Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

static.salesresourcepartners.com popups


  • Please log in to reply

#1
dmcbass

dmcbass

    Member

  • Member
  • PipPipPip
  • 109 posts
I have been seeing this for weeks since I took over my son's pc after giving him a new laptop.

Here is the OTL report.

OTL logfile created on: 11/4/2013 2:42:00 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = D:\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 1.91 Gb Available Physical Memory | 63.71% Memory free
4.55 Gb Paging File | 1.52 Gb Available in Paging File | 33.40% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 11.68 Gb Free Space | 16.35% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 247.41 Gb Free Space | 83.00% Space Free | Partition Type: NTFS
Drive E: | 3.00 Gb Total Space | 0.84 Gb Free Space | 27.83% Space Free | Partition Type: NTFS

Computer Name: MIKE_E520 | User Name: Mike | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/11/04 14:39:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- D:\Downloads\OTL.exe
PRC - [2013/10/08 19:02:45 | 000,844,752 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2013/10/08 06:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\Mike\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2013/05/16 09:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013/05/16 09:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013/02/03 04:43:06 | 000,791,560 | ---- | M] (KoshyJohn.com) -- C:\Documents and Settings\Mike\Application Data\KoshyJohn.com\MemClean\MemClean.exe
PRC - [2012/11/27 20:14:12 | 000,149,088 | ---- | M] () -- D:\PlayMemories Home\dfs.exe
PRC - [2012/11/27 20:12:44 | 000,479,840 | ---- | M] (Sony Corporation) -- D:\PlayMemories Home\PMBDeviceInfoProvider.exe
PRC - [2012/11/27 20:08:28 | 000,739,936 | ---- | M] (Sony Corporation) -- D:\PlayMemories Home\PMBVolumeWatcher.exe
PRC - [2012/10/30 17:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/07/12 10:01:02 | 000,220,800 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIHSA.EXE
PRC - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/06/09 12:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
PRC - [2011/04/25 10:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
PRC - [2011/03/08 23:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
PRC - [2011/03/08 23:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
PRC - [2010/10/12 12:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/03/05 15:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/04/14 04:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe
PRC - [2006/08/17 08:00:00 | 001,116,920 | ---- | M] (Roxio) -- C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
PRC - [2006/03/20 15:00:04 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2005/01/31 08:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
PRC - [2005/01/27 04:00:00 | 000,098,304 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIABA.EXE


========== Modules (No Company Name) ==========

MOD - [2013/11/04 06:17:09 | 002,107,392 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13110402\algo.dll
MOD - [2013/10/08 19:02:43 | 000,415,184 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppgooglenaclpluginchrome.dll
MOD - [2013/10/08 19:02:42 | 013,584,336 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
MOD - [2013/10/08 19:02:41 | 004,055,504 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
MOD - [2013/10/08 19:01:50 | 000,698,832 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
MOD - [2013/10/08 19:01:49 | 000,099,792 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\libegl.dll
MOD - [2013/10/08 19:01:47 | 001,604,560 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
MOD - [2013/06/21 07:02:09 | 002,151,712 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nView.dll
MOD - [2013/06/21 07:02:09 | 000,455,968 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\nview\nvShell.dll
MOD - [2013/06/04 02:23:02 | 000,562,688 | ---- | M] () -- C:\WINDOWS\system32\qedit.dll
MOD - [2013/01/02 01:49:10 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2012/11/27 20:14:12 | 000,149,088 | ---- | M] () -- D:\PlayMemories Home\dfs.exe
MOD - [2012/08/27 20:33:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/08/27 20:33:08 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/05/06 05:20:14 | 003,449,856 | ---- | M] () -- C:\Program Files\FreeTime\FormatFactory\FFModules\Filters\ffdshow\ffdshow.ax
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2008/04/14 04:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 04:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2006/08/18 12:17:36 | 000,056,056 | ---- | M] () -- C:\WINDOWS\system32\DLAAPI_W.DLL


========== Services (SafeList) ==========

SRV - [2013/10/18 10:23:49 | 000,118,680 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/09 07:15:25 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/08 06:48:23 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/06/03 15:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/16 09:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/27 20:14:12 | 000,149,088 | ---- | M] () [Auto | Running] -- D:\PlayMemories Home\dfs.exe -- (DeviceFinderService)
SRV - [2012/11/27 20:12:44 | 000,479,840 | ---- | M] (Sony Corporation) [Auto | Running] -- D:\PlayMemories Home\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2012/11/19 17:03:24 | 000,489,256 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/10/30 17:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/09/24 17:33:00 | 003,990,760 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\WINDOWS\system32\GameMon.des -- (npggsvc)
SRV - [2012/01/18 01:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/06/09 12:01:00 | 000,521,600 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe -- (EpsonCustomerParticipation)
SRV - [2011/04/25 10:00:02 | 000,130,944 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE -- (EPSON_PM_RPCV4_05)
SRV - [2007/09/05 20:25:04 | 000,204,800 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2006/12/19 17:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService)
SRV - [2005/01/31 08:45:20 | 000,049,152 | ---- | M] (Ulead Systems, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe -- (UleadBurningHelper)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | On_Demand | Stopped] -- C:\Program Files\Xfire2\XFDriver.sys -- (XFDriver)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleXNt.sys -- (EagleXNt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Mike\LOCALS~1\Temp\cpuz130\cpuz_x32.sys -- (cpuz130)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/02/25 00:27:48 | 000,128,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2012/10/30 17:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 17:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 17:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 17:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 17:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 17:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 17:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/20 09:43:13 | 000,013,232 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\apf003.sys -- (apf003)
DRV - [2012/01/18 01:44:52 | 004,332,960 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC)
DRV - [2012/01/18 01:44:28 | 000,312,096 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2006/08/18 12:18:08 | 000,009,400 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLADResM.SYS -- (DLADResM)
DRV - [2006/08/18 12:17:46 | 000,035,096 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABMFSM.SYS -- (DLABMFSM)
DRV - [2006/08/18 12:17:44 | 000,097,848 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDF_M.SYS -- (DLAUDF_M)
DRV - [2006/08/18 12:17:44 | 000,094,648 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAUDFAM.SYS -- (DLAUDFAM)
DRV - [2006/08/18 12:17:42 | 000,026,008 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAOPIOM.SYS -- (DLAOPIOM)
DRV - [2006/08/18 12:17:40 | 000,032,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLABOIOM.SYS -- (DLABOIOM)
DRV - [2006/08/18 12:17:38 | 000,104,472 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAIFS_M.SYS -- (DLAIFS_M)
DRV - [2006/08/18 12:17:38 | 000,014,520 | ---- | M] (Roxio) [File_System | Auto | Running] -- C:\WINDOWS\system32\DLA\DLAPoolM.SYS -- (DLAPoolM)
DRV - [2006/08/11 09:35:18 | 000,012,920 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS -- (DLACDBHM)
DRV - [2006/08/11 09:35:16 | 000,028,184 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\DLARTL_M.SYS -- (DLARTL_M)
DRV - [2006/06/05 02:39:56 | 000,024,064 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\iqvw32.sys -- (NAL)
DRV - [2006/03/20 15:06:04 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/07/16 13:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {154d339e-ccaa-49a5-9b38-6878ad4220bc}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.searchamo...t=webs&bar=true
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3220468
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Delta Search"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "https://www.google.com/"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/02 09:22:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/10/18 18:12:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/10/18 10:23:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/10/18 10:23:34 | 000,000,000 | ---D | M]

[2012/10/20 21:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Extensions
[2013/10/18 13:51:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\heine9pg.default\extensions
[2012/08/31 18:03:28 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\heine9pg.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012/10/18 20:23:53 | 000,006,433 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\heine9pg.default\searchplugins\Web Search.xml
[2013/10/18 10:23:26 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/10/18 10:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/10/18 10:23:52 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/11/02 09:22:45 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.delta-sea...8720019D1E8703B
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Conduit Radio Plugin (Enabled) = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.11.21.5_0\plugins/np-cwmp.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0\
CHR - Extension: Google Search = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: KabaListics - DoA Power Tools Plus III = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gbfkefhipiannebmklaoedmlbkpgfkhc\2013.823.1_0\
CHR - Extension: avast! WebRep = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Google Wallet = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Gmail = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: Nike 4.0 = C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pmhljlapodbfdojhmoohjdljpedejjhj\1_0\

