exe: [Debugger] ntsd -d
IFEO\KISLnchr.exe: [Debugger] ntsd -d
IFEO\KMailMon.exe: [Debugger] ntsd -d
IFEO\KMFilter.exe: [Debugger] ntsd -d
IFEO\KPFW32.exe: [Debugger] ntsd -d
IFEO\KPFW32X.exe: [Debugger] ntsd -d
IFEO\KPFWSvc.exe: [Debugger] ntsd -d
IFEO\KRepair.COM: [Debugger] ntsd -d
IFEO\KsLoader.exe: [Debugger] ntsd -d
IFEO\KVCenter.kxp: [Debugger] ntsd -d
IFEO\KvDetect.exe: [Debugger] ntsd -d
IFEO\kvfw.exe: [Debugger] ntsd -d
IFEO\KvfwMcl.exe: [Debugger] ntsd -d
IFEO\KVMonXP.kxp: [Debugger] ntsd -d
IFEO\KVMonXP_1.kxp: [Debugger] ntsd -d
IFEO\kvol.exe: [Debugger] ntsd -d
IFEO\kvolself.exe: [Debugger] ntsd -d
IFEO\KvReport.kxp: [Debugger] ntsd -d
IFEO\KVScan.kxp: [Debugger] ntsd -d
IFEO\KVSrvXP.exe: [Debugger] ntsd -d
IFEO\KVStub.kxp: [Debugger] ntsd -d
IFEO\kvupload.exe: [Debugger] ntsd -d
IFEO\kvwsc.exe: [Debugger] ntsd -d
IFEO\KvXP.kxp: [Debugger] ntsd -d
IFEO\KvXP_1.kxp: [Debugger] ntsd -d
IFEO\KWatch.exe: [Debugger] ntsd -d
IFEO\KWatch9x.exe: [Debugger] ntsd -d
IFEO\KWatchX.exe: [Debugger] ntsd -d
IFEO\LiveUpdate360.exe: [Debugger] ntsd -d
IFEO\loaddll.exe: [Debugger] ntsd -d
IFEO\MagicSet.exe: [Debugger] ntsd -d
IFEO\mcconsol.exe: [Debugger] ntsd -d
IFEO\mmqczj.exe: [Debugger] ntsd -d
IFEO\mmsk.exe: [Debugger] ntsd -d
IFEO\NAVSetup.exe: [Debugger] ntsd -d
IFEO\nod32krn.exe: [Debugger] ntsd -d
IFEO\nod32kui.exe: [Debugger] ntsd -d
IFEO\PFW.exe: [Debugger] ntsd -d
IFEO\PFWLiveUpdate.exe: [Debugger] ntsd -d
IFEO\QHSET.exe: [Debugger] ntsd -d
IFEO\Ras.exe: [Debugger] ntsd -d
IFEO\Rav.exe: [Debugger] ntsd -d
IFEO\RavCopy.exe: [Debugger] ntsd -d
IFEO\RavMon.exe: [Debugger] ntsd -d
IFEO\RavMonD.exe: [Debugger] ntsd -d
IFEO\RavStore.exe: [Debugger] ntsd -d
IFEO\RavStub.exe: [Debugger] ntsd -d
IFEO\ravt08.exe: [Debugger] ntsd -d
IFEO\RavTask.exe: [Debugger] ntsd -d
IFEO\RegClean.exe: [Debugger] ntsd -d
IFEO\RegEx.exe: [Debugger] ntsd -d
IFEO\rfwcfg.exe: [Debugger] ntsd -d
IFEO\RfwMain.exe: [Debugger] ntsd -d
IFEO\rfwolusr.exe: [Debugger] ntsd -d
IFEO\rfwProxy.exe: [Debugger] ntsd -d
IFEO\rfwsrv.exe: [Debugger] ntsd -d
IFEO\RsAgent.exe: [Debugger] ntsd -d
IFEO\Rsaupd.exe: [Debugger] ntsd -d
IFEO\RsMain.exe: [Debugger] ntsd -d
IFEO\rsnetsvr.exe: [Debugger] ntsd -d
IFEO\RSTray.exe: [Debugger] ntsd -d
IFEO\runiep.exe: [Debugger] ntsd -d
IFEO\safebank.exe: [Debugger] ntsd -d
