Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-12-2014 Ran by Jesse Pinkman (administrator) on HEISENBERG on 06-12-2014 17:09:30 Running from E:\Documents and Settings\Jesse Pinkman\My Documents\Downloads Loaded Profile: Jesse Pinkman (Available profiles: Jesse Pinkman) Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States) Internet Explorer Version 6 Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (NVIDIA Corporation) E:\WINDOWS\system32\nvsvc32.exe (Microsoft Corporation) E:\WINDOWS\system32\wscntfy.exe (Arcabit) E:\Program Files\Arcabit\ArcaUpdate\update.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Arcabit) E:\Program Files\Arcabit\Common\ArcaConfSV.exe (Arcabit) E:\Program Files\Arcabit\ArcaAgent\ArcaRemoteSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe () E:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe () E:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe () E:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe () E:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe () E:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe () E:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe () E:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe () E:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe () E:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe () E:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe () E:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe () E:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe () E:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe () E:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe () E:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe () E:\Program Files\Arcabit\ArcaVir\arcascan\scanenginecon.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AVMENU] => E:\Program Files\Arcabit\ArcaVir\AVMenu.exe [426664 2014-12-01] (Arcabit) HKLM\...\Run: [ARCACLEAN] => E:\Program Files\Arcabit\ArcaVir\ArcaClean.exe [59984 2014-12-01] (ArcaBit) HKLM\...\Run: [MSConfig] => E:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2014-07-11] (Microsoft Corporation) HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup AlternateShell: ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\S-1-5-21-436374069-2147134463-682003330-1003\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKU\S-1-5-21-436374069-2147134463-682003330-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home URLSearchHook: HKU\S-1-5-21-436374069-2147134463-682003330-1003 - Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "" <======= ATTENTION SearchScopes: HKLM -> DefaultScope value is missing. Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== Chrome: ======= CHR Profile: E:\Documents and Settings\Jesse Pinkman\Local Settings\Application Data\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - E:\Documents and Settings\Jesse Pinkman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-28] CHR Extension: (Google Drive) - E:\Documents and Settings\Jesse Pinkman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-28] CHR Extension: (Google Voice Search Hotword (Beta)) - E:\Documents and Settings\Jesse Pinkman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-28] CHR Extension: (YouTube) - E:\Documents and Settings\Jesse Pinkman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-28] CHR Extension: (Google Search) - E:\Documents and Settings\Jesse Pinkman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-28] CHR Extension: (Google Wallet) - E:\Documents and Settings\Jesse Pinkman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-28] CHR Extension: (Gmail) - E:\Documents and Settings\Jesse Pinkman\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-28] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 ABConfSV; E:\Program Files\Arcabit\common\arcaconfsv.exe [142384 2014-12-01] (Arcabit) S2 ABMainSV; E:\Program Files\Arcabit\arcavir\arcamainsv.exe [167104 2014-12-01] (Arcabit) R2 ArcaRemoteService; E:\Program Files\Arcabit\arcaagent\arcaremotesvc.exe [579104 2014-12-01] (Arcabit) S2 AVBackup; E:\Program Files\Arcabit\arcatools\arcabackup\arcabackupservice.exe [187704 2014-12-01] (Arcabit) S2 AVTasks2; E:\Program Files\Arcabit\common\arcatasksservice.exe [130024 2014-12-01] (ArcaBit) R2 AVUpdate; E:\Program Files\Arcabit\arcaupdate\update.exe [208304 2014-12-06] (Arcabit) S3 ioloService; E:\Program Files\SafePCRepair\ioloToolService.exe [X] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R3 ABFLT; E:\Program Files\Arcabit\ArcaVir\ABFLT.sys [66800 2014-12-01] (ArcaBit) S3 ABndis; E:\WINDOWS\System32\DRIVERS\abndis.sys [41712 2014-12-01] (ArcaBit) R3 ABndisMP; E:\WINDOWS\System32\DRIVERS\abndis.sys [41712 2014-12-01] (ArcaBit) S3 Ambfilt; E:\WINDOWS\System32\drivers\Ambfilt.sys [1684736 2008-08-05] (Creative) R1 AmdPPM; E:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices) R1 arcawfp; E:\WINDOWS\System32\drivers\arcawfp.sys [54200 2014-12-06] (NetFilterSDK.com) S3 CCDECODE; E:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) S3 Monfilt; E:\WINDOWS\System32\drivers\Monfilt.sys [1389056 2006-01-04] (Creative Technology Ltd.) R3 nv; E:\WINDOWS\System32\DRIVERS\nv4_mini.sys [10596576 2010-06-14] (NVIDIA Corporation) [File not signed] R3 NVENETFD; E:\WINDOWS\System32\DRIVERS\NVENETFD.sys [66816 2009-07-30] (NVIDIA Corporation) R0 nvgts; E:\WINDOWS\System32\DRIVERS\nvgts.sys [165920 2009-08-04] (NVIDIA Corporation) R3 NVHDA; E:\WINDOWS\System32\drivers\nvhda32.sys [58600 2010-03-10] (NVIDIA Corporation) R3 nvnetbus; E:\WINDOWS\System32\DRIVERS\nvnetbus.sys [13824 2009-07-30] (NVIDIA Corporation) S1 ABTDI; \??\E:\Program Files\Arcabit\ArcaVir\ABTDI.sys [X] S4 IntelIde; No ImagePath S3 MSICDSetup; \??\F:\CDriver.sys [X] U1 WS2IFSL; No ImagePath ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-06 17:08 - 2014-12-06 17:09 - 00000000 ____D () E:\FRST 2014-12-06 15:37 - 2014-12-06 15:37 - 00000000 ____D () E:\Documents and Settings\Jesse Pinkman\Local Settings\Application Data\iolo 2014-12-06 15:37 - 2014-12-06 15:37 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\iolo 2014-12-06 15:36 - 2014-12-06 16:38 - 00000000 ____D () E:\WINDOWS\Microsoft.NET 2014-12-06 15:36 - 2014-12-06 15:36 - 00000000 ____D () E:\Program Files\Microsoft.NET 2014-12-06 15:20 - 2014-12-06 15:20 - 00000000 ____D () E:\Documents and Settings\Jesse Pinkman\Application Data\ParetoLogic 2014-12-06 15:19 - 2014-12-06 15:30 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\ParetoLogic 2014-12-06 14:55 - 2014-12-06 14:55 - 00000000 ____D () E:\Documents and Settings\Jesse Pinkman\Desktop\Copy of Euro Truck Simulator 2 2014-12-01 20:07 - 2014-12-01 20:41 - 00000000 ____D () E:\Documents and Settings\All Users\arcabit 2014-12-01 19:57 - 2014-12-06 15:30 - 00054200 _____ (NetFilterSDK.com) E:\WINDOWS\system32\Drivers\arcawfp.sys 2014-12-01 19:56 - 2014-12-02 15:12 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\Package Cache 2014-12-01 19:56 - 2014-12-01 19:57 - 00000000 ____D () E:\Documents and Settings\All Users\Application Data\ArcaBit 2014-12-01 19:56 - 2014-12-01 19:56 - 00041712 _____ (ArcaBit) E:\WINDOWS\system32\Drivers\abndis.sys 2014-12-01 19:56 - 2014-12-01 19:56 - 00000000 ____D () E:\Program Files\Arcabit 2014-12-01 19:56 - 2014-12-01 19:56 - 00000000 ____D () E:\Documents and Settings\All Users\Start Menu\Programs\Arcabit 2014-11-28 16:52 - 2014-11-28 16:52 - 00000000 ____D () E:\Documents and Settings\Jesse Pinkman\Start Menu\Programs\1-click run 2014-11-28 16:52 - 2014-11-28 16:52 - 00000000 ____D () E:\Documents and Settings\Jesse Pinkman\Application Data\NapiProjekt 2014-11-28 16:51 - 2014-11-28 16:51 - 00000000 ____D () E:\WINDOWS\system32\Lang 2014-11-28 16:49 - 2014-11-28 16:49 - 00000000 ____D () E:\Documents and Settings\Jesse Pinkman\My Documents\MAMA 2014-11-28 16:04 - 2014-11-28 16:52 - 00000000 ____D () E:\Program Files\Free Window Registry Repair 