O1 HOSTS File: ([2013/08/01 05:58:24 | 000,450,575 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15469 more lines...
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (smartdownloader Class) - {F1AF26F8-1828-4279-ABCE-074EF3235BD7} - C:\Program Files\PutLockerDownloader\smarterdownloader.dll File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [\\DAVIDDELL3800\EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Auto EPSON Stylus C88 Series on DAVIDDELL3800] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [EPSON Stylus C88 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IDTSysTrayApp] C:\WINDOWS\sttray.exe (IDT, Inc.)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [PMBVolumeWatcher] D:\PlayMemories Home\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [RoxioDragToDisc] C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe (Roxio)
O4 - HKLM..\Run: [RoxWatchTray] C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe (Sonic Solutions)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [UVS10 Preload] C:\Program Files\Ulead Systems\Ulead VideoStudio 10\uvPL.exe (Ulead Systems, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\Mike\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Memory Cleaner] C:\Documents and Settings\Mike\Application Data\KoshyJohn.com\MemClean\MemClean.exe (KoshyJohn.com)
O4 - HKCU..\Run: [NCsoft Launcher] D:\NCSoft\Launcher\NCLauncher.exe /Minimized File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Free YouTube to iPod Converter - C:\Documents and Settings\Mike\Application Data\DVDVideoSoftIEHelpers\freeyoutubetoipodconverter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Documents and Settings\Mike\Application Data\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB (SysProWmi Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1345154191718 (WUWebControl Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 205.152.37.23 205.152.144.23
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5037B476-B705-403C-B639-1EB9E1CDEAC8}: DhcpNameServer = 205.152.37.23 205.152.144.23
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mike\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/08/16 14:53:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/10/30 05:49:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\VideoPad Projects
[2013/10/30 05:44:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Start Menu\Programs\NCH Software Suite
[2013/10/30 05:44:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audio Related Programs
[2013/10/30 05:44:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\NCH Software
[2013/10/30 05:44:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NCH Software
[2013/10/30 05:43:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
[2013/10/30 05:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Video Related Programs
[2013/10/30 05:42:59 | 000,000,000 | ---D | C] -- C:\Program Files\NCH Software
[2013/10/29 15:14:04 | 000,000,000 | ---D | C] -- C:\SmartSound Software
[2013/10/29 15:13:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2013/10/29 15:13:41 | 000,000,000 | ---D | C] -- C:\Program Files\SmartSound Software
[2013/10/29 15:12:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Ulead VideoStudio 10
[2013/10/29 15:11:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems
[2013/10/29 15:11:21 | 000,000,000 | ---D | C] -- C:\Program Files\Ulead Systems
[2013/10/29 14:52:08 | 141,606,188 | ---- | C] (Ulead Systems ) -- C:\Documents and Settings\Mike\Desktop\uvs10_tbyb_(e)_na.exe
[2013/10/29 12:06:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Web Solution Mart
[2013/10/29 12:05:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\WMTools Downloaded Files
[2013/10/27 06:46:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2013/10/27 06:45:36 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013/10/27 06:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013/10/27 06:45:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/10/25 06:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013/10/25 06:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java Development Kit
[2013/10/25 06:15:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Java
[2013/10/18 10:23:24 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/10/16 13:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
[2013/10/16 13:40:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Epson
[2013/10/16 13:40:06 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet
[2013/10/16 13:39:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\InstallShield
[2013/10/16 13:39:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON
[2013/10/16 13:39:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Epson
[2013/10/16 13:39:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Start Menu\Programs\EPSON Software
[2013/10/16 13:38:46 | 000,000,000 | ---D | C] -- C:\Program Files\Epson America Inc
[2013/10/16 13:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Epson Software
[2013/10/16 13:38:02 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software
[2013/10/16 13:37:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2013/10/16 13:35:13 | 000,509,872 | ---- | C] (Ask Partner Network) -- C:\Documents and Settings\Mike\My Documents\APNSetup.exe
[2013/10/16 13:19:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
[2013/10/16 13:19:11 | 000,000,000 | ---D | C] -- C:\epson
[2013/10/14 12:39:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\Quicken
[2013/10/14 12:34:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\AnswerWorks 5.0
[2013/10/14 12:33:40 | 004,199,768 | ---- | C] (Amyuni Technologies
http://www.amyuni.com) -- C:\WINDOWS\System32\cdintf400.dll
[2013/10/14 12:33:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Quicken 2011
[2013/10/14 12:33:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intuit
[2013/10/14 12:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Quicken
[2013/10/14 12:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Intuit
[2013/10/14 12:32:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2013/10/14 02:01:04 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/10/13 09:34:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Roxio
[2013/10/13 08:06:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\My Documents\FormatFactory
[2013/10/13 07:45:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Roxio
[2013/10/13 07:44:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Roxio
[2013/10/13 07:41:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2013/10/13 07:40:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sonic
[2013/10/13 07:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Roxio Creator DE
[2013/10/13 07:39:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SureThing Shared
[2013/10/13 07:39:33 | 000,092,920 | ---- | C] (Roxio) -- C:\WINDOWS\DLA.EXE
[2013/10/13 07:39:33 | 000,028,184 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLARTL_M.SYS
[2013/10/13 07:39:33 | 000,012,920 | ---- | C] (Roxio) -- C:\WINDOWS\System32\drivers\DLACDBHM.SYS
[2013/10/13 07:39:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DLA
[2013/10/13 07:36:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Roxio
[2013/10/13 07:36:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Sonic Shared
[2013/10/13 07:36:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Roxio Shared
[2013/10/13 07:34:46 | 000,000,000 | ---D | C] -- C:\Program Files\Roxio
[2013/10/13 07:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Help
[2013/10/13 07:02:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Application Data\Help
[2013/10/13 05:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013/10/13 05:26:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2013/10/13 05:26:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Akamai
[2013/10/13 05:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2013/10/13 05:25:32 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2013/10/13 05:25:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013/10/13 05:25:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2013/10/13 05:25:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Xfire2
[2013/10/13 05:23:41 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013/10/12 15:19:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Ulead Systems(2)
[2013/10/11 15:20:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mike\Local Settings\Application Data\Overwolf
[2013/10/11 14:59:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2013/10/11 14:59:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/11/04 14:25:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/04 14:18:06 | 000,000,406 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/11/04 14:18:06 | 000,000,095 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\WB.CFG
[2013/11/04 14:18:06 | 000,000,006 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\WBPU-TTL.DAT
[2013/11/04 14:14:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/11/04 14:04:26 | 000,013,446 | ---- | M] () -- C:\WINDOWS\System32\nvAppTimestamps
[2013/11/04 14:02:28 | 000,078,848 | ---- | M] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/11/04 06:49:55 | 000,520,032 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/11/04 06:49:55 | 000,095,008 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/11/04 06:49:41 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/11/04 06:48:59 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/11/04 06:46:52 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/04 06:46:51 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
[2013/11/04 06:46:50 | 000,000,350 | ---- | M] () -- C:\WINDOWS\tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
[2013/11/04 06:46:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/11/02 19:59:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/10/30 05:44:40 | 000,000,290 | ---- | M] () -- C:\WINDOWS\tasks\ExpressBurnSevenDays.job
[2013/10/30 05:44:34 | 000,000,811 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Express Burn.lnk
[2013/10/30 05:43:09 | 000,000,799 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VideoPad Video Editor.lnk
[2013/10/29 15:12:44 | 000,001,819 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ulead VideoStudio 10.lnk
[2013/10/29 15:10:14 | 141,606,188 | ---- | M] (Ulead Systems ) -- C:\Documents and Settings\Mike\Desktop\uvs10_tbyb_(e)_na.exe
[2013/10/27 06:46:41 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/10/22 09:21:53 | 000,000,400 | ---- | M] () -- C:\Documents and Settings\Mike\Desktop\Shortcut to Local Area Connection.lnk
[2013/10/21 08:25:50 | 000,000,000 | ---- | M] () -- C:\WINDOWS\EEventManager.INI
[2013/10/16 13:44:40 | 000,000,079 | ---- | M] () -- C:\WINDOWS\EWF845.ini
[2013/10/16 13:37:04 | 000,000,665 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2013/10/16 12:59:36 | 000,001,577 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Quicken Deluxe 2011.lnk
[2013/10/14 15:05:44 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/10/14 12:33:33 | 000,000,120 | ---- | M] () -- C:\WINDOWS\QUICKEN.INI
[2013/10/13 07:43:15 | 000,437,352 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/10/13 07:41:52 | 000,001,627 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2013/10/13 07:40:29 | 000,002,079 | ---- | M] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Roxio Creator DE.lnk
[2013/10/13 06:29:25 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/10/13 05:35:00 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/10/13 05:34:57 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/10/11 15:53:53 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RunOW.job
[2013/10/11 15:43:37 | 000,000,148 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/30 05:44:39 | 000,000,290 | ---- | C] () -- C:\WINDOWS\tasks\ExpressBurnSevenDays.job
[2013/10/30 05:44:34 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Express Burn.lnk
[2013/10/30 05:44:34 | 000,000,811 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Express Burn.lnk
[2013/10/30 05:43:09 | 000,000,805 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\VideoPad Video Editor.lnk
[2013/10/30 05:43:09 | 000,000,799 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VideoPad Video Editor.lnk
[2013/10/29 15:12:44 | 000,001,819 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ulead VideoStudio 10.lnk
[2013/10/27 06:46:41 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2013/10/22 09:21:53 | 000,000,400 | ---- | C] () -- C:\Documents and Settings\Mike\Desktop\Shortcut to Local Area Connection.lnk
[2013/10/21 08:25:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2013/10/16 13:37:04 | 000,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
[2013/10/16 13:34:15 | 000,000,079 | ---- | C] () -- C:\WINDOWS\EWF845.ini
[2013/10/16 12:59:36 | 000,001,577 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Quicken Deluxe 2011.lnk
[2013/10/14 15:05:43 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2013/10/14 12:32:44 | 000,000,120 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2013/10/13 07:40:29 | 000,002,079 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\Microsoft\Internet Explorer\Quick Launch\Roxio Creator DE.lnk
[2013/10/13 07:39:33 | 000,056,056 | ---- | C] () -- C:\WINDOWS\System32\DLAAPI_W.DLL
[2013/10/13 05:35:00 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2013/10/11 15:21:37 | 000,000,300 | ---- | C] () -- C:\WINDOWS\tasks\RunOW.job
[2013/10/11 15:00:13 | 000,000,148 | ---- | C] () -- C:\WINDOWS\System32\QuickTime.qtp
[2013/09/12 13:18:04 | 000,000,095 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\WB.CFG
[2013/07/27 13:18:04 | 000,000,115 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WB.CFG
[2013/06/27 13:18:08 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\WBPU-TTL.DAT
[2013/06/16 13:18:06 | 000,000,006 | ---- | C] () -- C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
[2013/04/27 22:23:36 | 000,041,176 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2013/04/21 19:13:04 | 000,000,060 | ---- | C] () -- C:\Documents and Settings\Mike\jagex_cl_runescape_LIVE.dat
[2013/04/17 06:48:26 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/04/05 13:52:44 | 000,000,025 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2013/03/28 07:13:58 | 000,001,627 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2013/03/08 20:38:07 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Mike\__ng3d.lock
[2012/12/27 01:14:15 | 000,000,726 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2012/12/27 01:14:06 | 000,045,568 | ---- | C] () -- C:\WINDOWS\UniFish3.exe
[2012/11/07 14:42:24 | 000,000,062 | ---- | C] () -- C:\Documents and Settings\Mike\jagex_cl_loginapplet_LIVE.dat
[2012/11/07 14:42:24 | 000,000,024 | R--- | C] () -- C:\Documents and Settings\Mike\random.dat
[2012/10/21 00:05:15 | 000,456,798 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1409082233-1177238915-839522115-1003-0.dat
[2012/10/20 09:43:14 | 000,016,304 | ---- | C] () -- C:\WINDOWS\System32\apl003.sys
[2012/10/20 09:43:13 | 000,013,232 | ---- | C] () -- C:\WINDOWS\System32\apf003.sys
[2012/10/09 13:48:26 | 000,078,848 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/09/22 00:43:25 | 000,211,310 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/09/18 14:58:26 | 000,000,080 | ---- | C] () -- C:\Documents and Settings\Mike\Application Data\mBot.ini
[2012/09/16 13:55:47 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Mike\Local Settings\Application Data\fusioncache.dat
[2012/08/21 14:50:15 | 001,098,832 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2012/08/21 14:50:15 | 001,098,832 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2012/08/21 14:50:15 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2012/08/21 14:49:58 | 002,289,288 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/08/17 06:14:34 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2012/08/16 15:05:16 | 000,447,120 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2012/08/16 15:05:16 | 000,200,704 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4704.dll
[2012/08/16 14:54:47 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/08/16 14:51:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/08/16 10:45:05 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2012/08/16 10:44:14 | 000,437,352 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/01/18 01:44:00 | 010,920,984 | ---- | C] () -- C:\WINDOWS\System32\LogiDPP.dll
[2012/01/18 01:44:00 | 000,336,408 | ---- | C] () -- C:\WINDOWS\System32\DevManagerCore.dll
[2012/01/18 01:44:00 | 000,104,472 | ---- | C] () -- C:\WINDOWS\System32\LogiDPPApp.exe
[2011/11/16 20:40:38 | 000,028,418 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

========== ZeroAccess Check ==========

[2012/08/31 18:00:20 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2012/06/28 16:33:05 | 001,510,400 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\System32\wbem\wbemess.dll -- [2008/04/14 04:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/27 06:46:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/10/16 13:44:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\APN
[2012/08/16 16:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2013/10/16 13:41:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2013/01/12 09:42:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2013/09/03 12:15:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2013/11/02 11:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2013/04/04 16:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2013/10/29 15:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
[2013/05/27 13:19:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2012/09/22 23:56:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tunngle
[2013/10/29 15:11:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems
[2012/08/19 10:00:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/09/12 13:38:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\.minecraft
[2012/12/31 18:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Audacity
[2012/10/30 14:36:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013/05/27 13:18:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\DSite
[2012/10/24 13:49:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\DVDVideoSoft
[2012/10/24 13:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\DVDVideoSoftIEHelpers
[2013/10/17 07:25:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Epson
[2012/09/01 02:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\fltk.org
[2013/01/13 12:37:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Garmin
[2013/05/13 17:28:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\KoshyJohn.com
[2012/08/27 21:17:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Leadertech
[2012/12/29 21:52:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\LocalLow
[2012/08/21 07:48:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\LolClient
[2013/01/20 02:05:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Mouse Recorder Pro
[2012/08/18 16:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Oracle
[2012/12/27 01:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\PowerISO
[2013/05/27 19:52:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\redsn0w
[2013/03/08 16:54:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Sony Online Entertainment
[2012/09/23 00:26:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Tunngle
[2013/09/12 09:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Ulead Systems
[2012/09/16 16:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\uTorrent
[2013/05/27 13:20:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mike\Application Data\Zip Opener Packages