IFEO\safeboxTray.exe: [Debugger] ntsd -d
IFEO\safelive.exe: [Debugger] ntsd -d
IFEO\scan32.exe: [Debugger] ntsd -d
IFEO\ScanFrm.exe: [Debugger] ntsd -d
IFEO\shcfg32.exe: [Debugger] ntsd -d
IFEO\smartassistant.exe: [Debugger] ntsd -d
IFEO\SmartUp.exe: [Debugger] ntsd -d
IFEO\SREng.exe: [Debugger] ntsd -d
IFEO\SREngPS.exe: [Debugger] ntsd -d
IFEO\symlcsvc.exe: [Debugger] ntsd -d
IFEO\syscheck.exe: [Debugger] ntsd -d
IFEO\Syscheck2.exe: [Debugger] ntsd -d
IFEO\SysSafe.exe: [Debugger] ntsd -d
IFEO\ToolsUp.exe: [Debugger] ntsd -d
IFEO\TrojanDetector.exe: [Debugger] ntsd -d
IFEO\Trojanwall.exe: [Debugger] ntsd -d
IFEO\TrojDie.kxp: [Debugger] ntsd -d
IFEO\UIHost.exe: [Debugger] ntsd -d
IFEO\UmxAgent.exe: [Debugger] ntsd -d
IFEO\UmxAttachment.exe: [Debugger] ntsd -d
IFEO\UmxCfg.exe: [Debugger] ntsd -d
IFEO\UmxFwHlp.exe: [Debugger] ntsd -d
IFEO\UmxPol.exe: [Debugger] ntsd -d
IFEO\UpLive.exe: [Debugger] ntsd -d
IFEO\WoptiClean.exe: [Debugger] ntsd -d
IFEO\zxsweep.exe: [Debugger] ntsd -d
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Lynx Tray Volume.lnk
ShortcutTarget: Lynx Tray Volume.lnk -> C:\Program Files\Lynx Studio Technology\LynxTrayVolume.exe (Lynx Studio Technology, Inc.)
Startup: C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\Lynx Tray Volume.lnk
ShortcutTarget: Lynx Tray Volume.lnk -> C:\Program Files\Lynx Studio Technology\LynxTrayVolume.exe (Lynx Studio Technology, Inc.)
Startup: C:\Documents and Settings\Default User\Start Menu\Programs\Startup\tcifdtre.exe ()
Startup: C:\Documents and Settings\z plane\Start Menu\Programs\Startup\tcifdtre.exe ()
Startup: C:\Documents and Settings\zplane\Start Menu\Programs\Startup\tcifdtre.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...er=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKU\S-1-5-21-1801674531-796845957-839522115-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...er=6&ar=msnhome
HKU\S-1-5-21-1801674531-796845957-839522115-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
URLSearchHook: HKU\S-1-5-21-1801674531-796845957-839522115-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
URLSearchHook: [S-1-5-21-1801674531-796845957-839522115-500] ATTENTION ==> Default URLSearchHook is missing.
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION
SearchScopes: HKLM -> DefaultScope value is missing.