2014-11-28 15:36 - 2014-12-01 21:00 - 00000008 __RSH () E:\Documents and Settings\Jesse Pinkman\ntuser.pol 2014-11-28 15:35 - 2014-11-28 16:52 - 00000000 ___HD () E:\WINDOWS\system32\GroupPolicy 2014-11-26 11:19 - 2014-11-26 11:19 - 00000000 ____D () E:\WINDOWS\system32\LogFiles 2014-11-26 11:18 - 2014-11-28 16:45 - 00004608 _____ () E:\Documents and Settings\Jesse Pinkman\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-12-06 17:09 - 2014-07-11 22:19 - 00000000 ____D () E:\Documents and Settings\Jesse Pinkman\Local Settings\Temp 2014-12-06 16:29 - 2014-07-11 20:26 - 00000241 _____ () E:\WINDOWS\system.ini 2014-12-06 16:06 - 2014-07-12 00:05 - 00581605 _____ () E:\WINDOWS\setupapi.log 2014-12-06 15:38 - 2014-07-14 10:42 - 00000000 ____D () E:\Documents and Settings\Jesse Pinkman\My Documents\Euro Truck Simulator 2 2014-12-06 15:37 - 2014-07-12 00:06 - 00466114 _____ () E:\WINDOWS\system32\PerfStringBackup.INI 2014-12-06 15:36 - 2014-07-11 21:55 - 00000000 ____D () E:\WINDOWS\system32\mui 2014-12-06 15:20 - 2014-07-11 22:19 - 00001605 _____ () E:\Documents and Settings\Jesse Pinkman\Start Menu\Programs\Remote Assistance.lnk 2014-12-06 15:20 - 2014-07-11 22:14 - 00001613 _____ () E:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk 2014-12-06 15:20 - 2014-07-11 22:14 - 00001513 _____ () E:\Documents and Settings\All Users\Start Menu\Windows Update.lnk 2014-12-06 14:54 - 2014-07-11 22:13 - 00241173 _____ () E:\WINDOWS\WindowsUpdate.log 2014-12-06 14:53 - 2014-07-12 00:08 - 00000159 _____ () E:\WINDOWS\wiadebug.log 2014-12-06 14:53 - 2014-07-12 00:08 - 00000049 _____ () E:\WINDOWS\wiaservc.log 2014-12-06 14:53 - 2014-07-11 22:18 - 00000006 ____H () E:\WINDOWS\Tasks\SA.DAT 2014-12-06 14:53 - 2014-07-11 20:26 - 00002206 _____ () E:\WINDOWS\system32\wpa.dbl 2014-12-06 14:53 - 2014-07-11 20:26 - 00000477 _____ () E:\WINDOWS\win.ini 2014-12-02 16:55 - 2014-07-11 22:18 - 00009624 _____ () E:\WINDOWS\SchedLgU.Txt 2014-12-01 21:00 - 2014-07-11 22:19 - 00000000 ____D () E:\Documents and Settings\Jesse Pinkman 2014-12-01 20:46 - 2014-07-12 06:38 - 00000000 ____D () E:\WINDOWS\pss 2014-12-01 20:12 - 2014-07-12 00:05 - 00001544 _____ () E:\WINDOWS\regopt.log 2014-12-01 19:56 - 2014-07-12 00:06 - 00000000 ____D () E:\Program Files\Common Files\Microsoft Shared 2014-11-30 17:28 - 2010-06-14 00:05 - 00145000 _____ (NVIDIA Corporation) E:\WINDOWS\system32\nvcolor.exe 2014-11-30 17:25 - 2014-07-13 11:11 - 00077824 _____ (Realtek Semiconductor Corp.) E:\WINDOWS\SOUNDMAN.EXE 2014-11-30 17:25 - 2014-07-13 11:10 - 00057344 _____ (Realtek Semiconductor Corp.) E:\WINDOWS\ALCMTR.EXE 2014-11-28 16:57 - 2014-07-11 22:12 - 00001722 _____ () E:\WINDOWS\wmsetup.log 2014-11-28 16:51 - 2014-07-13 11:10 - 00000000 ____D () E:\WINDOWS\system32\ReinstallBackups 2014-11-28 16:50 - 2014-07-14 10:40 - 00000000 ____D () E:\2-click run 2014-11-28 16:50 - 2014-07-13 11:18 - 00000000 ____D () E:\Documents and Settings\Jesse Pinkman\Application Data\AIMP3 2014-11-28 16:49 - 2014-07-11 22:13 - 00000000 ____D () E:\WINDOWS\system32\Restore 2014-11-28 16:10 - 2014-07-11 22:19 - 00000178 ___SH () E:\Documents and Settings\Jesse Pinkman\ntuser.ini 2014-11-26 11:23 - 2014-07-11 22:19 - 00000798 _____ () E:\Documents and Settings\Jesse Pinkman\Start Menu\Programs\Windows Media Player.lnk 2014-11-22 15:52 - 2014-07-12 00:05 - 00261844 _____ () E:\WINDOWS\setupact.log ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) E:\WINDOWS\explorer.exe => File is digitally signed E:\WINDOWS\system32\winlogon.exe => File is digitally signed E:\WINDOWS\system32\svchost.exe => File is digitally signed E:\WINDOWS\system32\services.exe => File is digitally signed E:\WINDOWS\system32\User32.dll => File is digitally signed E:\WINDOWS\system32\userinit.exe => File is digitally signed E:\WINDOWS\system32\rpcss.dll => File is digitally signed E:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed ==================== End Of Log ============================