========== Purity Check ==========



< End of report >

Thanks much
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Disable Spybot's TeaTimer to make sure it won't interfere with fixes. You can re-enable it when you're clean again:

* Run Spybot-S&D in Advanced Mode
* If it is not already set to do this, go to the Mode menu
select
Advanced Mode
* On the left hand side, click on Tools
* Then click on the Resident icon in the list
* Uncheck
Resident TeaTimer
and OK any prompts.
* Restart your computer

Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
dmcbass

dmcbass

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
As requested

# AdwCleaner v3.011 - Report created 05/11/2013 at 10:18:01
# Updated 03/11/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Mike - MIKE_E520
# Running from : D:\Virus removal sw\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Smartdl
Folder Deleted : C:\Program Files\TSearch
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Documents and Settings\Mike\Local Settings\Application Data\PutLockerDownloader
Folder Deleted : C:\Documents and Settings\Mike\Local Settings\Application Data\visualbeeexe
Folder Deleted : C:\DOCUME~1\Mike\LOCALS~1\Temp\apn
Folder Deleted : C:\Documents and Settings\Mike\Application Data\DSite
Folder Deleted : C:\Documents and Settings\Mike\Application Data\dvdvideosoftiehelpers
Folder Deleted : C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\heine9pg.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
[!] Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\heine9pg.default\searchplugins\Web Search.xml
File Deleted : C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\heine9pg.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\apfdadfinodckpcehhdhjlgiphgnbfci
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\58ed9dbbc3fe413
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{162E06EC-4E38-4809-AE76-BF2400D34334}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F1AF26F8-1828-4279-ABCE-074EF3235BD7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{154D339E-CCAA-49A5-9B38-6878AD4220BC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{0E1230F8-EA50-42A9-983C-D22ABC2EED3B}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Documents and Settings\Mike\Application Data\2YourFace\Updater.exe]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\visualbee
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\visualbee
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Zip Opener Packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\heine9pg.default\prefs.js ]

Line Deleted : user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?affID=119351&tt=gc_&babsrc=NT_ss&mntrId=38720019D1E8703B");
Line Deleted : user_pref("browser.search.selectedEngine", "Delta Search");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "3872838b0000000000000019d1e8703b");
Line Deleted : user_pref("extensions.delta.instlDay", "15852");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.514:20:31");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119351&tt=gc_");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Line Deleted : user_pref("extentions.y2layers.installId", "8ef63c0d-da41-4c25-a831-9d1f9d94c97a");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage

*************************

AdwCleaner[R0].txt - [10231 octets] - [05/11/2013 10:13:26]
AdwCleaner[S0].txt - [9980 octets] - [05/11/2013 10:18:01]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10040 octets] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:2)
OS: Microsoft Windows XP x86
Ran by Mike on Tue 11/05/2013 at 10:30:35.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1409082233-1177238915-839522115-1003\Software\SweetIM



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\visualbee"
Successfully deleted: [Folder] "C:\Documents and Settings\Mike\Application Data\zip opener packages"
Successfully deleted: [Folder] "C:\Documents and Settings\Mike\Local Settings\Application Data\cre"
Successfully deleted: [Folder] "C:\Documents and Settings\Mike\Local Settings\Application Data\visualbeeclient"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"



~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 11/05/2013 at 10:37:39.81
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 31-10-2013
Ran by Mike (administrator) on MIKE_E520 on 05-11-2013 13:06:15
Running from D:\Virus removal sw
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() D:\PlayMemories Home\dfs.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Sony Corporation) D:\PlayMemories Home\PMBDeviceInfoProvider.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastUI.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(Sony Corporation) D:\PlayMemories Home\PMBVolumeWatcher.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
(Roxio) C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
(Macrovision Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIABA.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Mike\Local Settings\Application Data\Akamai\netsession_win.exe
(KoshyJohn.com) C:\Documents and Settings\Mike\Application Data\KoshyJohn.com\MemClean\MemClean.exe
(SEIKO EPSON CORPORATION) C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_TATIHSA.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Akamai Technologies, Inc.) C:\Documents and Settings\Mike\Local Settings\Application Data\Akamai\netsession_win.exe
(Sonic Solutions) C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS\System32\hkcmd.exe [ ] ()
HKLM\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4297136 2012-10-30] (AVAST Software)
HKLM\...\Run: [IDTSysTrayApp] - C:\WINDOWS\sttray.exe [405504 2007-09-05] (IDT, Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] - C:\WINDOWS\stsystra.exe [282624 2006-03-20] (SigmaTel, Inc.)
HKLM\...\Run: [DivXUpdate] - C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1259376 2011-07-28] ()
HKLM\...\Run: [LWS] - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM\...\Run: [\\DAVIDDELL3800\EPSON Stylus C88 Series] - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIABA.EXE [98304 2005-01-27] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Auto EPSON Stylus C88 Series on DAVIDDELL3800] - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIABA.EXE [98304 2005-01-27] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [PMBVolumeWatcher] - D:\PlayMemories Home\PMBVolumeWatcher.exe [739936 2012-11-27] (Sony Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [NvMediaCenter] - RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
HKLM\...\Run: [nwiz] - C:\Program Files\NVIDIA Corporation\nview\nwiz.exe [2586912 2013-06-21] ()
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RoxWatchTray] - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe [221184 2006-11-05] (Sonic Solutions)
HKLM\...\Run: [RoxioDragToDisc] - C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe [1116920 2006-08-17] (Roxio)
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [EPSON Stylus C88 Series] - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_FATIABA.EXE [98304 2005-01-27] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXRCV] - C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [FUFAXSTM] - C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-10-23] (Apple Inc.)
HKCU\...\Run: [NCsoft Launcher] - D:\NCSoft\Launcher\NCLauncher.exe /Minimized
HKCU\...\Run: [Akamai NetSession Interface] - C:\Documents and Settings\Mike\Local Settings\Application Data\Akamai\netsession_win.exe [4489472 2013-06-05] (Akamai Technologies, Inc.)
HKCU\...\Run: [Memory Cleaner] - C:\Documents and Settings\Mike\Application Data\KoshyJohn.com\MemClean\MemClean.exe [791560 2013-02-03] (KoshyJohn.com)
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\WINDOWS\system32\spool\drivers\w32x86\3\E_TATIHSA.EXE [220800 2012-07-12] (SEIKO EPSON CORPORATION)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
ShortcutTarget: Adobe Gamma Loader.exe.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} http://support.dell....iler/SysPro.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate...b?1345154191718
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 205.152.37.23 205.152.144.23

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\heine9pg.default
FF Homepage: https://www.google.com/
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nexon.net/NxGame - C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Conduit Chrome Plugin) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll No File
CHR Plugin: (Conduit Radio Plugin) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda\10.11.21.5_0\plugins/np-cwmp.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Microsoft\u00AE DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\DOCUME~1\Mike\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Adblock Plus) - C:\DOCUME~1\Mike\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.6.1_0
CHR Extension: (Google Search) - C:\DOCUME~1\Mike\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (KabaListics - DoA Power Tools Plus III) - C:\DOCUME~1\Mike\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\gbfkefhipiannebmklaoedmlbkpgfkhc\2013.823.1_0
CHR Extension: (avast! WebRep) - C:\DOCUME~1\Mike\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0
CHR Extension: (Gmail) - C:\DOCUME~1\Mike\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR Extension: (Nike 4.0) - C:\DOCUME~1\Mike\LOCALS~1\Application Data\Google\Chrome\User Data\Default\Extensions\pmhljlapodbfdojhmoohjdljpedejjhj\1_0
CHR HKLM\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
CHR HKLM\...\Chrome\Extension: [ohlfohjgijhjlpidbbnmcdooegafnnnm] - C:\Program Files\SockshareDownloader\SockshareDownloader10.crx

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-30] (AVAST Software)
R2 DeviceFinderService; D:\PlayMemories Home\dfs.exe [149088 2012-11-27] ()
R2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
R2 EpsonCustomerParticipation; C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [521600 2011-06-09] (SEIKO EPSON CORPORATION)
R2 EPSON_PM_RPCV4_05; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_JT50RP.EXE [130944 2011-04-25] (SEIKO EPSON CORPORATION)
S3 npggsvc; C:\WINDOWS\system32\GameMon.des [3990760 2012-09-24] (INCA Internet Co., Ltd.)
R2 PMBDeviceInfoProvider; D:\PlayMemories Home\PMBDeviceInfoProvider.exe [479840 2012-11-27] (Sony Corporation)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
S3 Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe /RunAsService [x]

==================== Drivers (Whitelisted) ====================

R1 Aavmker4; C:\Windows\System32\Drivers\Aavmker4.sys [25256 2012-10-30] (AVAST Software)
S3 apf003; C:\WINDOWS\system32\apf003.sys [13232 2012-10-20] ()
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [21256 2012-10-30] (AVAST Software)
R2 aswMon2; C:\Windows\System32\Drivers\aswMon2.sys [97608 2012-10-30] (AVAST Software)
R1 AswRdr; C:\Windows\System32\Drivers\AswRdr.sys [35928 2012-10-30] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [738504 2012-10-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [361032 2012-10-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [54232 2012-10-30] (AVAST Software)
S3 CCDECODE; C:\Windows\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
S3 NAL; C:\WINDOWS\system32\Drivers\iqvw32.sys [24064 2006-06-05] (Intel Corporation )
S3 NdisIP; C:\Windows\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 NVHDA; C:\Windows\System32\drivers\nvhda32.sys [128672 2013-02-25] (NVIDIA Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [1156648 2006-03-20] (SigmaTel, Inc.)
S3 cpuz130; \??\C:\DOCUME~1\Mike\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [x]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [x]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 XFDriver; \??\C:\Program Files\Xfire2\XFDriver.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