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=10.9.2 -> C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2014-10-28]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [161768 2013-05-09] (Oracle Corporation)
R2 PaceLicenseDServices; C:\Program Files\Common Files\PACE\Services\LicenseServices\LDSvc.exe [17191840 2014-01-16] (PACE Anti-Piracy, Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AlphaTrack; C:\WINDOWS\System32\Drivers\AlphaTrack.sys [104064 2009-10-23] (Frontier Design Group, LLC) [File not signed]
S3 AlphaTrackWdmService; C:\WINDOWS\System32\Drivers\AlphaTrackWdm.sys [34816 2006-12-18] (Frontier Design Group, LLC) [File not signed]
S3 CisUtMonitor; C:\WINDOWS\System32\DRIVERS\CisUtMonitor.sys [27600 2011-10-30] (CrystalIdea Software)
R3 E1000; C:\WINDOWS\System32\DRIVERS\e1000325.sys [125952 2003-08-14] (Intel Corporation)
S3 egg; C:\Documents and Settings\z-plane\Local Settings\Temp~egg.tmp [8256 2015-01-27] () [File not signed]
R3 gameenum; C:\WINDOWS\System32\DRIVERS\gameenum.sys [10624 2004-08-03] (Microsoft Corporation)
R3 hdsp; C:\WINDOWS\System32\drivers\hdsp.sys [70144 2013-04-08] (RME) [File not signed]
R3 hypaudio; C:\WINDOWS\System32\DRIVERS\hypaudio.sys [1351168 2011-10-25] (Universal Audio, Inc.) [File not signed]
R3 hypkern; C:\WINDOWS\System32\drivers\hypkern.sys [164864 2011-10-25] () [File not signed]
S3 iam; C:\Documents and Settings\z-plane\Local Settings\Temp~iam.tmp [8256 2015-01-27] () [File not signed]
R3 iLokDrvr; C:\WINDOWS\System32\DRIVERS\iLokDrvr.sys [22736 2014-05-21] ()
R3 LynxWDM; C:\WINDOWS\System32\DRIVERS\LynxWDM.sys [230632 1617-11-22] (Lynx Studio Technology, Inc.)
R3 MTXPARH; C:\WINDOWS\System32\DRIVERS\MTXPARHM.sys [516480 2005-08-10] (Matrox Graphics Inc.) [File not signed]
R3 PowerCore; C:\WINDOWS\System32\DRIVERS\pcore.sys [308856 2011-10-15] ()
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
S3 Secdrv; C:\WINDOWS\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
R3 synasusb; C:\WINDOWS\System32\Drivers\synasusb.sys [23696 2011-12-14] (Steinberg Media Technologies GmbH)
S3 tbl; C:\Documents and Settings\Administrator\Local Settings\Temp~tbl.tmp [8256 2015-01-25] () [File not signed]
R0 TPkd; C:\WINDOWS\system32\Drivers\TPkd.sys [94416 2013-04-11] (PACE Anti-Piracy, Inc.)
S3 bgr; \??\C:\DOCUME~1\z-plane\LOCALS~1\Temp~bgr.tmp [X]
S3 DrvKiller; \??\C:\WINDOWS\Fonts\eojq.fon [X]
S3 iog; \??\C:\DOCUME~1\z-plane\LOCALS~1\Temp~iog.tmp [X]
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-27 19:39 - 2015-01-27 19:39 - 00015849 _____ () C:\Documents and Settings\z-plane\Desktop\FRST.txt
2015-01-27 19:38 - 2015-01-27 19:39 - 00000000 ____D () C:\FRST
2015-01-27 19:38 - 2015-01-26 20:08 - 01120768 _____ (Farbar) C:\Documents and Settings\z-plane\Desktop\FRST.exe
2015-01-27 19:22 - 2015-01-27 19:22 - 00008256 _____ () C:\Documents and Settings\z-plane\Local Settings\Temp~egg.tmp
2015-01-27 19:12 - 2015-01-27 19:12 - 00008256 _____ () C:\Documents and Settings\z-plane\Local Settings\Temp~iam.tmp
2015-01-25 18:47 - 2015-01-25 18:47 - 00008256 _____ () C:\Documents and Settings\Administrator\Local Settings\Temp~tbl.tmp