http://www.amyuni.com) C:\WINDOWS\system32\cdintf400.dll
2013-11-05 13:06 - 2013-11-05 13:06 - 00000000 ____D C:\FRST
2013-11-05 10:37 - 2013-11-05 10:37 - 00001457 _____ C:\Documents and Settings\Mike\Desktop\JRT.txt
2013-11-05 10:25 - 2013-11-05 10:25 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-05 10:13 - 2013-11-05 10:18 - 00000000 ____D C:\AdwCleaner
2013-11-05 10:02 - 2013-11-05 10:02 - 00000526 _____ C:\Documents and Settings\Mike\Desktop\Shortcut to AdwCleaner.lnk
2013-11-04 15:13 - 2013-11-04 15:13 - 00115922 _____ C:\Documents and Settings\Mike\Desktop\OTL.Txt
2013-10-30 05:49 - 2013-10-30 05:49 - 00000000 ____D C:\Documents and Settings\Mike\My Documents\VideoPad Projects
2013-10-30 05:44 - 2013-10-30 05:44 - 00000817 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Express Burn.lnk
2013-10-30 05:44 - 2013-10-30 05:44 - 00000811 _____ C:\Documents and Settings\All Users\Desktop\Express Burn.lnk
2013-10-30 05:44 - 2013-10-30 05:44 - 00000290 _____ C:\WINDOWS\Tasks\ExpressBurnSevenDays.job
2013-10-30 05:44 - 2013-10-30 05:44 - 00000000 ____D C:\Documents and Settings\Mike\Start Menu\Programs\NCH Software Suite
2013-10-30 05:44 - 2013-10-30 05:44 - 00000000 ____D C:\Documents and Settings\Mike\Application Data\NCH Software
2013-10-30 05:44 - 2013-10-30 05:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NCH Software
2013-10-30 05:43 - 2013-10-30 05:43 - 00000805 _____ C:\Documents and Settings\All Users\Start Menu\Programs\VideoPad Video Editor.lnk
2013-10-30 05:43 - 2013-10-30 05:43 - 00000799 _____ C:\Documents and Settings\All Users\Desktop\VideoPad Video Editor.lnk
2013-10-30 05:43 - 2013-10-30 05:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
2013-10-30 05:42 - 2013-10-30 05:44 - 00000000 ____D C:\Program Files\NCH Software
2013-10-29 15:14 - 2013-10-29 15:14 - 00000000 ____D C:\SmartSound Software
2013-10-29 15:13 - 2013-10-29 15:13 - 00000000 ____D C:\Program Files\SmartSound Software
2013-10-29 15:13 - 2013-10-29 15:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2013-10-29 14:52 - 2013-10-29 15:10 - 141606188 _____ (Ulead Systems ) C:\Documents and Settings\Mike\Desktop\uvs10_tbyb_(e)_na.exe
2013-10-29 12:07 - 2004-03-08 23:00 - 00132880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSINET.OCX
2013-10-29 12:06 - 2013-10-29 13:10 - 00000000 ____D C:\Program Files\Common Files\Web Solution Mart
2013-10-29 12:05 - 2013-10-29 12:05 - 00000000 ____D C:\Documents and Settings\Mike\Local Settings\Application Data\WMTools Downloaded Files
2013-10-27 06:46 - 2013-10-27 06:46 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-10-27 06:46 - 2013-10-27 06:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-10-27 06:45 - 2013-10-27 06:46 - 00000000 ____D C:\Program Files\iTunes
2013-10-27 06:45 - 2013-10-27 06:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-27 06:45 - 2013-10-27 06:45 - 00000000 ____D C:\Program Files\iPod
2013-10-25 06:16 - 2013-10-25 06:16 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-25 06:15 - 2013-10-25 06:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java Development Kit
2013-10-25 06:15 - 2013-10-25 06:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-25 06:15 - 2013-10-08 06:50 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-25 06:15 - 2013-10-08 06:46 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-25 06:15 - 2013-10-08 06:46 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-25 06:15 - 2013-10-08 06:46 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-25 06:15 - 2013-10-08 06:29 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2013-10-25 06:13 - 2013-10-25 06:15 - 00004705 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-22 09:21 - 2013-10-22 09:21 - 00000400 _____ C:\Documents and Settings\Mike\Desktop\Shortcut to Local Area Connection.lnk
2013-10-21 08:25 - 2013-10-21 08:25 - 00000000 _____ C:\WINDOWS\EEventManager.INI
2013-10-18 10:23 - 2013-10-18 12:07 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-16 13:41 - 2007-09-07 16:33 - 00135168 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EEBAPI.dll
2013-10-16 13:41 - 2007-03-28 17:26 - 00065536 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EEBUtil.dll
2013-10-16 13:41 - 2006-12-19 17:31 - 00110592 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EEBDSCVR.dll
2013-10-16 13:41 - 2006-12-19 17:20 - 00077824 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EBAPI.dll
2013-10-16 13:41 - 2003-12-17 00:01 - 00055808 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\EEBSDKIF.dll
2013-10-16 13:40 - 2013-10-16 13:40 - 00000000 ____D C:\Program Files\EpsonNet
2013-10-16 13:40 - 2013-10-16 13:40 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Epson
2013-10-16 13:40 - 2010-09-13 14:01 - 00458129 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppui.dll
2013-10-16 13:40 - 2010-09-13 14:01 - 00458129 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppui.dll
2013-10-16 13:40 - 2010-09-13 14:00 - 00475410 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\ensppmon.dll
2013-10-16 13:40 - 2010-09-13 14:00 - 00475410 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enppmon.dll
2013-10-16 13:40 - 2008-06-18 10:49 - 00249344 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enspres.dll
2013-10-16 13:40 - 2008-06-18 10:49 - 00249344 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\enpres.dll
2013-10-16 13:39 - 2013-10-17 07:25 - 00000000 ____D C:\Documents and Settings\Mike\Application Data\Epson
2013-10-16 13:39 - 2013-10-16 13:41 - 00000000 ____D C:\Program Files\Common Files\EPSON
2013-10-16 13:39 - 2013-10-16 13:39 - 00000000 ____D C:\Documents and Settings\Mike\Start Menu\Programs\EPSON Software
2013-10-16 13:39 - 2013-10-16 13:39 - 00000000 ____D C:\Documents and Settings\Mike\Application Data\InstallShield
2013-10-16 13:38 - 2013-10-16 13:39 - 00000000 ____D C:\Program Files\Epson Software
2013-10-16 13:38 - 2013-10-16 13:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Epson Software
2013-10-16 13:38 - 2013-10-16 13:38 - 00000000 ____D C:\Program Files\Epson America Inc
2013-10-16 13:37 - 2013-10-16 13:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\EPSON
2013-10-16 13:37 - 2013-10-16 13:37 - 00000665 _____ C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
2013-10-16 13:37 - 2011-04-20 06:03 - 00095232 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_TLBHSA.DLL
2013-10-16 13:37 - 2011-03-15 06:03 - 00081408 _____ (SEIKO EPSON CORPORATION) C:\WINDOWS\system32\E_TD4BHSA.DLL
2013-10-16 13:37 - 2009-10-15 23:00 - 00132560 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\esdevapp.exe
2013-10-16 13:37 - 2009-10-15 23:00 - 00012800 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\escdev.dll
2013-10-16 13:37 - 2009-09-16 23:00 - 00342016 _____ (Seiko Epson Corporation) C:\WINDOWS\system32\eswiaud.dll
2013-10-16 13:35 - 2013-09-23 13:35 - 00509872 _____ (Ask Partner Network) C:\Documents and Settings\Mike\My Documents\APNSetup.exe
2013-10-16 13:34 - 2013-10-16 13:44 - 00000079 _____ C:\WINDOWS\EWF845.ini
2013-10-16 13:19 - 2013-10-16 13:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
2013-10-16 13:19 - 2013-10-16 13:19 - 00000031 _____ C:\WINDOWS\EPSMTL32.TXT
2013-10-16 13:19 - 2013-10-16 13:19 - 00000000 ____D C:\epson
2013-10-15 10:55 - 2008-04-13 23:17 - 00025856 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbprint.sys
2013-10-15 10:55 - 2008-04-13 23:17 - 00025856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2013-10-14 12:34 - 2013-10-14 12:34 - 00000000 ____D C:\Program Files\Common Files\AnswerWorks 5.0
2013-10-14 12:33 - 2013-10-14 12:33 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2013-10-14 12:33 - 2011-03-10 16:00 - 04199768 _____ (Amyuni Technologies
2013-10-14 12:32 - 2013-11-04 15:23 - 00000031 _____ C:\WINDOWS\QUICKEN.INI
2013-10-14 12:32 - 2013-10-14 12:32 - 00000000 ____D C:\Documents and Settings\Mike\Application Data\Intuit
2013-10-14 12:32 - 2013-10-14 12:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Intuit
2013-10-14 02:01 - 2013-10-14 02:01 - 00302882 _____ C:\WINDOWS\msxml4-KB954430-enu.LOG
2013-10-14 02:01 - 2013-10-14 02:01 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-10-14 02:00 - 2013-10-14 02:01 - 00310790 _____ C:\WINDOWS\msxml4-KB973688-enu.LOG
2013-10-13 09:34 - 2013-10-13 09:34 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Roxio
2013-10-13 08:06 - 2013-10-13 08:06 - 00000000 ____D C:\Documents and Settings\Mike\My Documents\FormatFactory
2013-10-13 07:46 - 2013-10-13 07:46 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Application Data\Roxio
2013-10-13 07:45 - 2013-10-13 09:56 - 00000000 ____D C:\Documents and Settings\Mike\Application Data\Roxio
2013-10-13 07:44 - 2013-10-13 07:44 - 00000000 ____D C:\Documents and Settings\Mike\Local Settings\Application Data\Roxio
2013-10-13 07:41 - 2013-10-13 07:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\InstallShield
2013-10-13 07:40 - 2013-10-13 07:40 - 00001406 _____ C:\WINDOWS\xpsp1hfm.log
2013-10-13 07:40 - 2013-10-13 07:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Roxio Creator DE
2013-10-13 07:40 - 2013-10-13 07:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sonic
2013-10-13 07:39 - 2013-10-13 07:43 - 00000000 ____D C:\WINDOWS\system32\DLA
2013-10-13 07:39 - 2013-10-13 07:39 - 00000103 _____ C:\WINDOWS\system32\ROXECDC6Inst.log
2013-10-13 07:39 - 2013-10-13 07:39 - 00000000 ____D C:\Program Files\Common Files\SureThing Shared
2013-10-13 07:39 - 2006-08-18 12:17 - 00092920 _____ (Roxio) C:\WINDOWS\DLA.EXE
2013-10-13 07:39 - 2006-08-18 12:17 - 00056056 _____ C:\WINDOWS\system32\DLAAPI_W.DLL
2013-10-13 07:39 - 2006-08-11 10:05 - 00051768 _____ (Roxio) C:\WINDOWS\system32\Drivers\DRVNDDM.SYS
2013-10-13 07:39 - 2006-08-11 09:35 - 00028184 _____ (Roxio) C:\WINDOWS\system32\Drivers\DLARTL_M.SYS
2013-10-13 07:39 - 2006-08-11 09:35 - 00012920 _____ (Roxio) C:\WINDOWS\system32\Drivers\DLACDBHM.SYS
2013-10-13 07:39 - 2006-07-21 10:21 - 00099176 _____ (Sonic Solutions) C:\WINDOWS\system32\Drivers\DRVMCDB.SYS
2013-10-13 07:38 - 2013-10-13 07:38 - 00000995 _____ C:\Documents and Settings\All Users\Start Menu\Program Updates.lnk
2013-10-13 07:36 - 2013-10-13 07:46 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Roxio
2013-10-13 07:36 - 2013-10-13 07:40 - 00000000 ____D C:\Program Files\Common Files\Sonic Shared
2013-10-13 07:36 - 2013-10-13 07:38 - 00000000 ____D C:\Program Files\Common Files\Roxio Shared
2013-10-13 07:34 - 2013-10-13 07:39 - 00000000 ____D C:\Program Files\Roxio
2013-10-13 07:02 - 2013-10-13 07:02 - 00000000 ____D C:\Documents and Settings\Mike\Local Settings\Application Data\Help
2013-10-13 07:02 - 2013-10-13 07:02 - 00000000 ____D C:\Documents and Settings\Mike\Application Data\Help
2013-10-13 05:35 - 2013-10-13 05:35 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-10-13 05:26 - 2013-10-13 05:38 - 00000000 ____D C:\Documents and Settings\Mike\Local Settings\Application Data\Akamai
2013-10-13 05:26 - 2013-10-13 05:26 - 00000000 ____D C:\Program Files\7-Zip
2013-10-13 05:26 - 2013-10-13 05:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
2013-10-13 05:25 - 2013-10-13 05:25 - 00000000 ___RD C:\Program Files\Skype
2013-10-13 05:25 - 2013-10-13 05:25 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-10-13 05:25 - 2013-10-13 05:25 - 00000000 ____D C:\Program Files\Bonjour
2013-10-13 05:25 - 2013-10-13 05:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Xfire2
2013-10-13 05:25 - 2013-10-13 05:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2013-10-11 15:21 - 2013-10-11 15:53 - 00000300 _____ C:\WINDOWS\Tasks\RunOW.job
2013-10-11 15:20 - 2013-10-13 05:25 - 00000000 ____D C:\Documents and Settings\Mike\Local Settings\Application Data\Overwolf
2013-10-11 15:00 - 2013-10-11 15:43 - 00000148 _____ C:\WINDOWS\system32\QuickTime.qtp
2013-10-11 14:59 - 2013-10-13 05:25 - 00000000 ____D C:\WINDOWS\system32\QuickTime
2013-10-11 14:59 - 2013-10-11 14:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\QuickTime
2013-10-11 14:46 - 2011-08-30 22:05 - 00073064 _____ (Apple Inc.) C:\WINDOWS\system32\dnssd.dll
2013-10-10 02:23 - 2013-10-13 06:29 - 00259197 _____ C:\WINDOWS\KB2862335.log
2013-10-10 02:23 - 2013-10-13 06:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-10 02:23 - 2013-10-13 06:29 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-10 02:11 - 2013-10-13 06:22 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-10 02:10 - 2013-10-13 06:22 - 00022208 _____ C:\WINDOWS\KB2868038.log
2013-10-10 02:08 - 2013-10-13 06:21 - 00023026 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-10 02:08 - 2013-10-13 06:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-10 02:08 - 2013-10-13 06:21 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-09 23:09 - 2013-07-16 19:58 - 00123008 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbvideo.sys
2013-10-09 23:09 - 2013-07-16 19:58 - 00046848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\irbus.sys
2013-10-09 23:08 - 2013-10-13 06:29 - 00264450 _____ C:\WINDOWS\KB2847311.log
2013-10-09 23:08 - 2013-07-02 21:12 - 00025088 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\hidparse.sys
2013-10-09 23:07 - 2013-08-08 19:55 - 00144128 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbport.sys
2013-10-09 23:07 - 2013-08-08 19:55 - 00005376 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbd.sys
2013-10-09 23:07 - 2009-03-18 06:02 - 00030336 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\usbehci.sys

==================== One Month Modified Files and Folders =======

2013-11-05 13:06 - 2013-11-05 13:06 - 00000000 ____D C:\FRST
2013-11-05 12:25 - 2012-11-03 16:54 - 00000882 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-05 12:14 - 2012-08-27 17:39 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-11-05 10:37 - 2013-11-05 10:37 - 00001457 _____ C:\Documents and Settings\Mike\Desktop\JRT.txt
2013-11-05 10:30 - 2012-08-16 16:38 - 00000316 ____H C:\WINDOWS\Tasks\avast! Emergency Update.job
2013-11-05 10:30 - 2012-08-16 16:19 - 01719350 _____ C:\WINDOWS\WindowsUpdate.log
2013-11-05 10:30 - 2001-08-23 07:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-11-05 10:29 - 2012-08-16 10:47 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-11-05 10:29 - 2012-08-16 10:47 - 00000049 _____ C:\WINDOWS\wiaservc.log
2013-11-05 10:28 - 2013-06-08 06:13 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2013-11-05 10:28 - 2013-06-04 00:21 - 00000350 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-11-05 10:28 - 2012-11-03 16:54 - 00000878 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-05 10:28 - 2012-08-16 14:53 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-11-05 10:27 - 2012-08-16 14:59 - 00032528 _____ C:\WINDOWS\SchedLgU.Txt
2013-11-05 10:27 - 2012-08-16 14:59 - 00000278 ___SH C:\Documents and Settings\Mike\ntuser.ini
2013-11-05 10:25 - 2013-11-05 10:25 - 00000000 ____D C:\WINDOWS\ERUNT
2013-11-05 10:20 - 2012-08-16 14:59 - 00000000 ____D C:\Documents and Settings\Mike
2013-11-05 10:18 - 2013-11-05 10:13 - 00000000 ____D C:\AdwCleaner
2013-11-05 10:02 - 2013-11-05 10:02 - 00000526 _____ C:\Documents and Settings\Mike\Desktop\Shortcut to AdwCleaner.lnk
2013-11-04 18:18 - 2013-07-02 05:55 - 00013446 _____ C:\WINDOWS\system32\nvAppTimestamps
2013-11-04 15:28 - 2012-09-01 03:09 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-11-04 15:23 - 2013-10-14 12:32 - 00000031 _____ C:\WINDOWS\QUICKEN.INI
2013-11-04 15:22 - 2013-09-12 09:16 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Ulead Systems
2013-11-04 15:22 - 2012-08-16 15:04 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-11-04 15:13 - 2013-11-04 15:13 - 00115922 _____ C:\Documents and Settings\Mike\Desktop\OTL.Txt
2013-11-04 14:18 - 2013-09-12 13:18 - 00000095 _____ C:\Documents and Settings\Mike\Application Data\WB.CFG
2013-11-04 14:18 - 2013-06-27 13:18 - 00000006 _____ C:\Documents and Settings\Mike\Application Data\WBPU-TTL.DAT
2013-11-04 14:18 - 2013-05-27 13:18 - 00000406 _____ C:\WINDOWS\Tasks\At1.job
2013-11-04 14:02 - 2012-10-09 13:48 - 00078848 _____ C:\Documents and Settings\Mike\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-11-04 13:56 - 2012-08-16 10:44 - 00060842 _____ C:\WINDOWS\setupapi.log
2013-11-04 13:51 - 2013-09-10 07:26 - 00000000 ____D C:\Program Files\Savings Bond Wizard
2013-11-04 06:49 - 2012-08-16 10:45 - 00628518 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2013-11-03 14:18 - 2013-07-27 13:18 - 00000115 _____ C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2013-11-03 14:18 - 2013-06-16 13:18 - 00000006 _____ C:\Documents and Settings\NetworkService\Application Data\WBPU-TTL.DAT
2013-11-02 19:59 - 2012-10-09 14:36 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-11-02 11:42 - 2012-08-16 20:04 - 00000000 ____D C:\Documents and Settings\Mike\Local Settings\Application Data\PMB Files
2013-11-02 11:42 - 2012-08-16 20:04 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\PMB Files
2013-10-30 07:17 - 2012-08-21 14:50 - 00000178 ___SH C:\Documents and Settings\UpdatusUser\ntuser.ini
2013-10-30 05:49 - 2013-10-30 05:49 - 00000000 ____D C:\Documents and Settings\Mike\My Documents\VideoPad Projects
2013-10-30 05:44 - 2013-10-30 05:44 - 00000817 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Express Burn.lnk
2013-10-30 05:44 - 2013-10-30 05:44 - 00000811 _____ C:\Documents and Settings\All Users\Desktop\Express Burn.lnk
2013-10-30 05:44 - 2013-10-30 05:44 - 00000290 _____ C:\WINDOWS\Tasks\ExpressBurnSevenDays.job
2013-10-30 05:44 - 2013-10-30 05:44 - 00000000 ____D C:\Documents and Settings\Mike\Start Menu\Programs\NCH Software Suite
2013-10-30 05:44 - 2013-10-30 05:44 - 00000000 ____D C:\Documents and Settings\Mike\Application Data\NCH Software
2013-10-30 05:44 - 2013-10-30 05:44 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\NCH Software
2013-10-30 05:44 - 2013-10-30 05:42 - 00000000 ____D C:\Program Files\NCH Software
2013-10-30 05:43 - 2013-10-30 05:43 - 00000805 _____ C:\Documents and Settings\All Users\Start Menu\Programs\VideoPad Video Editor.lnk
2013-10-30 05:43 - 2013-10-30 05:43 - 00000799 _____ C:\Documents and Settings\All Users\Desktop\VideoPad Video Editor.lnk
2013-10-30 05:43 - 2013-10-30 05:43 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\NCH Software Suite
2013-10-29 15:15 - 2013-09-12 09:44 - 00000000 ____D C:\Documents and Settings\Mike\My Documents\Ulead VideoStudio
2013-10-29 15:14 - 2013-10-29 15:14 - 00000000 ____D C:\SmartSound Software
2013-10-29 15:13 - 2013-10-29 15:13 - 00000000 ____D C:\Program Files\SmartSound Software
2013-10-29 15:13 - 2013-10-29 15:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc
2013-10-29 15:12 - 2012-08-19 09:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Apple Computer
2013-10-29 15:11 - 2012-08-16 15:04 - 00000000 ____D C:\Program Files\Common Files\InstallShield
2013-10-29 15:10 - 2013-10-29 14:52 - 141606188 _____ (Ulead Systems ) C:\Documents and Settings\Mike\Desktop\uvs10_tbyb_(e)_na.exe
2013-10-29 13:10 - 2013-10-29 12:06 - 00000000 ____D C:\Program Files\Common Files\Web Solution Mart
2013-10-29 13:06 - 2012-08-16 16:14 - 00146089 _____ C:\WINDOWS\wmsetup.log
2013-10-29 12:05 - 2013-10-29 12:05 - 00000000 ____D C:\Documents and Settings\Mike\Local Settings\Application Data\WMTools Downloaded Files
2013-10-27 06:46 - 2013-10-27 06:46 - 00001542 _____ C:\Documents and Settings\All Users\Desktop\iTunes.lnk
2013-10-27 06:46 - 2013-10-27 06:46 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2013-10-27 06:46 - 2013-10-27 06:45 - 00000000 ____D C:\Program Files\iTunes
2013-10-27 06:46 - 2013-10-27 06:45 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-10-27 06:45 - 2013-10-27 06:45 - 00000000 ____D C:\Program Files\iPod
2013-10-27 06:45 - 2012-10-09 14:34 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-10-25 06:16 - 2013-10-25 06:16 - 00000000 ____D C:\Program Files\Common Files\Java
2013-10-25 06:15 - 2013-10-25 06:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java Development Kit
2013-10-25 06:15 - 2013-10-25 06:15 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Java
2013-10-25 06:15 - 2013-10-25 06:13 - 00004705 _____ C:\WINDOWS\system32\jupdate-1.7.0_45-b18.log
2013-10-25 06:15 - 2013-04-21 19:11 - 00000000 ____D C:\Program Files\Java
2013-10-24 05:26 - 2012-08-27 15:48 - 00000426 _____ C:\WINDOWS\nsw.log
2013-10-23 10:01 - 2013-03-27 12:31 - 00000000 ____D C:\WINDOWS\system32\LogFiles
2013-10-22 09:21 - 2013-10-22 09:21 - 00000400 _____ C:\Documents and Settings\Mike\Desktop\Shortcut to Local Area Connection.lnk
2013-10-21 08:26 - 2012-08-16 16:52 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-10-21 08:25 - 2013-10-21 08:25 - 00000000 _____ C:\WINDOWS\EEventManager.INI
2013-10-18 12:07 - 2013-10-18 10:23 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-10-17 07:25 - 2013-10-16 13:39 - 00000000 ____D C:\Documents and Settings\Mike\Application Data\Epson
2013-10-16 13:44 - 2013-10-16 13:34 - 00000079 _____ C:\WINDOWS\EWF845.ini
2013-10-16 13:41 - 2013-10-16 13:39 - 00000000 ____D C:\Program Files\Common Files\EPSON
2013-10-16 13:41 - 2013-10-16 13:37 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\EPSON
2013-10-16 13:40 - 2013-10-16 13:40 - 00000000 ____D C:\Program Files\EpsonNet
2013-10-16 13:40 - 2013-10-16 13:40 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Epson
2013-10-16 13:40 - 2012-08-30 15:46 - 00000000 ____D C:\Program Files\EPSON
2013-10-16 13:39 - 2013-10-16 13:39 - 00000000 ____D C:\Documents and Settings\Mike\Start Menu\Programs\EPSON Software
2013-10-16 13:39 - 2013-10-16 13:39 - 00000000 ____D C:\Documents and Settings\Mike\Application Data\InstallShield
2013-10-16 13:39 - 2013-10-16 13:38 - 00000000 ____D C:\Program Files\Epson Software
2013-10-16 13:39 - 2013-10-16 13:38 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Epson Software
2013-10-16 13:39 - 2013-10-16 13:19 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\EPSON
2013-10-16 13:38 - 2013-10-16 13:38 - 00000000 ____D C:\Program Files\Epson America Inc
2013-10-16 13:37 - 2013-10-16 13:37 - 00000665 _____ C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