2015-01-25 18:45 - 2015-01-27 19:39 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-01-25 18:45 - 2015-01-25 18:48 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-01-25 18:45 - 2015-01-25 18:45 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-01-25 18:45 - 2013-04-29 02:11 - 00001601 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2015-01-25 18:45 - 2013-04-29 02:11 - 00000794 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2015-01-25 18:45 - 2013-04-29 02:11 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2015-01-12 17:46 - 2015-01-12 17:46 - 00019135 _____ () C:\WINDOWS\unins002.dat
2015-01-12 17:46 - 2015-01-12 17:45 - 00718497 _____ () C:\WINDOWS\unins002.exe
2015-01-12 17:41 - 2015-01-27 19:12 - 00052121 ___SH () C:\SysAnti.exe
2015-01-12 17:41 - 2015-01-27 19:12 - 00052121 ____H () C:\Program Files\Common Files\SysAnti.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-27 19:38 - 2013-05-07 18:09 - 00173419 _____ () C:\WINDOWS\Explorermgr.exe
2015-01-27 19:38 - 2013-04-29 02:18 - 00000000 ____D () C:\Documents and Settings\z-plane\Local Settings\Temp
2015-01-27 19:37 - 2013-04-29 02:10 - 00430570 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-27 19:35 - 2013-04-29 02:59 - 00601906 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-27 19:31 - 2013-05-07 13:44 - 00173419 _____ () C:\WINDOWS\system32\hdspmixmgr.exe
2015-01-27 19:31 - 2013-05-07 13:44 - 00173419 _____ () C:\WINDOWS\system32\hdsp32mgr.exe
2015-01-27 19:31 - 2013-04-29 02:15 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-27 19:30 - 2013-04-29 02:18 - 00000178 ___SH () C:\Documents and Settings\z-plane\ntuser.ini
2015-01-27 19:17 - 2013-04-29 02:15 - 00032646 _____ () C:\WINDOWS\SchedLgU.Txt
2015-01-27 19:12 - 2013-04-29 02:15 - 00000178 ___SH () C:\Documents and Settings\NetworkService.NT AUTHORITY.000\ntuser.ini
2015-01-27 19:08 - 2004-08-04 01:07 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2015-01-19 08:01 - 2006-09-23 17:31 - 00000000 ___HD () C:\Program Files\WindowsUpdate
2015-01-15 17:34 - 2013-04-29 02:18 - 00000000 ____D () C:\Documents and Settings\z-plane
2015-01-15 12:26 - 2013-04-29 02:58 - 00099048 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-01-14 20:14 - 2013-05-09 06:53 - 00065536 _____ () C:\WINDOWS\system32\config\PowerCor.evt
2015-01-14 20:03 - 2013-04-29 02:19 - 00014072 _____ () C:\Documents and Settings\z-plane\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2015-01-12 17:40 - 2013-04-29 02:58 - 00813904 _____ () C:\WINDOWS\setupapi.log
==================== Files in the root of some directories =======
2015-01-12 17:41 - 2015-01-27 19:12 - 0052121 ____H () C:\Program Files\Common Files\SysAnti.exe
Files to move or delete:
====================
C:\Documents and Settings\z plane\x.exe
Some content of TEMP:
====================
C:\Documents and Settings\z plane\Local Settings\Temp\InstallSplash.exe
C:\Documents and Settings\z plane\Local Settings\Temp\madExcept Patch.dll
C:\Documents and Settings\z plane\Local Settings\Temp\NEW121.tmp.exe
C:\Documents and Settings\z plane\Local Settings\Temp\PlaySound.dll
C:\Documents and Settings\z plane\Local Settings\Temp\PLZ.EXE
C:\Documents and Settings\z plane\Local Settings\Temp\svchost.exe
C:\Documents and Settings\z plane\Local Settings\Temp\SyncrosoftLicenseControlSetup.exe
C:\Documents and Settings\z-plane\Local Settings\Temp\madExcept Patch.dll
C:\Documents and Settings\z-plane\Local Settings\Temp\svchost.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01
Ran by Administrator at 2015-01-27 19:40:11
Running from C:\Documents and Settings\z-plane\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Bonjour (HKLM\...\{07287123-B8AC-41CE-8346-3D777245C35B}) (Version: 1.0.106 - Apple Inc.)
Intel® Integrated Performance Primitives RTI 4.0 (HKLM\...\{51C91B84-7B46-4FE7-8999-8228CFA75F89}) (Version: 4.0.23 - Intel Corporation)
Intel® PRO Network Adapters and Drivers (HKLM\...\PROSet) (Version: - )
Java 7 Update 9 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217009FF}) (Version: 7.0.90 - Oracle)
LameXP (HKLM\...\{FBD7A67D-D700-4043-B54F-DD106D00F308}) (Version: - )
Lynx Version 2 Driver (Remove Only) (HKLM\...\LynxWDM) (Version: - Lynx Studio Technology, Inc.)
Matrox Driver (HKLM\...\Matrox Parhelia Driver Uninstaller) (Version: - Matrox Graphics Inc.)
Matrox PowerDesk-HF (HKLM\...\{90ED357B-5993-42F7-AF70-2D60A7250A32}) (Version: 8.10.0100.0038 - Matrox Graphics Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 6.0 Parser (KB933579) (HKLM\...\{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}) (Version: 6.10.1200.0 - Microsoft Corporation)
Uninstall Tool (HKLM\...\Uninstall Tool_is1) (Version: 3.3 - CrystalIDEA Software, Inc.)
Visual C++ Redistributables (HKLM\...\InstallShield_{F03117FA-9270-46B0-9666-0B4BC2CDEBF5}) (Version: 1.3.0.8766 - PACE Anti-Piracy, Inc.)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Word Reader 6.24 (HKLM\...\Word Reader 6.24) (Version: - http://www.word-reader.com/)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2004-08-04 01:07 - 2015-01-27 19:31 - 00000794 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 www.360.cn
127.0.0.1 www.360safe.cn
127.0.0.1 www.360safe.com
127.0.0.1 www.chinakv.com
127.0.0.1 www.rising.com.cn
127.0.0.1 rising.com.cn
127.0.0.1 dl.jiangmin.com
127.0.0.1 jiangmin.com
127.0.0.1 www.jiangmin.com
127.0.0.1 www.duba.net
127.0.0.1 www.eset.com.cn
127.0.0.1 www.nod32.com
127.0.0.1 shadu.duba.net
127.0.0.1 union.kingsoft.com
127.0.0.1 www.kaspersky.com.cn
127.0.0.1 kaspersky.com.cn
127.0.0.1 virustotal.com
127.0.0.1 virscan.org
127.0.0.1 www.virscan.org
127.0.0.1 www.kaspersky.com
127.0.0.1 www.cnnod32.cn
127.0.0.1 www.lanniao.org
127.0.0.1 www.nod32club.com
127.0.0.1 www.dswlab.com
127.0.0.1 bbs.sucop.com
127.0.0.1 www.virustotal.com
127.0.0.1 tool.ikaka.com
127.0.0.1 360.qihoo.com
127.0.0.1 www.kafan.cn
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Program Files\Outlook Express:5DQlDKvSKQjZg7F5jsZrl
AlternateDataStreams: C:\Program Files\Outlook Express:MeXb3S6f7VSLqZKPg5Nz
AlternateDataStreams: C:\Program Files\WindowsUpdate:46UyyiEkPA0cyTAcm2S0ACnt
AlternateDataStreams: C:\Program Files\WindowsUpdate:jthzWNKkfYbvopry5aOhM8M
AlternateDataStreams: C:\Program Files\WindowsUpdate:Qt2dEkGpBjBQsBlAq5AGc4LDbNb
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:1RKz1ShK9bA3HMGF
AlternateDataStreams: C:\Program Files\Common Files\Microsoft Shared:r7OSFr3hfFJQERBrn5O6Q3AadWv
AlternateDataStreams: C:\Program Files\Common Files\System:asM3twJzSuIdne3yVofr
AlternateDataStreams: C:\Program Files\Common Files\System:P1EvKHFikTdx5GHYseeymsxTJ
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:4mVLRj85FEr1XeKhSLp
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:a0r9OUKIpZL8uyFHuztsE
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:BvZPzkbi93NFrOn7Gp3WAtGYdi
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:dB7dIasj88pHR2dcvFX
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:FkI8g4PyJ6KUIQ7CrWJkIcQI
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:GZ36kPc041TFIlIEi8OLjda
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:IbQ10949tTM7a9x6fJLtMhaRWMZ
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:Ie2E2cZYwZadBFTYmGqRs6nIt
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:kKQRX7ZDRGXhifbsE3AZYJXPL
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:lfuemx1XdhjewHT7ACEsBXSRC4XkN
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:Lkydlz7H2vKPOrYZoZGseFdco
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:midqFSdBpCe2wTTNQnnA7
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:nS7sDv4WL8hS6MqKfzFo8
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:r5oW9FzsIW6fmRAI2dypSg
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:SOsT7nG1DAncMCZYu1axnRq
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:V9bYNwNJ3qS6rC1e01tSrhE1
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:zhYrr9i5QqEkOsNXnEwoJ9AgNPd
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\PACE:BF62A1EDD6B2C259
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:4mVLRj85FEr1XeKhSLp
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:a0r9OUKIpZL8uyFHuztsE
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:BvZPzkbi93NFrOn7Gp3WAtGYdi
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:dB7dIasj88pHR2dcvFX
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:FkI8g4PyJ6KUIQ7CrWJkIcQI
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:GZ36kPc041TFIlIEi8OLjda
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:IbQ10949tTM7a9x6fJLtMhaRWMZ
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:Ie2E2cZYwZadBFTYmGqRs6nIt
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:kKQRX7ZDRGXhifbsE3AZYJXPL
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:lfuemx1XdhjewHT7ACEsBXSRC4XkN
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:Lkydlz7H2vKPOrYZoZGseFdco
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:midqFSdBpCe2wTTNQnnA7
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:nS7sDv4WL8hS6MqKfzFo8
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:r5oW9FzsIW6fmRAI2dypSg
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:SOsT7nG1DAncMCZYu1axnRq
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:V9bYNwNJ3qS6rC1e01tSrhE1
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft:zhYrr9i5QqEkOsNXnEwoJ9AgNPd
AlternateDataStreams: C:\Documents and Settings\All Users.WINDOWS\Application Data\PACE:BF62A1EDD6B2C259
AlternateDataStreams: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files:ePs2xtkJEIY3KEEeSQXvOMNBcGu
AlternateDataStreams: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files:FQC8mJK7h9KowLDP3Ez4dfNgPWYw
AlternateDataStreams: C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files:fyagEEVPcLPIHzcIdvVkZQ0MF5F0
AlternateDataStreams: C:\Documents and Settings\z plane\Cookies:0iQ6M3agGXti0UK6lxB1e5QKxblMj
AlternateDataStreams: C:\Documents and Settings\z plane\Local Settings\Application Data:EEje7zVD0de5rLOIFKtzb
AlternateDataStreams: C:\Documents and Settings\z plane\Local Settings\Application Data:Fq1EbsV2zNimqK9RUyBwtOtP6Q
AlternateDataStreams: C:\Documents and Settings\z plane\Local Settings\Application Data:wt8dLI2AWWFORvVFfs6hWhd
AlternateDataStreams: C:\Documents and Settings\z plane\Local Settings\Application Data:XNdRA7Nuxqca8WWGoqG6C
AlternateDataStreams: C:\Documents and Settings\z plane\Local Settings\Temp:puAjn1YoWGYC9rGBgbeaWKYZUgu
AlternateDataStreams: C:\Documents and Settings\z plane\Local Settings\Temporary Internet Files:a9lgdvGL48fcNCCmLoMId65
AlternateDataStreams: C:\Documents and Settings\z plane\Local Settings\Temporary Internet Files:ckgQyxHTYDON0IlqPxXVVcciU
AlternateDataStreams: C:\Documents and Settings\z plane\Local Settings\Temporary Internet Files:zJaIYaYnZ1bxfHnUwRJkP
AlternateDataStreams: C:\Documents and Settings\z plane\Local Settings\Application Data\09Brf6EXmy:C33t5pwFAKZYQlFuNt19Y0NVdHGU
AlternateDataStreams: C:\Documents and Settings\z-plane\Cookies:0iQ6M3agGXti0UK6lxB1e5QKxblMj
AlternateDataStreams: C:\Documents and Settings\z-plane\Local Settings\Application Data:EEje7zVD0de5rLOIFKtzb
AlternateDataStreams: C:\Documents and Settings\z-plane\Local Settings\Application Data:Fq1EbsV2zNimqK9RUyBwtOtP6Q
AlternateDataStreams: C:\Documents and Settings\z-plane\Local Settings\Application Data:XNdRA7Nuxqca8WWGoqG6C
AlternateDataStreams: C:\Documents and Settings\z-plane\Local Settings\Temp:puAjn1YoWGYC9rGBgbeaWKYZUgu
AlternateDataStreams: C:\Documents and Settings\z-plane\Local Settings\Temporary Internet Files:a9lgdvGL48fcNCCmLoMId65
AlternateDataStreams: C:\Documents and Settings\z-plane\Local Settings\Application Data\09Brf6EXmy:C33t5pwFAKZYQlFuNt19Y0NVdHGU
AlternateDataStreams: C:\Documents and Settings\zplane\Local Settings\Application Data:EEje7zVD0de5rLOIFKtzb
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Documents and Settings^z-plane^Start Menu^Programs^Startup^tcifdtre.exe => C:\WINDOWS\pss\tcifdtre.exeStartup
MSCONFIG\startupreg: Matrox PowerDesk SE => "c:\Program Files\Matrox Graphics Inc\PowerDesk SE\Matrox.PowerDesk SE.exe"
========================= Accounts: ==========================
Administrator (S-1-5-21-1801674531-796845957-839522115-500 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\Administrator
ASPNET (S-1-5-21-1801674531-796845957-839522115-1005 - Limited - Enabled)
Guest (S-1-5-21-1801674531-796845957-839522115-501 - Limited - Enabled)
HelpAssistant (S-1-5-21-1801674531-796845957-839522115-1000 - Limited - Disabled)
SUPPORT_388945a0 (S-1-5-21-1801674531-796845957-839522115-1002 - Limited - Disabled)
z-plane (S-1-5-21-1801674531-796845957-839522115-1003 - Administrator - Enabled) => %SystemDrive%\Documents and Settings\z-plane
==================== Faulty Device Manager Devices =============
Name: Realtek RTL8139 Family PCI Fast Ethernet NIC
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service: rtl8139
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/14/2015 07:31:41 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Error: (01/14/2015 07:22:51 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: The COM+ Event System detected a bad return code during its internal processing. HRESULT was 800706BA from line 44 of d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.
Error: (10/28/2014 03:48:06 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (07/14/2014 03:15:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nuendo5.exe, version 5.1.1.651, faulting module nuendo5.exe, version 5.1.1.651, fault address 0x00f8a4b4.
Processing media-specific event for [nuendo5.exe!ws!]
Error: (07/14/2014 03:15:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nuendo5.exe, version 5.1.1.651, faulting module nuendo5.exe, version 5.1.1.651, fault address 0x00f8a4b4.
Processing media-specific event for [nuendo5.exe!ws!]
Error: (06/25/2014 07:43:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nuendo5.exe, version 5.1.1.651, faulting module ntdll.dll, version 5.1.2600.2180, fault address 0x00011e58.
Processing media-specific event for [nuendo5.exe!ws!]
Error: (06/25/2014 02:39:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.2180, faulting module gdiplus.dll, version 5.1.3102.2180, fault address 0x0006073a.
Processing media-specific event for [explorer.exe!ws!]
Error: (06/25/2014 02:36:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.2180, faulting module gdiplus.dll, version 5.1.3102.2180, fault address 0x0006073a.
Processing media-specific event for [explorer.exe!ws!]
Error: (06/02/2014 05:43:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nuendo5.exe, version 5.1.1.651, faulting module unknown, version 0.0.0.0, fault address 0x259cb60e.
Processing media-specific event for [nuendo5.exe!ws!]
Error: (06/01/2014 02:18:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application nuendo5.exe, version 5.1.1.651, faulting module unknown, version 0.0.0.0, fault address 0x2493b60e.
Processing media-specific event for [nuendo5.exe!ws!]
System errors:
=============
Error: (01/27/2015 07:30:07 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (01/27/2015 07:22:23 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (01/27/2015 07:20:53 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
Error: (01/27/2015 07:20:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31
Error: (01/27/2015 07:20:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD service which failed to start because of the following error:
%%31
Error: (01/27/2015 07:20:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DNS Client service depends on the TCP/IP Protocol Driver service which failed to start because of the following error:
%%31
Error: (01/27/2015 07:20:53 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The DHCP Client service depends on the NetBios over Tcpip service which failed to start because of the following error:
%%31
Error: (01/27/2015 07:11:36 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
Error: (01/27/2015 07:09:17 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AFD
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
RasAcd
Rdbss
Tcpip
Error: (01/27/2015 07:09:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error:
%%31
Microsoft Office Sessions:
=========================
Error: (01/14/2015 07:31:41 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp44800706BA
Error: (01/14/2015 07:22:51 PM) (Source: EventSystem) (EventID: 4609) (User: )
Description: d:\qxp_slp\com\com1x\src\events\tier1\eventsystemobj.cpp44800706BA
Error: (10/28/2014 03:48:06 AM) (Source: .NET Runtime Optimization Service) (EventID: 1103) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Tried to start a service that wasn't the latest version of CLR Optimization service. Will shutdown
Error: (07/14/2014 03:15:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nuendo5.exe5.1.1.651nuendo5.exe5.1.1.65100f8a4b4
Error: (07/14/2014 03:15:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nuendo5.exe5.1.1.651nuendo5.exe5.1.1.65100f8a4b4
Error: (06/25/2014 07:43:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nuendo5.exe5.1.1.651ntdll.dll5.1.2600.218000011e58
Error: (06/25/2014 02:39:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.2180gdiplus.dll5.1.3102.21800006073a
Error: (06/25/2014 02:36:18 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.2180gdiplus.dll5.1.3102.21800006073a
Error: (06/02/2014 05:43:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: nuendo5.exe5.1.1.651unknown0.0.0.0259cb60e
Error: (06/01/2014 02:18:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: nuendo5.exe5.1.1.651unknown0.0.0.02493b60e
==================== Memory info ===========================
Processor: Intel® Core2 Quad CPU @ 2.40GHz
Percentage of memory in use: 11%
Total physical RAM: 3317.79 MB
Available physical RAM: 2929.93 MB
Total Pagefile: 5231.78 MB
Available Pagefile: 5021.45 MB
Total Virtual: 2899.88 MB
Available Virtual: 2809.29 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:37.28 GB) (Free:4.06 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Audio) (Fixed) (Total:341.8 GB) (Free:48.73 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive e: (BFD) (Fixed) (Total:68.82 GB) (Free:26.66 GB) NTFS
Drive f: (CB&N) (Fixed) (Total:37.28 GB) (Free:18.63 GB) NTFS
Drive g: (K2, Jx, Gog, SP) (Fixed) (Total:123.96 GB) (Free:47.03 GB) NTFS
Drive h: (SAMPLES) (Fixed) (Total:164.06 GB) (Free:50.88 GB) NTFS
Drive j: (X 8GB) (Removable) (Total:7.2 GB) (Free:5.77 GB) FAT32
Drive k: (X 31GB) (Removable) (Total:28.94 GB) (Free:5.36 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 74.6 GB) (Disk ID: 4AC94AC8)
Partition 1: (Active) - (Size=37.3 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=37.3 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.8 GB) (Disk ID: B44BBD7A)
Partition 1: (Active) - (Size=341.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=124 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 232.9 GB) (Disk ID: F3B5F3B6)
Partition 1: (Not Active) - (Size=68.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=164.1 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows XP) (Size: 29 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=29 GB) - (Type=0C)
========================================================
Disk: 4 (Size: 7.2 GB) (Disk ID: 7E4F2752)
Partition 1: (Active) - (Size=7.2 GB) - (Type=0B)
==================== End Of Log ============================
Edited by koniord, 27 January 2015 - 02:09 PM.