2013-10-16 13:36 - 2012-08-16 10:40 - 00000000 ____D C:\WINDOWS\twain_32
2013-10-16 13:19 - 2013-10-16 13:19 - 00000031 _____ C:\WINDOWS\EPSMTL32.TXT
2013-10-16 13:19 - 2013-10-16 13:19 - 00000000 ____D C:\epson
2013-10-14 12:39 - 2012-08-16 16:20 - 00134896 _____ C:\Documents and Settings\Mike\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2013-10-14 12:34 - 2013-10-14 12:34 - 00000000 ____D C:\Program Files\Common Files\AnswerWorks 5.0
2013-10-14 12:33 - 2013-10-14 12:33 - 00000000 __SHD C:\Documents and Settings\LocalService\IETldCache
2013-10-14 12:33 - 2012-08-16 14:59 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-10-14 12:32 - 2013-10-14 12:32 - 00000000 ____D C:\Documents and Settings\Mike\Application Data\Intuit
2013-10-14 12:32 - 2013-10-14 12:32 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Intuit
2013-10-14 05:17 - 2012-10-23 14:37 - 00002347 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader XI.lnk
2013-10-14 02:06 - 2012-08-31 17:59 - 00000000 ____D C:\WINDOWS\Microsoft.NET
2013-10-14 02:01 - 2013-10-14 02:01 - 00302882 _____ C:\WINDOWS\msxml4-KB954430-enu.LOG
2013-10-14 02:01 - 2013-10-14 02:01 - 00000000 ____D C:\Program Files\MSXML 4.0
2013-10-14 02:01 - 2013-10-14 02:00 - 00310790 _____ C:\WINDOWS\msxml4-KB973688-enu.LOG
2013-10-13 09:56 - 2013-10-13 07:45 - 00000000 ____D C:\Documents and Settings\Mike\Application Data\Roxio
2013-10-13 09:34 - 2013-10-13 09:34 - 00000000 ____D C:\Documents and Settings\LocalService\Application Data\Roxio
2013-10-13 08:06 - 2013-10-13 08:06 - 00000000 ____D C:\Documents and Settings\Mike\My Documents\FormatFactory
2013-10-13 07:46 - 2013-10-13 07:46 - 00000000 ____D C:\Documents and Settings\UpdatusUser\Application Data\Roxio
2013-10-13 07:46 - 2013-10-13 07:36 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Roxio
2013-10-13 07:44 - 2013-10-13 07:44 - 00000000 ____D C:\Documents and Settings\Mike\Local Settings\Application Data\Roxio
2013-10-13 07:43 - 2013-10-13 07:39 - 00000000 ____D C:\WINDOWS\system32\DLA
2013-10-13 07:43 - 2012-08-16 10:44 - 00437352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-10-13 07:41 - 2013-10-13 07:41 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\InstallShield
2013-10-13 07:41 - 2013-03-28 07:13 - 00001627 _____ C:\WINDOWS\wininit.ini
2013-10-13 07:40 - 2013-10-13 07:40 - 00001406 _____ C:\WINDOWS\xpsp1hfm.log
2013-10-13 07:40 - 2013-10-13 07:40 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Roxio Creator DE
2013-10-13 07:40 - 2013-10-13 07:40 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sonic
2013-10-13 07:40 - 2013-10-13 07:36 - 00000000 ____D C:\Program Files\Common Files\Sonic Shared
2013-10-13 07:39 - 2013-10-13 07:39 - 00000103 _____ C:\WINDOWS\system32\ROXECDC6Inst.log
2013-10-13 07:39 - 2013-10-13 07:39 - 00000000 ____D C:\Program Files\Common Files\SureThing Shared
2013-10-13 07:39 - 2013-10-13 07:34 - 00000000 ____D C:\Program Files\Roxio
2013-10-13 07:38 - 2013-10-13 07:38 - 00000995 _____ C:\Documents and Settings\All Users\Start Menu\Program Updates.lnk
2013-10-13 07:38 - 2013-10-13 07:36 - 00000000 ____D C:\Program Files\Common Files\Roxio Shared
2013-10-13 07:02 - 2013-10-13 07:02 - 00000000 ____D C:\Documents and Settings\Mike\Local Settings\Application Data\Help
2013-10-13 07:02 - 2013-10-13 07:02 - 00000000 ____D C:\Documents and Settings\Mike\Application Data\Help
2013-10-13 07:02 - 2012-08-21 15:06 - 00022551 _____ C:\WINDOWS\DirectX.log
2013-10-13 06:35 - 2012-08-27 17:48 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-13 06:29 - 2013-10-10 02:23 - 00259197 _____ C:\WINDOWS\KB2862335.log
2013-10-13 06:29 - 2013-10-10 02:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862335$
2013-10-13 06:29 - 2013-10-10 02:23 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2847311$
2013-10-13 06:29 - 2013-10-09 23:08 - 00264450 _____ C:\WINDOWS\KB2847311.log
2013-10-13 06:29 - 2012-08-27 21:16 - 00010163 _____ C:\WINDOWS\system32\lvcoinst.log
2013-10-13 06:29 - 2012-08-16 18:00 - 00180753 _____ C:\WINDOWS\updspapi.log
2013-10-13 06:29 - 2012-08-16 16:17 - 00215494 _____ C:\WINDOWS\netfxocm.log
2013-10-13 06:29 - 2012-08-16 16:16 - 00061862 _____ C:\WINDOWS\tabletoc.log
2013-10-13 06:29 - 2012-08-16 16:09 - 00086667 _____ C:\WINDOWS\medctroc.Log
2013-10-13 06:29 - 2012-08-16 10:45 - 01412685 _____ C:\WINDOWS\iis6.log
2013-10-13 06:29 - 2012-08-16 10:45 - 01239242 _____ C:\WINDOWS\FaxSetup.log
2013-10-13 06:29 - 2012-08-16 10:45 - 00618358 _____ C:\WINDOWS\ocgen.log
2013-10-13 06:29 - 2012-08-16 10:45 - 00575664 _____ C:\WINDOWS\tsoc.log
2013-10-13 06:29 - 2012-08-16 10:45 - 00423144 _____ C:\WINDOWS\comsetup.log
2013-10-13 06:29 - 2012-08-16 10:45 - 00393424 _____ C:\WINDOWS\msmqinst.log
2013-10-13 06:29 - 2012-08-16 10:45 - 00256501 _____ C:\WINDOWS\ntdtcsetup.log
2013-10-13 06:29 - 2012-08-16 10:45 - 00070311 _____ C:\WINDOWS\ocmsn.log
2013-10-13 06:29 - 2012-08-16 10:45 - 00062416 _____ C:\WINDOWS\msgsocm.log
2013-10-13 06:29 - 2012-08-16 10:45 - 00001393 _____ C:\WINDOWS\imsins.log
2013-10-13 06:29 - 2012-08-16 10:45 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-10-13 06:26 - 2013-07-21 02:02 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-13 06:24 - 2012-08-17 07:32 - 78106760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-13 06:23 - 2012-08-27 17:48 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2013-10-13 06:22 - 2013-10-10 02:11 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-10-13 06:22 - 2013-10-10 02:10 - 00022208 _____ C:\WINDOWS\KB2868038.log
2013-10-13 06:22 - 2012-08-16 10:44 - 01028322 _____ C:\WINDOWS\setupapi.log.0.old
2013-10-13 06:21 - 2013-10-10 02:08 - 00023026 _____ C:\WINDOWS\KB2879017-IE8.log
2013-10-13 06:21 - 2013-10-10 02:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2883150$
2013-10-13 06:21 - 2013-10-10 02:08 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2862330$
2013-10-13 06:09 - 2013-09-12 09:19 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2013-10-13 05:38 - 2013-10-13 05:26 - 00000000 ____D C:\Documents and Settings\Mike\Local Settings\Application Data\Akamai
2013-10-13 05:35 - 2013-10-13 05:35 - 00001689 _____ C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
2013-10-13 05:34 - 2012-08-16 14:53 - 00002625 _____ C:\WINDOWS\system32\CONFIG.NT
2013-10-13 05:32 - 2012-08-16 14:59 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-10-13 05:32 - 2012-08-16 14:50 - 00000000 ____D C:\WINDOWS\Registration
2013-10-13 05:26 - 2013-10-13 05:26 - 00000000 ____D C:\Program Files\7-Zip
2013-10-13 05:26 - 2013-10-13 05:26 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
2013-10-13 05:25 - 2013-10-13 05:25 - 00000000 ___RD C:\Program Files\Skype
2013-10-13 05:25 - 2013-10-13 05:25 - 00000000 ____D C:\Program Files\Common Files\Skype
2013-10-13 05:25 - 2013-10-13 05:25 - 00000000 ____D C:\Program Files\Bonjour
2013-10-13 05:25 - 2013-10-13 05:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Xfire2
2013-10-13 05:25 - 2013-10-13 05:25 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\Skype
2013-10-13 05:25 - 2013-10-11 15:20 - 00000000 ____D C:\Documents and Settings\Mike\Local Settings\Application Data\Overwolf
2013-10-13 05:25 - 2013-10-11 14:59 - 00000000 ____D C:\WINDOWS\system32\QuickTime
2013-10-13 05:25 - 2013-09-10 04:39 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2013-10-13 05:25 - 2013-09-10 04:38 - 00000000 ____D C:\Program Files\QuickTime
2013-10-13 05:25 - 2012-08-27 16:13 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Skype
2013-10-13 05:22 - 2012-08-16 14:51 - 00000000 ____D C:\WINDOWS\system32\Restore
2013-10-11 15:53 - 2013-10-11 15:21 - 00000300 _____ C:\WINDOWS\Tasks\RunOW.job
2013-10-11 15:43 - 2013-10-11 15:00 - 00000148 _____ C:\WINDOWS\system32\QuickTime.qtp
2013-10-11 14:59 - 2013-10-11 14:59 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\QuickTime
2013-10-10 02:08 - 2012-08-17 07:35 - 00000000 ____D C:\WINDOWS\ie8updates
2013-10-09 07:15 - 2012-08-27 17:38 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-10-09 07:15 - 2012-08-27 17:38 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-10-08 06:50 - 2013-10-25 06:15 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-10-08 06:46 - 2013-10-25 06:15 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2013-10-08 06:46 - 2013-10-25 06:15 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2013-10-08 06:46 - 2013-10-25 06:15 - 00174504 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2013-10-08 06:29 - 2013-10-25 06:15 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl

Files to move or delete:
====================
C:\Documents and Settings\Mike\Application Data\mBot.ini
C:\Documents and Settings\Mike\jagex_cl_loginapplet_LIVE.dat
C:\Documents and Settings\Mike\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Mike\random.dat
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Documents and Settings\Mike\Local Settings\Temp\AskPIP_FF_.exe
C:\Documents and Settings\Mike\Local Settings\Temp\burnsetup.exe
C:\Documents and Settings\Mike\Local Settings\Temp\ICReinstall_apple-application-support.exe
C:\Documents and Settings\Mike\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Mike\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Mike\Local Settings\Temp\sbwcrv.exe
C:\Documents and Settings\Mike\Local Settings\Temp\Setup.exe
C:\Documents and Settings\Mike\Local Settings\Temp\_ISDel.exe
C:\Documents and Settings\Mike\Local Settings\Temp\_ISDel_old.exe
C:\Documents and Settings\Mike\Local Settings\Temp\_Setup.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 31-10-2013
Ran by Mike at 2013-11-05 13:08:03
Running from D:\Virus removal sw
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
Could not list Security Center items. Check WMI.


==================== Installed Programs ======================

7-Zip 9.20
Adobe AIR (Version: 3.4.0.2710)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Photoshop 6.0 (Version: 6.0)
Adobe Reader XI (11.0.05) (Version: 11.0.05)
Adobe Shockwave Player 11.6 (Version: 11.6.8.638)
Akamai NetSession Interface
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Audacity 2.0.2 (Version: 2.0.2)
avast! Free Antivirus (Version: 7.0.1474.0)
Bonjour (Version: 3.0.0.10)
CameraHelperMsi (Version: 13.31.1038.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
DivX Setup (Version: 2.6.1.9)
Download Navigator (Version: 3.4.0)
Epson Connect
Epson Customer Participation (Version: 1.0.0.0)
Epson Event Manager (Version: 2.50.0001)
Epson FAX Utility (Version: 1.20.00)
Epson PC-FAX Driver
EPSON Printer Software
EPSON Scan
EPSON WorkForce 845 Series Printer Uninstall
EpsonNet Print (Version: 2.4j)
erLT (Version: 1.20.138.34)
Express Burn (Version: 4.68)
FormatFactory 3.1.1 (Version: 3.1.1)
Free Video to iPod Converter version 5.0.18.1005 (Version: 5.0.18.1005)
Free YouTube to iPod Converter version 3.10.34.1015 (Version: 3.10.34.1015)
Free YouTube to MP3 Converter version 3.11.32.918 (Version: 3.11.32.918)
Garmin Communicator Plugin (Version: 4.0.4)
Google Chrome (Version: 30.0.1599.101)
Google Update Helper (Version: 1.3.21.165)
Intel® Graphics Media Accelerator Driver
Intel® PRO Network Connections (Version: )
iSEEK AnswerWorks English Runtime (Version: 010.000.0101)
iTunes (Version: 11.1.2.32)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Java SE Development Kit 7 Update 21 (Version: 1.7.0.210)
League of Legends (Version: 1.3)
Logitech Webcam Software (Version: 2.0)
LWS Facebook (Version: 13.31.1038.0)
LWS Gallery (Version: 13.31.1038.0)
LWS Help_main (Version: 13.31.1044.0)
LWS Launcher (Version: 13.31.1038.0)
LWS Motion Detection (Version: 13.30.1395.0)
LWS Pictures And Video (Version: 13.31.1038.0)
LWS Twitter (Version: 13.30.1346.0)
LWS Video Mask Maker (Version: 13.30.1379.0)
LWS VideoEffects (Version: 13.30.1379.0)
LWS Webcam Software (Version: 13.31.1038.0)
LWS WLM Plugin (Version: 1.30.1201.0)
LWS YouTube Plugin (Version: 13.31.1038.0)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Professional Edition 2003 (Version: 11.0.8173.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Mozilla Firefox 24.0 (x86 en-US) (Version: 24.0)
Mozilla Maintenance Service (Version: 24.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NVIDIA Control Panel 320.49 (Version: 320.49)
NVIDIA GeForce Experience 1.5 (Version: 1.5)
NVIDIA Graphics Driver 320.49 (Version: 320.49)
NVIDIA HD Audio Driver 1.3.24.2 (Version: 1.3.24.2)
NVIDIA Install Application (Version: 2.1002.124.810)
NVIDIA nView 140.62 (Version: 140.62)
NVIDIA PhysX (Version: 9.13.0604)
NVIDIA PhysX System Software 9.13.0604 (Version: 9.13.0604)
NVIDIA Update 4.11.9 (Version: 4.11.9)
NVIDIA Update Components (Version: 4.11.9)
OpenAL
Pando Media Booster (Version: 2.6.0.8)
PlayMemories Home (Version: 7.0.00.11271)
QuickTime (Version: 7.74.80.86)
Roll
Roxio Creator Audio (Version: 3.3.0)
Roxio Creator Copy (Version: 3.3.0)
Roxio Creator Data (Version: 3.3.0)
Roxio Creator DE (Version: 3.3.0)
Roxio Creator Tools (Version: 3.3.0)
Roxio Drag-to-Disc (Version: 9.0)
Roxio Express Labeler (Version: 2.1.0)
Roxio MyDVD DE (Version: 9.0.116)
Roxio Update Manager (Version: 3.0.0)
Savings Bond Wizard
SigmaTel Audio (Version: 5.10.4803.0)
Skype™ 6.5 (Version: 6.5.158)
SmartSound Quicktracks Plugin (Version: 3.0.2.7)
Sonic Activation Module (Version: 1.0)
Spybot - Search & Destroy (Version: 1.6.2)
swMSM (Version: 12.0.0.1)
The Print Shop Premier Edition 5.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB898461) (Version: 1)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
Update for Zip Opener
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VideoPad Video Editor (Version: 3.14)
VisualBee for Microsoft PowerPoint (HKCU Version: V3.6)
WebFldrs XP (Version: 9.50.5318)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.9.0040.0)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series (Version: 9.00.2980)
Windows Media Format 11 runtime
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 4.20 (32-bit) (Version: 4.20.0)

==================== Restore Points =========================

13-10-2013 10:58:49 Removed Ulead VideoStudio
13-10-2013 11:08:22 Installed Ulead VideoStudio
13-10-2013 11:09:24 Installed Windows Media Format 9 Series Runtime Setup
13-10-2013 11:11:39 Installed Ulead VideoStudio
13-10-2013 11:15:15 Software Distribution Service 3.0
13-10-2013 12:00:16 Installed Ulead VideoStudio
14-10-2013 07:00:26 Software Distribution Service 3.0
14-10-2013 17:33:50 Printer Driver Amyuni Document Converter 400 Installed
15-10-2013 18:13:25 System Checkpoint
16-10-2013 18:37:55 Installed Epson Event Manager
16-10-2013 18:38:46 Installed Epson Connect
16-10-2013 18:39:22 Installed FAX Utility
16-10-2013 18:40:05 Installed EpsonNet Print
17-10-2013 12:19:52 Removed Dark Souls Prepare to Die Edition
17-10-2013 12:21:48 Removed Ulead VideoStudio
18-10-2013 14:12:29 System Checkpoint
19-10-2013 14:25:13 System Checkpoint
20-10-2013 14:29:58 System Checkpoint
21-10-2013 15:25:53 System Checkpoint
22-10-2013 15:28:47 System Checkpoint
23-10-2013 16:43:56 System Checkpoint
24-10-2013 17:27:25 System Checkpoint
25-10-2013 10:56:22 Removed Adobe Download Assistant
25-10-2013 10:57:15 Removed Ask Toolbar for Epson
25-10-2013 11:13:07 Installed Java 7 Update 45
26-10-2013 12:04:54 System Checkpoint
27-10-2013 13:23:14 System Checkpoint
28-10-2013 14:04:27 System Checkpoint
29-10-2013 15:04:32 System Checkpoint
29-10-2013 17:07:02 Installed Windows Media Format 9 Series Runtime Setup
29-10-2013 20:11:13 Installed Ulead VideoStudio
29-10-2013 20:12:26 Installed QuickTime
30-10-2013 20:43:30 System Checkpoint
31-10-2013 21:21:54 System Checkpoint
01-11-2013 21:25:22 System Checkpoint
02-11-2013 22:21:53 System Checkpoint
03-11-2013 23:22:22 System Checkpoint
04-11-2013 20:21:48 Removed Ulead VideoStudio
04-11-2013 20:23:39 Removed Quicken 2011.

==================== Hosts content: ==========================

2001-08-23 07:00 - 2013-08-01 05:58 - 00450575 ____R C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 www.10sek.com
127.0.0.1 10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 www.123fporn.info
127.0.0.1 123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Mike\APPLIC~1\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\WINDOWS\TEMP\{95DD7D7B-6DDB-4A02-973A-748D419200F8}.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{87A9E294-E389-4F04-AF62-8E7DA375DCE2}.exe
Task: C:\WINDOWS\Tasks\ExpressBurnSevenDays.job => C:\Program Files\NCH Software\ExpressBurn\expressburn.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RunOW.job => C:\Program Files\Overwolf\Overwolf.exe

==================== Loaded Modules (whitelisted) =============

2013-11-05 05:23 - 2013-11-05 03:44 - 02107904 _____ () C:\Program Files\AVAST Software\Avast\defs\13110500\algo.dll
2013-10-11 14:44 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2013-10-11 14:44 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-21 14:50 - 2013-06-21 07:02 - 02151712 _____ () C:\Program Files\NVIDIA Corporation\nview\nview.dll
2011-07-28 18:09 - 2011-07-28 18:09 - 00096112 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2001-08-23 07:00 - 2008-04-14 04:41 - 00059904 _____ () C:\WINDOWS\System32\devenum.dll
2001-08-23 07:00 - 2008-04-14 04:42 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2006-11-05 09:58 - 2006-11-05 09:58 - 00516096 _____ () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\LayoutDll9.dll
2006-11-05 09:28 - 2006-11-05 09:28 - 04587520 ____R () C:\Program Files\Common Files\Roxio Shared\9.0\DLLShared\ROXIPP41.dll
2013-10-13 07:39 - 2006-08-18 12:17 - 00056056 _____ () C:\WINDOWS\system32\DLAAPI_W.DLL

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UploadMgr => ""="Service"

==================== Faulty Device Manager Devices =============

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/05/2013 10:29:19 AM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (11/05/2013 10:22:51 AM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (11/05/2013 10:06:59 AM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (11/04/2013 05:13:26 PM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (11/04/2013 06:47:14 AM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (10/30/2013 03:18:23 PM) (Source: STacSV) (User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (10/30/2013 09:04:07 AM) (Source: Application Error) (User: )
Description: Faulting application vstudio.dat, version 10.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x6d7307a6.
Processing media-specific event for [vstudio.dat!ws!]

Error: (10/30/2013 08:37:20 AM) (Source: Application Error) (User: )
Description: Faulting application vstudio.dat, version 10.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x6d7307a6.
Processing media-specific event for [vstudio.dat!ws!]

Error: (10/29/2013 04:31:33 PM) (Source: Application Error) (User: )
Description: Fault bucket 494245576.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (10/29/2013 04:31:30 PM) (Source: Application Error) (User: )
Description: Faulting application vstudio.dat, version 10.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x6d7307a6.
Processing media-specific event for [vstudio.dat!ws!]


System errors:
=============
Error: (11/05/2013 10:31:00 AM) (Source: Service Control Manager) (User: )
Description: The Skype Updater service terminated unexpectedly. It has done this 1 time(s).

Error: (11/05/2013 10:24:27 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Driver Helper Service service hung on starting.

Error: (11/05/2013 10:23:04 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

Error: (11/04/2013 05:13:49 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

Error: (11/04/2013 06:49:21 AM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for a transaction response from the NVSvc service.

Error: (11/02/2013 06:06:03 AM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly. It has done this 1 time(s).

Error: (11/02/2013 06:05:57 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/31/2013 09:03:18 PM) (Source: Service Control Manager) (User: )
Description: The PMBDeviceInfoProvider service terminated unexpectedly. It has done this 1 time(s).

Error: (10/31/2013 09:02:40 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (10/31/2013 09:02:34 PM) (Source: Service Control Manager) (User: )
Description: The EpsonCustomerParticipation service terminated unexpectedly. It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (11/05/2013 10:29:19 AM) (Source: STacSV)(User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (11/05/2013 10:22:51 AM) (Source: STacSV)(User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (11/05/2013 10:06:59 AM) (Source: STacSV)(User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (11/04/2013 05:13:26 PM) (Source: STacSV)(User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (11/04/2013 06:47:14 AM) (Source: STacSV)(User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (10/30/2013 03:18:23 PM) (Source: STacSV)(User: NT AUTHORITY)
Description: Connection to the Storage interface failed

Error: (10/30/2013 09:04:07 AM) (Source: Application Error)(User: )
Description: vstudio.dat10.0.0.0unknown0.0.0.06d7307a6

Error: (10/30/2013 08:37:20 AM) (Source: Application Error)(User: )
Description: vstudio.dat10.0.0.0unknown0.0.0.06d7307a6

Error: (10/29/2013 04:31:33 PM) (Source: Application Error)(User: )
Description: 494245576

Error: (10/29/2013 04:31:30 PM) (Source: Application Error)(User: )
Description: vstudio.dat10.0.0.0unknown0.0.0.06d7307a6


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 3069.86 MB
Available physical RAM: 2680.73 MB
Total Pagefile: 4433.83 MB
Available Pagefile: 4041.64 MB
Total Virtual: 2047.88 MB
Available Virtual: 1950.77 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:71.46 GB) (Free:11.74 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (New Volume) (Fixed) (Total:298.09 GB) (Free:247.41 GB) NTFS
Drive e: (New Volume) (Fixed) (Total:3 GB) (Free:0.84 GB) NTFS
Drive h: (DM 32GB) (Removable) (Total:29.8 GB) (Free:17.82 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 41AB2316)
Partition 1: (Active) - (Size=71 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=3 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 816C58CA)
Partition 1: (Not Active) - (Size=298 GB) - (Type=42)

========================================================
Disk: 2 (Size: 30 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=30 GB) - (Type=0C)

==================== End Of Log ============================

Thank you for taking your time to help me.
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml

You do have the latest Java but you also have an older version which needs to be uninstalled.
First go into Control Panel, Add/Remove Software (XP) or Programs and Features (Vista/Win 7) and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)
I see:
Java SE Development Kit 7 Update 21

Java has been very vulnerable to infection so unless you absolutely need it you should not keep it.
If you must keep it:
Go into Control Panel, Java, Security and set the slider to the Highest then OK.



Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that

Are you still seeing the popups?
  • 0

#5
dmcbass

dmcbass

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 31-10-2013
Ran by Mike at 2013-11-05 14:14:24 Run:1
Running from D:\Virus removal sw
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKLM\...\Run: [ISUSPM Startup] - C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2006-10-03] (Macrovision Corporation)
HKLM\...\Run: [ISUSScheduler] - C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2006-10-03] (Macrovision Corporation)
HKCU\...\Run: [Memory Cleaner] - C:\Documents and Settings\Mike\Application Data\KoshyJohn.com\MemClean\MemClean.exe [791560 2013-02-03] (KoshyJohn.com)
S3 cpuz130; \??\C:\DOCUME~1\Mike\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [x]
S3 EagleXNt; \??\C:\WINDOWS\system32\drivers\EagleXNt.sys [x]
S4 hpt3xx; No ImagePath
S4 IntelIde; No ImagePath
S3 XFDriver; \??\C:\Program Files\Xfire2\XFDriver.sys [x]
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Mike\APPLIC~1\DSite\UPDATE~1\UPDATE~1.EXE
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\WINDOWS\TEMP\{95DD7D7B-6DDB-4A02-973A-748D419200F8}.exe
Task: C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\WINDOWS\TEMP\{87A9E294-E389-4F04-AF62-8E7DA375DCE2}.exeC:\Documents and Settings\Mike\Application Data\mBot.ini
C:\Documents and Settings\Mike\jagex_cl_loginapplet_LIVE.dat
C:\Documents and Settings\Mike\jagex_cl_runescape_LIVE.dat
C:\Documents and Settings\Mike\random.dat
C:\Windows\Tasks\At1.job
C:\Documents and Settings\Mike\Local Settings\Temp\AskPIP_FF_.exe
C:\Documents and Settings\Mike\Local Settings\Temp\burnsetup.exe
C:\Documents and Settings\Mike\Local Settings\Temp\ICReinstall_apple-application-support.exe
C:\Documents and Settings\Mike\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe
C:\Documents and Settings\Mike\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Mike\Local Settings\Temp\sbwcrv.exe
C:\Documents and Settings\Mike\Local Settings\Temp\Setup.exe
C:\Documents and Settings\Mike\Local Settings\Temp\_ISDel.exe
C:\Documents and Settings\Mike\Local Settings\Temp\_ISDel_old.exe
C:\Documents and Settings\Mike\Local Settings\Temp\_Setup.dll
C:\DOCUME~1\Mike\APPLIC~1\DSite
C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
C:\WINDOWS\TEMP\{95DD7D7B-6DDB-4A02-973A-748D419200F8}.exe
C:\WINDOWS\TEMP\{87A9E294-E389-4F04-AF62-8E7DA375DCE2}.exe
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSPM Startup => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ISUSScheduler => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Memory Cleaner => Value deleted successfully.
cpuz130 => Service deleted successfully.
EagleXNt => Service deleted successfully.
hpt3xx => Service deleted successfully.
IntelIde => Service deleted successfully.
XFDriver => Service deleted successfully.
C:\WINDOWS\Tasks\At1.job => Moved successfully.
C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => Moved successfully.
C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => Moved successfully.
C:\Documents and Settings\Mike\jagex_cl_loginapplet_LIVE.dat => Moved successfully.
C:\Documents and Settings\Mike\jagex_cl_runescape_LIVE.dat => Moved successfully.
C:\Documents and Settings\Mike\random.dat => Moved successfully.
"C:\Windows\Tasks\At1.job" => File/Directory not found.
C:\Documents and Settings\Mike\Local Settings\Temp\AskPIP_FF_.exe => Moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\burnsetup.exe => Moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\ICReinstall_apple-application-support.exe => Moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\jre-7u45-windows-i586-iftw.exe => Moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\Quarantine.exe => Moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\sbwcrv.exe => Moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\Setup.exe => Moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\_ISDel.exe => Moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\_ISDel_old.exe => Moved successfully.
C:\Documents and Settings\Mike\Local Settings\Temp\_Setup.dll => Moved successfully.
"C:\DOCUME~1\Mike\APPLIC~1\DSite" => File/Directory not found.
"C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job" => File/Directory not found.
"C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job" => File/Directory not found.
"C:\WINDOWS\TEMP\{95DD7D7B-6DDB-4A02-973A-748D419200F8}.exe" => File/Directory not found.
"C:\WINDOWS\TEMP\{87A9E294-E389-4F04-AF62-8E7DA375DCE2}.exe" => File/Directory not found.

==== End of Fixlog ====

I have not seen any pop ups since I started this process.
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP
Sounds like we got it all. Let's just check to see if anything is broken that needs fixing:

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.

Do you have the latest version of Avast? If you right click on the Avast ball and select About Avast! it will tell you what version you have. You want 2014.9. something. If it is not the latest then right click on the Avast ball and select Update then Program.
  • 0

#7
dmcbass

dmcbass

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 109 posts
Avast is the latest version.

Vino's Event Viewer v01c run on Windows XP in English
Report run at 06/11/2013 8:44:10 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 06/11/2013 8:36:24 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Vino's Event Viewer v01c run on Windows XP in English
Report run at 06/11/2013 8:47:41 AM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'Application' Date/Time: 06/11/2013 8:35:57 AM
Type: error Category: 0
Event: 65535 Source: STacSV
The event description cannot be found.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Thanks again for your help.
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 20,001 posts
  • MVP

Log: 'System' Date/Time: 06/11/2013 8:36:24 AM
Type: error Category: 0
Event: 7009 Source: Service Control Manager
Timeout (30000 milliseconds) waiting for the Roxio Hard Drive Watcher 9 service to connect.


This is something you don't really need from Roxio that is hangins so just turn it off:

1) Go to Start>Run, type in services.msc and hit enter.
2) Look in the list for "Roxio Hard Drive Watcher 9"
3) Right click on the service and select Properties. Change the Startup type: from Automatic to Manual. OK.
4) Reboot for the setting to take effect.


Tonight before you go to bed:

First mute the speakers so it won't wake you up when Windows loads.

Click on the Orange ball. Click on Scans. Change Quickscan to Boot-time Scan. Click on Settings. Where it says Heuristic Sensitivity click on the last rectangle so that all of them are orange and it says High. Check both boxes. Then change When a threat is found ... to: Move to Chest. OK. Now click on Start. Close the Avast window and then reboot. The scan will start. It will tell you where it will save the report. Usually it's
C:\Documents and Settings\All Users\Application Data\AVAST Software\Avast\report\aswBoot.txt but it might change so verify the location. When Windows loads Click on the Orange Ball then Scan, Then Scan History (at the bottom of the page). Click on the last scan and then Detailed Report. If it found anything then open the aswBoot.txt file and copy and paste it. If you can't find it then take a screen shot of the Detailed Report:


Press the Alt + the Print Screen key on your keyboard. It may be labeled [PrtScn].

Open Microsoft Paint (All Programs, Accessories,Paint).

Go to the Edit menu and choose Paste (or just do Ctrl + v) and the image should appear.


Go to the File Menu and choose Save As.

Navigate to the folder where you want to save the image. (Desktop)

Type a file name for the image: Avast

Select a file type. jpeg

Click the Save button.

Attach Avast.jpg to your Reply.

(Start a Reply. Click on the Browse button, point it at your desktop and click on Avast.jpg then Open. Now click on Attach this File)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP