Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Possible Virus; screen goes to black during boot, but could be sound d


  • Please log in to reply

#1
SandyStone

SandyStone

    Member

  • Member
  • PipPip
  • 69 posts
I was on the web trying to find a sound recorder that does not require "stereo-mix" or using a plug that goes form the headphone jack to the microphone jack to record sound, the sound needs to be fixed up with Audacity to be decent. I was also attempting to up grade my audio drivers, because the sound is crackley at times, but it has been that way for a long while.

Anyway, to get to the point, I acquired a virus somewhere along the way. In Firefox, when I opened a secondary tab, the page would be set to a search provider, powered by Bing.(Conduit.com) So I used Malwarebytes and found a fair amount of junk, that I then removed. Firefox was still behaving the same so I Manually tried to reset the tabs settings in Firefox and deleted browsing data. The problem remained so I searched for conduit with Revo Uninstaller and deleted all entries found. The problem remained so I went into the registry and searched for conduit and changed the values of the entries. There is one entry that I could not change - "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_CLTMNGSVC\0000" Search Protect By Conduit Service is found there. I am not sure if this is an invader or not.

The problem remained, so I uninstalled Firefox with Revo Uninstaller and then reinstalled it. That seems to have fixed the Firefox issue.

I also have IE 8, that I do not use as much, which I also reinstalled, as a cautionary method.

But the main issue that I am having, is that during start up, the screen goes black for 65 seconds before proceeding to the log-in screen. Things function normally after this, except for a little bit of mouse drag.I don't know if this is because I was messing around with the sound drivers, or if it is because it is virus related or maybe both. I also did a system restore to an earlier point to try and fix the black screen issue/driver issue, with out any results.


Here is the OTL scan:

Attached File  OTL.Txt   68.34KB   105 downloads

OTL logfile created on: 12/26/2013 1:20:16 PM - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Infinite Library\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.09 Mb Total Physical Memory | 533.93 Mb Available Physical Memory | 52.24% Memory free
2.47 Gb Paging File | 2.14 Gb Available in Paging File | 86.83% Paging File free
Paging file location(s): C:\pagefile.sys 1600 3100 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 229.77 Gb Total Space | 154.54 Gb Free Space | 67.26% Space Free | Partition Type: NTFS
Drive F: | 931.51 Gb Total Space | 257.68 Gb Free Space | 27.66% Space Free | Partition Type: NTFS
Drive G: | 2794.52 Gb Total Space | 2453.34 Gb Free Space | 87.79% Space Free | Partition Type: NTFS

Computer Name: DIMENSION9150 | User Name: Infinite Library | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/26 12:18:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Infinite Library\Desktop\OTL.exe
PRC - [2013/11/07 05:17:30 | 000,269,848 | ---- | M] (Tonec Inc.) -- C:\Program Files\Internet Download Manager\IEMonitor.exe
PRC - [2013/10/27 00:29:04 | 000,182,696 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2013/10/16 07:07:44 | 000,130,248 | ---- | M] (Sandboxie Holdings, LLC) -- C:\Program Files\Sandboxie\SbieSvc.exe
PRC - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013/04/04 13:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/07/06 06:14:30 | 000,090,112 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe


========== Modules (No Company Name) ==========

MOD - [2004/12/16 09:15:10 | 000,073,728 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\dlbxPP5C.DLL


========== Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2013/12/05 13:36:33 | 000,119,408 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/10/27 00:29:04 | 000,182,696 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/10/16 07:07:44 | 000,130,248 | ---- | M] (Sandboxie Holdings, LLC) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV - [2013/04/04 13:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013/04/04 13:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2007/03/07 14:47:46 | 000,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/07/06 06:14:30 | 000,090,112 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
SRV - [2004/12/16 09:26:58 | 000,462,848 | ---- | M] (Dell) [On_Demand | Stopped] -- C:\WINDOWS\system32\dlbxcoms.exe -- (dlbx_device)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\wanatw4.sys -- (wanatw)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\12.tmp -- (MEMSWEEP2)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - [2013/11/27 18:24:18 | 000,121,184 | ---- | M] (Tonec Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\idmtdi.sys -- (IDMTDI)
DRV - [2013/10/16 07:07:40 | 000,159,840 | ---- | M] (Sandboxie Holdings, LLC) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV - [2013/04/04 13:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2013/01/03 00:18:04 | 000,030,984 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2010/11/04 14:18:04 | 000,102,728 | ---- | M] (Matrox Graphics Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\MxEFUF32.sys -- (MxEFUF)
DRV - [2010/02/11 08:38:10 | 003,565,056 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2009/12/30 10:20:56 | 000,027,064 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\revoflt.sys -- (Revoflt)
DRV - [2007/02/25 11:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 15:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2006/03/01 19:30:54 | 000,618,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC52.sys -- (IntelC52)
DRV - [2005/06/14 22:40:08 | 000,180,864 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2005/05/06 13:42:26 | 001,339,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC51.sys -- (IntelC51)
DRV - [2005/05/06 13:40:50 | 000,047,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\IntelC53.sys -- (IntelC53)
DRV - [2005/05/06 13:40:20 | 000,036,880 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mohfilt.sys -- (mohfilt)
DRV - [2004/03/24 10:12:44 | 000,004,272 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\bvrp_pci.sys -- (bvrp_pci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}
IE - HKLM\..\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}: "URL" = http://www.ask.com/w...q={SEARCHTERMS}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\..\URLSearchHook: {d1e06b91-60e6-4492-af9f-53043fa32716} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {7C25484A-2547-467A-B24F-F84BECA2CA8A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4EF1AA21-9C2B-45BA-B94E-52B75F18DE2A}: "URL" = https://duckduckgo.c...q={searchTerms}
IE - HKCU\..\SearchScopes\{7C25484A-2547-467A-B24F-F84BECA2CA8A}: "URL" = https://startpage.co...anguage=english
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Startpage (SSL)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.danier.co...|666666&mc=yes"
FF - prefs.js..extensions.enabledAddons: mozilla_cc%40internetdownloadmanager.com:7.3.67
FF - prefs.js..extensions.enabledAddons: client%40anonymox.net:2.1.1
FF - prefs.js..extensions.enabledAddons: %7Bd9891a46-b4e2-4afd-a15a-d8f05f13e5d4%7D:1.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:26.0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter: C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll File not found
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 26.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\WordWeb\WCaptureMoz
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Documents and Settings\Infinite Library\Application Data\IDM\idmmzcc5 [2013/12/11 21:06:31 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\[email protected]: C:\Documents and Settings\Infinite Library\Application Data\IDM\idmmzcc5 [2013/12/11 21:06:31 | 000,000,000 | ---D | M]

[2013/12/25 18:53:57 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Extensions
[2013/12/25 18:53:08 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\extensions
[2013/12/25 18:53:38 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\m30igwvd.default\extensions
[2013/12/25 18:53:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\m30igwvd.default\extensions\staged
[2013/12/25 12:37:19 | 000,355,782 | ---- | M] () (No name found) -- C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\extensions\[email protected]
[2013/12/25 12:38:42 | 000,915,554 | ---- | M] () (No name found) -- C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013/12/25 16:16:25 | 000,008,359 | ---- | M] () (No name found) -- C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\extensions\{d9891a46-b4e2-4afd-a15a-d8f05f13e5d4}.xpi
[2013/12/25 12:27:35 | 000,000,931 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\dictionary.xml
[2013/12/25 12:27:08 | 000,010,345 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\duckduckgo.xml
[2013/12/25 12:28:27 | 000,002,325 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\startpage-ssl.xml
[2013/12/25 12:27:25 | 000,001,679 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\thepiratebayorg.xml
[2013/12/25 12:18:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/12/25 12:18:50 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/12/11 21:06:31 | 000,000,000 | ---D | M] (IDM CC) -- C:\DOCUMENTS AND SETTINGS\Infinite Library\APPLICATION DATA\IDM\IDMMZCC5

O1 HOSTS File: ([2011/06/03 15:30:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4 - HKLM..\Run: [DLBXCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.DLL ()
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (Sandboxie Holdings, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://static.harper...geUploader5.cab (Image Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1358707821750 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 10.45.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B15E3F6-379A-42EA-BEC4-DE2C5EC62154}: DhcpNameServer = 192.168.0.1
O20 - AppInit_DLLs: (C:\PROGRA~1\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2013/04/26 23:27:48 | 000,000,000 | RH-D | M] - F:\autorun -- [ NTFS ]
O32 - AutoRun File - [2004/01/22 14:47:00 | 000,000,038 | RH-- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2013/04/27 09:37:21 | 000,000,000 | RH-D | M] - G:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 06:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/26 12:18:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Infinite Library\Desktop\OTL.exe
[2013/12/25 18:53:57 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service
[2013/12/25 18:53:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Infinite Library\Recent
[2013/12/25 18:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mysearchdial
[2013/12/25 18:53:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Infinite Library\Local Settings\Application Data\Google
[2013/12/25 18:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/12/25 13:35:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2013/12/25 13:02:30 | 016,883,056 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2013/12/25 12:18:48 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013/12/25 12:15:13 | 000,282,992 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup Stub 26.0.exe
[2013/12/25 08:01:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Infinite Library\Desktop\mbar
[2013/12/25 01:22:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2013/12/24 18:36:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Infinite Library\Application Data\Cool Record Edit Pro
[2013/12/24 18:24:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Infinite Library\My Documents\Free Sound Recorder
[2013/12/24 02:19:20 | 000,204,496 | ---- | C] (Malwarebytes) -- C:\Program Files\startuplite-setup-1.07.exe
[2013/12/23 20:04:05 | 000,044,032 | ---- | C] (NirSoft) -- C:\WINDOWS\nircmd.exe
[2013/12/23 18:57:53 | 000,000,000 | ---D | C] -- C:\Program Files\NirCmd - Mute Sound Via Hot Keys
[2013/12/21 21:34:50 | 000,000,000 | ---D | C] -- C:\Program Files\HDAQFE
[2013/12/16 04:10:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
[2013/12/10 19:41:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Infinite Library\My Documents\AVS4YOU
[2013/12/10 02:00:45 | 000,000,000 | ---D | C] -- C:\Program Files\Aegisub-3.0.2-32
[2013/12/07 01:22:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sony
[2013/12/07 01:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Infinite Library\Application Data\Publish Providers
[2013/11/30 15:03:23 | 000,000,000 | ---D | C] -- C:\Program Files\Ffmpeg For Audacity

========== Files - Modified Within 30 Days ==========

[2013/12/26 13:25:14 | 000,000,444 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job
[2013/12/26 13:21:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2013/12/26 12:18:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Infinite Library\Desktop\OTL.exe
[2013/12/26 09:20:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/26 09:19:39 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
[2013/12/26 09:19:39 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
[2013/12/26 09:18:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/26 09:17:31 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/25 19:20:23 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Application Data\Microsoft\Internet Explorer\Quick Launch\Unmute Volume CTRL+U.lnk
[2013/12/25 19:20:20 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Application Data\Microsoft\Internet Explorer\Quick Launch\Mute Volume CRTL+M.lnk
[2013/12/25 19:19:48 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2013/12/25 13:44:42 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/12/25 13:04:28 | 016,883,056 | ---- | M] (Microsoft Corporation) -- C:\Program Files\IE8-WindowsXP-x86-ENU.exe
[2013/12/25 12:18:59 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/12/25 12:18:52 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/12/25 12:15:24 | 000,282,992 | ---- | M] (Mozilla) -- C:\Program Files\Firefox Setup Stub 26.0.exe
[2013/12/25 08:02:25 | 000,051,416 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/12/25 07:36:36 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/12/25 07:36:36 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/12/25 01:22:14 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/12/25 01:18:48 | 000,755,792 | ---- | M] () -- C:\Program Files\cc_setup.exe
[2013/12/24 23:54:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
[2013/12/24 22:19:28 | 000,000,107 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Desktop\TPV.m3u
[2013/12/24 03:42:16 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013/12/24 03:00:49 | 000,309,374 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Desktop\untitled.bmp
[2013/12/24 02:19:22 | 000,204,496 | ---- | M] (Malwarebytes) -- C:\Program Files\startuplite-setup-1.07.exe
[2013/12/23 21:01:06 | 000,000,954 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Desktop\Unmute Volume CTRL+U.lnk
[2013/12/23 21:00:35 | 000,000,946 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Desktop\Mute Volume CRTL+M.lnk
[2013/12/23 20:34:45 | 000,002,450 | ---- | M] () -- C:\WINDOWS\Sandboxie.ini
[2013/12/22 21:33:44 | 000,000,846 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Desktop\AVS4YOUSoftwareNavigator.lnk
[2013/12/20 16:18:15 | 000,000,434 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Application Data\Microsoft\Internet Explorer\Quick Launch\Vinyl Library.lnk
[2013/12/19 20:27:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/12/16 04:10:31 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk
[2013/12/15 18:43:13 | 000,000,419 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Application Data\Microsoft\Internet Explorer\Quick Launch\Dracula.lnk
[2013/12/13 22:06:50 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Desktop\KINGSTON DATA TRAVLER (H).lnk
[2013/12/11 17:05:25 | 000,145,216 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/10 03:22:55 | 000,000,472 | ---- | M] () -- C:\Documents and Settings\Infinite Library\My Documents\My Pictures.lnk
[2013/12/09 13:01:17 | 000,000,477 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player Library.lnk
[2013/12/08 02:17:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
[2013/12/03 19:23:27 | 000,000,859 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Application Data\Microsoft\Internet Explorer\Quick Launch\IDM Downloads.lnk
[2013/11/28 23:03:04 | 000,000,659 | ---- | M] () -- C:\Documents and Settings\Infinite Library\Application Data\Microsoft\Internet Explorer\Quick Launch\The Daily Show.lnk
[2013/11/27 18:24:18 | 000,121,184 | ---- | M] (Tonec Inc.) -- C:\WINDOWS\System32\drivers\idmtdi.sys

========== Files Created - No Company Name ==========

[2013/12/25 19:20:23 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\Microsoft\Internet Explorer\Quick Launch\Unmute Volume CTRL+U.lnk
[2013/12/25 19:20:20 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\Microsoft\Internet Explorer\Quick Launch\Mute Volume CRTL+M.lnk
[2013/12/25 19:19:48 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\Microsoft\Internet Explorer\Quick Launch\CCleaner.lnk
[2013/12/25 12:18:59 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/12/25 12:18:52 | 000,000,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2013/12/25 12:18:52 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2013/12/25 11:46:31 | 1071,812,608 | -HS- | C] () -- C:\hiberfil.sys
[2013/12/25 01:22:14 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2013/12/25 01:21:07 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\At1.job
[2013/12/25 01:18:40 | 000,755,792 | ---- | C] () -- C:\Program Files\cc_setup.exe
[2013/12/24 22:19:28 | 000,000,107 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Desktop\TPV.m3u
[2013/12/24 03:00:49 | 000,309,374 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Desktop\untitled.bmp
[2013/12/23 20:57:04 | 000,000,954 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Desktop\Unmute Volume CTRL+U.lnk
[2013/12/23 20:53:50 | 000,000,946 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Desktop\Mute Volume CRTL+M.lnk
[2013/12/22 21:33:44 | 000,000,846 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Desktop\AVS4YOUSoftwareNavigator.lnk
[2013/12/15 18:43:13 | 000,000,419 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\Microsoft\Internet Explorer\Quick Launch\Dracula.lnk
[2013/12/10 03:22:55 | 000,000,472 | ---- | C] () -- C:\Documents and Settings\Infinite Library\My Documents\My Pictures.lnk
[2013/12/09 13:01:17 | 000,000,477 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player Library.lnk
[2013/12/03 19:23:27 | 000,000,859 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\Microsoft\Internet Explorer\Quick Launch\IDM Downloads.lnk
[2013/10/07 12:54:36 | 000,002,450 | ---- | C] () -- C:\WINDOWS\Sandboxie.ini
[2013/05/26 10:48:29 | 018,158,493 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Local Settings\Application Data\OcrMap.bin
[2013/05/26 00:07:08 | 000,002,310 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\ASSDraw3.cfg
[2013/05/21 18:05:16 | 002,216,480 | ---- | C] () -- C:\WINDOWS\wweb32.dll
[2013/05/02 22:17:05 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\CamShapes.ini
[2013/05/02 22:17:05 | 000,000,408 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\CamLayout.ini
[2013/05/02 22:17:05 | 000,000,151 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\Camdata.ini
[2013/05/02 22:03:52 | 000,001,206 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\CamStudio.Producer.ini
[2013/05/02 22:03:52 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\CamStudio.Producer.Data.ini
[2013/05/02 22:02:06 | 000,004,577 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\CamStudio.cfg
[2013/05/02 16:42:44 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/05/02 16:38:09 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2013/05/02 16:38:05 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2013/04/30 22:18:04 | 000,000,426 | ---- | C] () -- C:\Program Files\xxGARBAGExx.lnk
[2012/10/14 17:06:32 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/10/14 17:06:32 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/10/14 17:06:28 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2012/02/15 16:15:42 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/02/04 10:32:35 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/10/23 22:16:34 | 000,778,010 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuUninstall.LiveUpdate
[2011/06/02 12:30:30 | 000,000,006 | -HS- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\date
[2011/06/02 12:30:29 | 000,000,002 | -HS- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\evf6
[2007/03/15 13:14:58 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/19 14:47:36 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\PFP120JPR.{PB
[2006/01/19 14:47:36 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Application Data\PFP120JCM.{PB
[2005/12/11 12:09:56 | 000,224,256 | ---- | C] () -- C:\Documents and Settings\Infinite Library\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2004/08/10 13:09:48 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/04/13 18:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
  • 0

Advertisements


#2
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Download : ADWCleaner to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @BleepingComputer

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and run AdwCleaner (Vista or Win 7 => right click and Run As Administrator).

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.



Junkware-Removal-Tool

Please download Junkware Removal Tool to your desktop. Make sure you get the correct Download button. Sometimes the ads on BleepingComputer will mimic the real Download button which should say: Download Now @Author's site
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.



Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
SandyStone

SandyStone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Thanks for your reply, I am not that tech savy, so this helps alot. :D

Here are the requested logs. BTW I did the JRT scan first, just because the first link you gave me linked up to it by mistake. Don't know if this matters or not. Anyway, it looks like they found some crud.


# AdwCleaner v3.016 - Report created 27/12/2013 at 17:44:06
# Updated 23/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Infinite Library - DIMENSION9150
# Running from : C:\Documents and Settings\Infinite Library\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\Infinite Library\Local Settings\Application Data\PackageAware
Folder Deleted : C:\Documents and Settings\Infinite Library\Local Settings\Application Data\Pokki
Folder Deleted : C:\Documents and Settings\Infinite Library\Application Data\Uniblue\SpeedUpMyPC
File Deleted : C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\m30igwvd.default\searchplugins\Mysearchdial.xml
File Deleted : C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\m30igwvd.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7736C7FA-512D-11E2-B871-DEC36088709B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E38FA08E-F56A-4169-ABF5-5C71E3C153A1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\SearchProtectINT
Key Deleted : HKCU\Software\Uniblue
Key Deleted : HKLM\Software\Trymedia Systems
Key Deleted : HKLM\Software\Uniblue
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NetAssistant 3.8.3
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\clickpotatolitesa
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\prefs.js ]


[ File : C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\m30igwvd.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");
Line Deleted : user_pref("browser.search.selectedEngine", "Mysearchdial");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dnldstr1202&cd=2XzuyEtN2Y1L1QzutDtDtCtBtA0FyB0BtDtC0FyDtA0CyByDtN0D0Tzu0SyBtByEtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1[...]
Line Deleted : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=axl&f=5");
Line Deleted : user_pref("extensions.facemoods.aflt", "axl");
Line Deleted : user_pref("extensions.facemoods.dfltSrch", false);
Line Deleted : user_pref("extensions.facemoods.dnsErr", false);
Line Deleted : user_pref("extensions.facemoods.firstRun", true);
Line Deleted : user_pref("extensions.facemoods.hmpg", false);
Line Deleted : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=axl");
Line Deleted : user_pref("extensions.facemoods.id", "b42f3c7500000000000000123f7b01f5");
Line Deleted : user_pref("extensions.facemoods.instlDay", "15361");
Line Deleted : user_pref("extensions.facemoods.mntz", "");
Line Deleted : user_pref("extensions.facemoods.newTab", false);
Line Deleted : user_pref("extensions.facemoods.prtnrId", "facemoods.com");
Line Deleted : user_pref("extensions.facemoods.searchProviderAdded", false);
Line Deleted : user_pref("extensions.facemoods.sid", "529af82a111e49eba3d73d6c46ffd56d");
Line Deleted : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=axl&f=3");
Line Deleted : user_pref("extensions.facemoods.vrsn", "1.4.17.11");

*************************

AdwCleaner[R0].txt - [7189 octets] - [27/12/2013 17:38:40]
AdwCleaner[S0].txt - [7207 octets] - [27/12/2013 17:44:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7267 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by Infinite Library on Fri 12/27/2013 at 17:13:06.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\nctaudiocdgrabber2.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\toolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\freeze.com
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3290520
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3298581
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}



~~~ Files

Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\trymedia"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\w3i"
Successfully deleted: [Folder] "C:\Program Files\mysearchdial"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 12/27/2013 at 17:23:31.25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2013 01
Ran by Infinite Library (administrator) on DIMENSION9150 on 27-12-2013 18:20:14
Running from C:\Documents and Settings\Infinite Library\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Puran Software) C:\WINDOWS\system32\PuranDefragS.exe
(Microsoft Corp., Veritas Software) C:\WINDOWS\system32\dmadmin.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Tonec Inc.) C:\Program Files\Internet Download Manager\IEMonitor.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [DLBXCATS] - rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [543432 2013-10-16] (Sandboxie Holdings, LLC)
HKCU\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3821136 2013-12-15] (Tonec Inc.)
HKU\Default User\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startup
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - (No Name) - {d1e06b91-60e6-4492-af9f-53043fa32716} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {4EF1AA21-9C2B-45BA-B94E-52B75F18DE2A} URL = https://duckduckgo.c...q={searchTerms}
SearchScopes: HKCU - {7C25484A-2547-467A-B24F-F84BECA2CA8A} URL = https://startpage.co...anguage=english
BHO: IDM integration (IDMIEHlprObj Class) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://static.harper...geUploader5.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default
FF DefaultSearchEngine: Startpage (SSL)
FF Homepage: hxxp://www.danier.com/leather-women-jackets-blazers-103030340-P8329.aspx?lang=en&colour=950|666666&mc=yes
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\dictionary.xml
FF SearchPlugin: C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\thepiratebayorg.xml
FF Extension: anonymoX - C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\Extensions\[email protected]
FF Extension: Adblock Plus - C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: KickassTorrents Search - C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\Extensions\{d9891a46-b4e2-4afd-a15a-d8f05f13e5d4}.xpi
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\WordWeb\WCaptureMoz
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\Infinite Library\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - C:\Documents and Settings\Infinite Library\Application Data\IDM\idmmzcc5
FF HKCU\...\SeaMonkey\Extensions: [[email protected]] - C:\Documents and Settings\Infinite Library\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - C:\Documents and Settings\Infinite Library\Application Data\IDM\idmmzcc5

========================== Services (Whitelisted) =================

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2005-08-05] ()
S3 dlbx_device; C:\WINDOWS\system32\dlbxcoms.exe [462848 2004-12-16] (Dell)
S4 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation)
R2 PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [260992 2013-08-15] (Puran Software)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [130248 2013-10-16] (Sandboxie Holdings, LLC)
S4 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [x]
S4 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [x]
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 bvrp_pci; C:\Windows\System32\Drivers\bvrp_pci.sys [4272 2004-03-24] ()
R1 IDMTDI; C:\Windows\System32\DRIVERS\idmtdi.sys [121184 2013-11-27] (Tonec Inc.)
R3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1339776 2005-05-06] (Intel Corporation)
R3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [618880 2006-03-01] (Intel Corporation)
R3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [47360 2005-05-06] (Intel Corporation)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30984 2013-01-03] (Logitech, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [36880 2005-05-06] (Intel Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [102728 2010-11-04] (Matrox Graphics Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [159840 2013-10-16] (Sandboxie Holdings, LLC)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [180864 2005-06-14] (SigmaTel, Inc.)
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\12.tmp [x]
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TlntSvr;
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-27 18:20 - 2013-12-27 18:20 - 00011048 _____ C:\Documents and Settings\Infinite Library\Desktop\FRST.txt
2013-12-27 18:19 - 2013-12-27 18:19 - 00000000 ____D C:\FRST
2013-12-27 18:18 - 2013-12-27 18:18 - 01063657 _____ (Farbar) C:\Documents and Settings\Infinite Library\Desktop\FRST.exe
2013-12-27 17:51 - 2013-12-27 17:51 - 00007347 _____ C:\Documents and Settings\Infinite Library\Desktop\AdwCleaner[S0].txt
2013-12-27 17:38 - 2013-12-27 17:44 - 00000000 ____D C:\AdwCleaner
2013-12-27 17:36 - 2013-12-27 17:36 - 01233962 _____ C:\Documents and Settings\Infinite Library\Desktop\AdwCleaner.exe
2013-12-27 17:23 - 2013-12-27 17:27 - 00004137 _____ C:\Documents and Settings\Infinite Library\Desktop\JRT.txt
2013-12-27 17:13 - 2013-12-27 17:13 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-27 17:11 - 2013-12-27 17:11 - 01034531 _____ (Thisisu) C:\Documents and Settings\Infinite Library\Desktop\JRT.exe
2013-12-26 12:28 - 2013-12-26 13:31 - 00069980 _____ C:\Documents and Settings\Infinite Library\Desktop\OTL.Txt
2013-12-26 12:18 - 2013-12-26 12:18 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Infinite Library\Desktop\OTL.exe
2013-12-25 18:53 - 2013-12-25 18:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-25 18:53 - 2013-12-25 18:53 - 00000000 ____D C:\Program Files\CCleaner
2013-12-25 18:53 - 2013-12-25 18:53 - 00000000 ____D C:\Documents and Settings\Infinite Library\Local Settings\Application Data\Google
2013-12-25 13:35 - 2013-12-25 18:54 - 00000000 __HDC C:\WINDOWS\ie8
2013-12-25 13:02 - 2013-12-25 13:04 - 16883056 _____ (Microsoft Corporation) C:\Program Files\IE8-WindowsXP-x86-ENU.exe
2013-12-25 12:18 - 2013-12-25 18:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-25 12:18 - 2013-12-25 12:18 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2013-12-25 12:18 - 2013-12-25 12:18 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-12-25 12:15 - 2013-12-25 12:15 - 00282992 _____ (Mozilla) C:\Program Files\Firefox Setup Stub 26.0.exe
2013-12-25 12:00 - 2013-12-25 17:01 - 00011231 _____ C:\Documents and Settings\Infinite Library\Desktop\links.txt
2013-12-25 08:01 - 2013-12-25 18:53 - 00000000 ____D C:\Documents and Settings\Infinite Library\Desktop\mbar
2013-12-25 01:22 - 2013-12-25 18:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2013-12-25 01:22 - 2013-12-25 01:22 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-12-25 01:21 - 2013-12-27 18:21 - 00000420 _____ C:\WINDOWS\Tasks\At1.job
2013-12-25 01:18 - 2013-12-25 01:18 - 00755792 _____ C:\Program Files\cc_setup.exe
2013-12-24 22:19 - 2013-12-24 22:19 - 00000107 _____ C:\Documents and Settings\Infinite Library\Desktop\TPV.m3u
2013-12-24 18:52 - 2013-12-24 18:52 - 00004608 ___SH C:\WINDOWS\Thumbs.db
2013-12-24 18:36 - 2013-12-24 18:36 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Cool Record Edit Pro
2013-12-24 18:24 - 2013-12-24 18:36 - 00000000 ____D C:\Documents and Settings\Infinite Library\My Documents\Free Sound Recorder
2013-12-24 03:00 - 2013-12-24 03:00 - 00309374 _____ C:\Documents and Settings\Infinite Library\Desktop\untitled.bmp
2013-12-24 02:19 - 2013-12-24 02:19 - 00204496 _____ (Malwarebytes) C:\Program Files\startuplite-setup-1.07.exe
2013-12-23 20:57 - 2013-12-23 21:01 - 00000954 _____ C:\Documents and Settings\Infinite Library\Desktop\Unmute Volume CTRL+U.lnk
2013-12-23 20:53 - 2013-12-23 21:00 - 00000946 _____ C:\Documents and Settings\Infinite Library\Desktop\Mute Volume CRTL+M.lnk
2013-12-23 20:04 - 2013-08-11 15:41 - 00044032 _____ (NirSoft) C:\WINDOWS\nircmd.exe
2013-12-23 18:57 - 2013-12-23 19:34 - 00000000 ____D C:\Program Files\NirCmd - Mute Sound Via Hot Keys
2013-12-22 21:33 - 2013-12-22 21:33 - 00000846 _____ C:\Documents and Settings\Infinite Library\Desktop\AVS4YOUSoftwareNavigator.lnk
2013-12-21 22:32 - 2013-12-21 22:32 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB835221WXP$
2013-12-21 21:47 - 2013-12-21 22:24 - 00000450 _____ C:\WINDOWS\system32\Drivers\sthdae.log
2013-12-21 21:34 - 2013-12-21 22:31 - 00000000 ____D C:\Program Files\HDAQFE
2013-12-21 20:13 - 2013-12-21 20:14 - 00005252 _____ C:\WINDOWS\KB835221Uninst.log
2013-12-16 04:10 - 2013-12-16 04:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
2013-12-11 16:19 - 2013-12-25 13:44 - 00083453 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-11 16:19 - 2013-12-11 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-11 16:18 - 2013-12-11 16:18 - 00005086 _____ C:\WINDOWS\KB2904266.log
2013-12-11 16:18 - 2013-12-11 16:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-11 16:14 - 2013-12-11 16:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-11 16:13 - 2013-12-11 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-11 16:13 - 2013-12-11 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-11 13:51 - 2013-12-11 16:19 - 00010496 _____ C:\WINDOWS\KB2898715.log
2013-12-11 13:51 - 2013-12-11 16:14 - 00010017 _____ C:\WINDOWS\KB2893984.log
2013-12-11 13:51 - 2013-12-11 16:14 - 00009302 _____ C:\WINDOWS\KB2893294.log
2013-12-11 13:51 - 2013-12-11 16:13 - 00008546 _____ C:\WINDOWS\KB2892075.log
2013-12-10 19:41 - 2013-12-10 19:41 - 00000000 ____D C:\Documents and Settings\Infinite Library\My Documents\AVS4YOU
2013-12-10 03:22 - 2013-12-10 03:22 - 00000472 _____ C:\Documents and Settings\Infinite Library\My Documents\My Pictures.lnk
2013-12-10 02:24 - 2013-12-24 18:52 - 00020480 ___SH C:\WINDOWS\system32\Thumbs.db
2013-12-10 02:00 - 2013-12-10 02:00 - 00000000 ____D C:\Program Files\Aegisub-3.0.2-32
2013-12-07 01:22 - 2013-12-07 01:22 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Publish Providers
2013-12-07 01:22 - 2013-12-07 01:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sony
2013-11-30 15:03 - 2013-11-30 15:03 - 00000000 ____D C:\Program Files\Ffmpeg For Audacity

==================== One Month Modified Files and Folders =======

2013-12-27 18:21 - 2013-12-25 01:21 - 00000420 _____ C:\WINDOWS\Tasks\At1.job
2013-12-27 18:21 - 2011-06-06 22:28 - 02140020 _____ C:\WINDOWS\pfirewall.log
2013-12-27 18:20 - 2013-12-27 18:20 - 00011048 _____ C:\Documents and Settings\Infinite Library\Desktop\FRST.txt
2013-12-27 18:19 - 2013-12-27 18:19 - 00000000 ____D C:\FRST
2013-12-27 18:19 - 2011-06-05 14:31 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\DMCache
2013-12-27 18:18 - 2013-12-27 18:18 - 01063657 _____ (Farbar) C:\Documents and Settings\Infinite Library\Desktop\FRST.exe
2013-12-27 17:51 - 2013-12-27 17:51 - 00007347 _____ C:\Documents and Settings\Infinite Library\Desktop\AdwCleaner[S0].txt
2013-12-27 17:49 - 2004-08-10 13:02 - 01479162 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-27 17:49 - 2004-08-10 12:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-27 17:48 - 2011-02-12 10:04 - 00000300 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
2013-12-27 17:48 - 2010-04-12 16:03 - 00000276 _____ C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
2013-12-27 17:48 - 2004-08-10 13:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-27 17:48 - 2004-08-10 12:59 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-27 17:48 - 2004-08-10 12:59 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-12-27 17:44 - 2013-12-27 17:38 - 00000000 ____D C:\AdwCleaner
2013-12-27 17:44 - 2009-05-07 16:25 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Uniblue
2013-12-27 17:44 - 2005-12-07 16:23 - 00000278 ___SH C:\Documents and Settings\Infinite Library\ntuser.ini
2013-12-27 17:44 - 2004-08-10 13:08 - 00032416 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-27 17:36 - 2013-12-27 17:36 - 01233962 _____ C:\Documents and Settings\Infinite Library\Desktop\AdwCleaner.exe
2013-12-27 17:27 - 2013-12-27 17:23 - 00004137 _____ C:\Documents and Settings\Infinite Library\Desktop\JRT.txt
2013-12-27 17:13 - 2013-12-27 17:13 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-27 17:11 - 2013-12-27 17:11 - 01034531 _____ (Thisisu) C:\Documents and Settings\Infinite Library\Desktop\JRT.exe
2013-12-27 00:27 - 2009-06-22 08:56 - 00000444 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job
2013-12-26 22:08 - 2013-11-12 18:51 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\vlc
2013-12-26 20:27 - 2010-07-21 11:32 - 00000284 _____ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2013-12-26 13:31 - 2013-12-26 12:28 - 00069980 _____ C:\Documents and Settings\Infinite Library\Desktop\OTL.Txt
2013-12-26 12:18 - 2013-12-26 12:18 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Infinite Library\Desktop\OTL.exe
2013-12-26 00:50 - 2011-05-10 09:31 - 00017312 _____ C:\WINDOWS\setupact.log
2013-12-26 00:38 - 2011-06-06 22:28 - 04194327 _____ C:\WINDOWS\pfirewall.log.old
2013-12-25 20:45 - 2011-06-23 18:03 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-12-25 19:16 - 2009-04-25 19:28 - 00000000 ____D C:\WINDOWS\pss
2013-12-25 18:55 - 2009-06-19 23:22 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-25 18:54 - 2013-12-25 13:35 - 00000000 __HDC C:\WINDOWS\ie8
2013-12-25 18:53 - 2013-12-25 18:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-25 18:53 - 2013-12-25 18:53 - 00000000 ____D C:\Program Files\CCleaner
2013-12-25 18:53 - 2013-12-25 18:53 - 00000000 ____D C:\Documents and Settings\Infinite Library\Local Settings\Application Data\Google
2013-12-25 18:53 - 2013-12-25 12:18 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-25 18:53 - 2013-12-25 08:01 - 00000000 ____D C:\Documents and Settings\Infinite Library\Desktop\mbar
2013-12-25 18:53 - 2013-12-25 01:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2013-12-25 18:53 - 2012-01-12 15:34 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Mozilla
2013-12-25 18:53 - 2011-05-08 10:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-25 18:53 - 2005-12-07 16:23 - 00000000 ____D C:\Documents and Settings\Infinite Library
2013-12-25 17:01 - 2013-12-25 12:00 - 00011231 _____ C:\Documents and Settings\Infinite Library\Desktop\links.txt
2013-12-25 14:27 - 2004-08-10 12:52 - 00000000 ____D C:\WINDOWS\Help
2013-12-25 14:14 - 2013-06-11 15:36 - 00193291 _____ C:\WINDOWS\setupapi.log
2013-12-25 14:14 - 2011-08-26 19:43 - 00036844 _____ C:\WINDOWS\KB2510531-IE8.log
2013-12-25 14:14 - 2011-05-10 09:31 - 00715561 _____ C:\WINDOWS\tsoc.log
2013-12-25 14:14 - 2011-05-10 09:31 - 00594262 _____ C:\WINDOWS\comsetup.log
2013-12-25 14:14 - 2011-05-10 09:31 - 00372571 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-25 14:14 - 2011-05-10 09:31 - 00272514 _____ C:\WINDOWS\iis6.log
2013-12-25 14:14 - 2011-05-10 09:31 - 00103180 _____ C:\WINDOWS\ocmsn.log
2013-12-25 14:14 - 2011-05-10 09:31 - 00092808 _____ C:\WINDOWS\msgsocm.log
2013-12-25 14:14 - 2011-05-10 09:31 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-25 14:14 - 2011-05-10 09:30 - 01777136 _____ C:\WINDOWS\FaxSetup.log
2013-12-25 14:14 - 2011-05-10 09:30 - 00998516 _____ C:\WINDOWS\ocgen.log
2013-12-25 14:13 - 2011-05-10 09:30 - 00536267 _____ C:\WINDOWS\updspapi.log
2013-12-25 13:52 - 2011-05-25 21:34 - 00168052 _____ C:\WINDOWS\spupdsvc.log
2013-12-25 13:50 - 2004-08-10 12:52 - 00000000 ____D C:\WINDOWS\Media
2013-12-25 13:45 - 2011-08-25 21:13 - 00955087 _____ C:\WINDOWS\ie8_main.log
2013-12-25 13:44 - 2013-12-11 16:19 - 00083453 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-25 13:44 - 2011-05-10 09:31 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-12-25 13:43 - 2013-08-15 00:20 - 00300450 _____ C:\WINDOWS\KB2862772-IE8.log
2013-12-25 13:43 - 2012-09-21 20:46 - 00311945 _____ C:\WINDOWS\KB2744842-IE8.log
2013-12-25 13:42 - 2011-12-15 08:51 - 00327440 _____ C:\WINDOWS\KB2618444-IE8.log
2013-12-25 13:41 - 2013-01-20 13:01 - 00291836 _____ C:\WINDOWS\KB2598845-IE8.log
2013-12-25 13:40 - 2011-08-25 21:26 - 00458100 _____ C:\WINDOWS\KB982381-IE8.log
2013-12-25 13:38 - 2011-08-25 21:23 - 00423306 _____ C:\WINDOWS\ie8.log
2013-12-25 13:04 - 2013-12-25 13:02 - 16883056 _____ (Microsoft Corporation) C:\Program Files\IE8-WindowsXP-x86-ENU.exe
2013-12-25 12:59 - 2010-12-02 12:36 - 00000000 ____D C:\Documents and Settings\Infinite Library\Local Settings\Application Data\Deployment
2013-12-25 12:57 - 2011-08-25 21:13 - 00232303 _____ C:\WINDOWS\ie8Uninst.log
2013-12-25 12:18 - 2013-12-25 12:18 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2013-12-25 12:18 - 2013-12-25 12:18 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-12-25 12:15 - 2013-12-25 12:15 - 00282992 _____ (Mozilla) C:\Program Files\Firefox Setup Stub 26.0.exe
2013-12-25 09:06 - 2013-10-26 18:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-12-25 08:02 - 2013-10-26 18:18 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-25 07:36 - 2013-05-09 17:12 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-25 07:36 - 2013-05-09 17:12 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-25 07:31 - 2006-08-15 17:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB918899$
2013-12-25 01:22 - 2013-12-25 01:22 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-12-25 01:18 - 2013-12-25 01:18 - 00755792 _____ C:\Program Files\cc_setup.exe
2013-12-24 23:54 - 2010-04-12 16:03 - 00000284 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job
2013-12-24 22:19 - 2013-12-24 22:19 - 00000107 _____ C:\Documents and Settings\Infinite Library\Desktop\TPV.m3u
2013-12-24 21:51 - 2013-11-23 02:55 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Audacity
2013-12-24 18:52 - 2013-12-24 18:52 - 00004608 ___SH C:\WINDOWS\Thumbs.db
2013-12-24 18:52 - 2013-12-10 02:24 - 00020480 ___SH C:\WINDOWS\system32\Thumbs.db
2013-12-24 18:52 - 2013-09-14 09:50 - 00000000 ____D C:\WINDOWS\SHELLNEW
2013-12-24 18:52 - 2008-08-27 19:03 - 00000000 __HDC C:\WINDOWS\$NtServicePackUninstall$
2013-12-24 18:52 - 2004-08-10 12:52 - 00000000 ___RD C:\WINDOWS\Web
2013-12-24 18:36 - 2013-12-24 18:36 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Cool Record Edit Pro
2013-12-24 18:36 - 2013-12-24 18:24 - 00000000 ____D C:\Documents and Settings\Infinite Library\My Documents\Free Sound Recorder
2013-12-24 18:21 - 2011-05-10 19:40 - 00142091 _____ C:\WINDOWS\wmsetup.log
2013-12-24 10:53 - 2004-08-10 12:51 - 00000701 _____ C:\WINDOWS\win.ini
2013-12-24 03:42 - 2005-11-28 15:14 - 00000327 __RSH C:\boot.ini
2013-12-24 03:42 - 2004-08-10 12:51 - 00000254 _____ C:\WINDOWS\system.ini
2013-12-24 03:00 - 2013-12-24 03:00 - 00309374 _____ C:\Documents and Settings\Infinite Library\Desktop\untitled.bmp
2013-12-24 02:19 - 2013-12-24 02:19 - 00204496 _____ (Malwarebytes) C:\Program Files\startuplite-setup-1.07.exe
2013-12-24 01:33 - 2009-06-10 13:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB961501$
2013-12-23 21:01 - 2013-12-23 20:57 - 00000954 _____ C:\Documents and Settings\Infinite Library\Desktop\Unmute Volume CTRL+U.lnk
2013-12-23 21:00 - 2013-12-23 20:53 - 00000946 _____ C:\Documents and Settings\Infinite Library\Desktop\Mute Volume CRTL+M.lnk
2013-12-23 20:48 - 2013-09-15 18:08 - 00000082 _____ C:\Documents and Settings\Infinite Library\Desktop\Times.txt
2013-12-23 20:34 - 2013-10-07 12:54 - 00002450 _____ C:\WINDOWS\Sandboxie.ini
2013-12-23 19:34 - 2013-12-23 18:57 - 00000000 ____D C:\Program Files\NirCmd - Mute Sound Via Hot Keys
2013-12-22 21:33 - 2013-12-22 21:33 - 00000846 _____ C:\Documents and Settings\Infinite Library\Desktop\AVS4YOUSoftwareNavigator.lnk
2013-12-21 22:33 - 2005-12-23 10:36 - 00000000 ____D C:\Documents and Settings\Administrator
2013-12-21 22:33 - 2005-12-07 16:23 - 00000000 ____D C:\Documents and Settings\Infinite Library\Start Menu\Programs\Dell
2013-12-21 22:33 - 2004-08-10 13:08 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-12-21 22:33 - 2004-08-10 13:08 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-12-21 22:33 - 2004-08-10 13:02 - 00000000 ____D C:\WINDOWS\Registration
2013-12-21 22:32 - 2013-12-21 22:32 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB835221WXP$
2013-12-21 22:31 - 2013-12-21 21:34 - 00000000 ____D C:\Program Files\HDAQFE
2013-12-21 22:24 - 2013-12-21 21:47 - 00000450 _____ C:\WINDOWS\system32\Drivers\sthdae.log
2013-12-21 21:47 - 2005-11-28 15:16 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2013-12-21 21:35 - 2005-11-28 15:25 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-21 20:14 - 2013-12-21 20:13 - 00005252 _____ C:\WINDOWS\KB835221Uninst.log
2013-12-20 09:49 - 2013-10-07 13:01 - 00000000 ____D C:\Program Files\Internet Download Manager
2013-12-20 09:46 - 2013-10-07 13:01 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\IDM
2013-12-18 22:17 - 2013-05-06 16:11 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Media Player Classic
2013-12-18 19:12 - 2013-08-12 19:24 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\tixati
2013-12-18 01:24 - 2010-12-11 14:51 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\dvdcss
2013-12-16 04:10 - 2013-12-16 04:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
2013-12-16 04:07 - 2013-05-23 10:59 - 00000000 ____D C:\Program Files\ImgBurn
2013-12-16 02:07 - 2013-10-26 19:08 - 00001586 _____ C:\Documents and Settings\All Users\Start Menu\Programs\SumatraPDF.lnk
2013-12-16 02:07 - 2013-10-26 19:08 - 00000000 ____D C:\Program Files\SumatraPDF
2013-12-13 22:06 - 2011-11-16 00:25 - 00000214 _____ C:\Documents and Settings\Infinite Library\Desktop\KINGSTON DATA TRAVLER (H).lnk
2013-12-12 00:16 - 2013-05-26 00:06 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Aegisub
2013-12-12 00:12 - 2013-10-30 20:30 - 00000000 ____D C:\Documents and Settings\Infinite Library\Local Settings\Application Data\Paint.NET
2013-12-11 23:36 - 2005-12-08 00:01 - 00000000 ____D C:\Program Files\Microsoft Office
2013-12-11 17:05 - 2004-08-10 12:57 - 00145216 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-11 16:19 - 2013-12-11 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-11 16:19 - 2013-12-11 13:51 - 00010496 _____ C:\WINDOWS\KB2898715.log
2013-12-11 16:18 - 2013-12-11 16:18 - 00005086 _____ C:\WINDOWS\KB2904266.log
2013-12-11 16:18 - 2013-12-11 16:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-11 16:18 - 2013-08-15 00:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-11 16:18 - 2007-02-14 22:44 - 00900600 _____ C:\WINDOWS\system32\TZLog.log
2013-12-11 16:15 - 2005-12-08 02:38 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-11 16:14 - 2013-12-11 16:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-11 16:14 - 2013-12-11 13:51 - 00010017 _____ C:\WINDOWS\KB2893984.log
2013-12-11 16:14 - 2013-12-11 13:51 - 00009302 _____ C:\WINDOWS\KB2893294.log
2013-12-11 16:13 - 2013-12-11 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-11 16:13 - 2013-12-11 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-11 16:13 - 2013-12-11 13:51 - 00008546 _____ C:\WINDOWS\KB2892075.log
2013-12-10 19:41 - 2013-12-10 19:41 - 00000000 ____D C:\Documents and Settings\Infinite Library\My Documents\AVS4YOU
2013-12-10 03:29 - 2013-05-06 18:32 - 00000000 ___RD C:\Documents and Settings\Infinite Library\My Documents\xxComputerTrashxx
2013-12-10 03:22 - 2013-12-10 03:22 - 00000472 _____ C:\Documents and Settings\Infinite Library\My Documents\My Pictures.lnk
2013-12-10 02:25 - 2005-12-23 10:36 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2013-12-10 02:17 - 2011-05-09 16:25 - 00000000 ____D C:\Program Files\FileHippo.com
2013-12-10 02:00 - 2013-12-10 02:00 - 00000000 ____D C:\Program Files\Aegisub-3.0.2-32
2013-12-10 01:55 - 2013-05-26 03:08 - 00000000 ____D C:\Program Files\Aegisub
2013-12-08 02:17 - 2010-03-10 17:33 - 00000308 _____ C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job
2013-12-08 01:49 - 2006-06-15 00:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB918439$
2013-12-08 01:34 - 2010-06-11 15:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975562$
2013-12-07 11:31 - 2007-06-13 12:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB935840$
2013-12-07 11:15 - 2013-10-08 23:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-12-07 01:22 - 2013-12-07 01:22 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Publish Providers
2013-12-07 01:22 - 2013-12-07 01:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sony
2013-12-07 01:21 - 2012-05-06 21:04 - 00000000 ____D C:\Documents and Settings\Infinite Library\Local Settings\Application Data\Sony
2013-12-07 01:21 - 2012-05-06 20:48 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Sony
2013-12-06 19:30 - 2011-08-10 23:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2562937$
2013-12-05 22:08 - 2013-05-08 20:22 - 00000000 ____D C:\Program Files\Media Player Classic
2013-11-30 15:03 - 2013-11-30 15:03 - 00000000 ____D C:\Program Files\Ffmpeg For Audacity
2013-11-30 14:59 - 2013-11-23 02:54 - 00000000 ____D C:\Program Files\Audacity
2013-11-27 18:24 - 2013-10-04 05:40 - 00121184 _____ (Tonec Inc.) C:\WINDOWS\system32\Drivers\idmtdi.sys

Files to move or delete:
====================
C:\Documents and Settings\Infinite Library\Application Data\Camdata.ini
C:\Documents and Settings\Infinite Library\Application Data\CamLayout.ini
C:\Documents and Settings\Infinite Library\Application Data\CamShapes.ini
C:\Documents and Settings\Infinite Library\Application Data\CamStudio.Producer.Data.ini
C:\Windows\Tasks\At1.job


Some content of TEMP:
====================
C:\Documents and Settings\Infinite Library\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Infinite Library\Local Settings\temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================




Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-12-2013 01
Ran by Infinite Library at 2013-12-27 18:22:02
Running from C:\Documents and Settings\Infinite Library\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

7-Zip 9.22beta
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Aegisub 3.0.4 (Version: 3.0.4)
AMD APP SDK Runtime (Version: 2.4.595.10)
AMP Font Viewer
ATI Catalyst Install Manager (Version: 3.0.825.0)
ATI Control Panel (Version: 6.14.10.5160)
ATI Display Driver (Version: 8.591-090225a-076825C-ATI)
AVS Audio Converter 7 (Version: 7.2.1.528)
AVS Audio Editor 7.2 (Version: 7.2.1.487)
AVS Audio Recorder version 4.0
AVS Cover Editor 2.0.1.3
AVS Disc Creator 5 (Version: 5.1.2.525)
AVS Document Converter 2.2.8 (Version: 2.2.8.225)
AVS DVD Copy 4.1.2.283
AVS Image Converter 2.3.3.249 (Version: 2.3.3.249)
AVS Photo Editor (Version: 2.1.2.136)
AVS Ringtone Maker version 1.6
AVS Screen Capture version 2.0.2
AVS Update Manager 1.0
AVS Video Converter 8 (Version: 8.4.2.541)
AVS Video Editor 6 (Version: 6.4.2.241)
AVS Video Recorder 2.5 (Version: 2.5.5.85)
AVS Video ReMaker 4.2.2.153 (Version: 4.2.2.153)
AVS4YOU Software Navigator 1.4
CCleaner (Version: 4.02)
Classic PhoneTools (Version: 4.24)
Dell Digital Jukebox Driver
Dell Driver Download Manager (HKCU Version: 3.0.0.0)
Dell Photo AIO Printer 962
Dell Resource CD (Version: 1.00.0000)
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
DriverMax 7 (Version: 7.13.0.23)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ExplorerXP (remove only)
FastStone Image Viewer 4.8 (Version: 4.8)
FFmpeg v0.6.2 for Audacity
FileHippo.com Update Checker
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
ImgBurn (Version: 2.5.8.0)
Intel® 537EP V9x DFV PCI Modem
Intel® Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 9.30.0000)
Internet Download Manager
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MediaInfo 0.7.63 (Version: 0.7.63)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Modem Event Monitor
Modem Helper (Version: 2.40)
Modem On Hold (Version: 1.12)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MPC-HC 1.7.0 (Version: 1.7.0.7858)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NWZ-E460 WALKMAN Guide (Version: 2.0.2.04130)
Paint.NET v3.5.11 (Version: 3.61.0)
Print to Fax (Version: 1.00)
Puran Defrag 7.7
Revo Uninstaller Pro 3.0.7 (Version: 3.0.7)
Sandboxie 4.06 (32-bit) (Version: 4.06)
Sony USB Driver (Version: 2.00)
SumatraPDF 2.5.8500 (Version: 2.5.8500)
Tixati
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 2.1.2 (Version: 2.1.2)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Install Wizard (Version: 1.00.0000)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows Search 4.0 (Version: 04.00.6001.503)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 5.00 (32-bit) (Version: 5.00.0)

==================== Restore Points =========================

01-12-2013 01:59:50 System Checkpoint
02-12-2013 02:06:55 System Checkpoint
03-12-2013 06:08:34 System Checkpoint
04-12-2013 22:35:32 System Checkpoint
06-12-2013 04:35:01 System Checkpoint
07-12-2013 09:17:53 System Checkpoint
09-12-2013 01:38:24 Revo Uninstaller Pro's restore point - MKVToolNix 6.5.0
10-12-2013 05:14:55 System Checkpoint
10-12-2013 07:50:12 Revo Uninstaller Pro's restore point - CBR and CBZ to PDF
10-12-2013 07:52:14 Revo Uninstaller Pro's restore point - Sony Vegas Pro 10.0
10-12-2013 07:56:06 Revo Uninstaller Pro's restore point - Amazon
10-12-2013 08:01:38 Revo Uninstaller Pro's restore point - DVD Flick 1.3.0.7
10-12-2013 08:04:53 Revo Uninstaller Pro's restore point - WebCyberCoach
10-12-2013 08:46:24 Revo Uninstaller Pro's restore point - Xesc & Technology
10-12-2013 08:51:21 Revo Uninstaller Pro's restore point - W3i
10-12-2013 08:53:11 Revo Uninstaller Pro's restore point - sw4b4
11-12-2013 22:11:50 Software Distribution Service 3.0
13-12-2013 19:09:49 System Checkpoint
14-12-2013 02:48:31 Software Distribution Service 3.0
15-12-2013 03:46:07 System Checkpoint
16-12-2013 10:15:59 Revo Uninstaller Pro's restore point - Search Protect
18-12-2013 05:08:59 System Checkpoint
18-12-2013 16:28:26 Revo Uninstaller Pro's restore point - WordWeb
20-12-2013 03:32:26 System Checkpoint
22-12-2013 01:43:17 Before Sigmatel Fiddling
22-12-2013 02:13:44 Revo Uninstaller Pro's restore point - High Definition Audio Driver Package - KB835221
22-12-2013 02:55:39 Revo Uninstaller Pro's restore point - R126205
22-12-2013 03:10:01 Restore Operation
22-12-2013 03:48:12 Installed SigmaTel Audio
22-12-2013 04:28:49 Restore Operation
23-12-2013 05:37:57 System Checkpoint
24-12-2013 16:52:27 Software Distribution Service 3.0
25-12-2013 00:38:24 Revo Uninstaller Pro's restore point - Free Sound Recorder v9.7.2
25-12-2013 00:46:52 Revo Uninstaller Pro's restore point - SearchProtect
25-12-2013 07:12:40 Revo Uninstaller Pro's restore point - conduit.com
25-12-2013 13:41:40 Revo Uninstaller Pro's restore point - conduit
25-12-2013 15:21:18 Revo Uninstaller Pro's restore point - conduit
25-12-2013 17:20:56 Revo Uninstaller Pro's restore point - DeviceDesc
25-12-2013 18:03:55 Revo Uninstaller Pro's restore point - Mozilla Firefox 26.0 (x86 en-US)
25-12-2013 18:55:51 Revo Uninstaller Pro's restore point - Windows Internet Explorer 8
25-12-2013 18:58:59 Revo Uninstaller Pro's restore point - Dell System Detect
25-12-2013 19:37:43 Installed Windows Internet Explorer 8.
25-12-2013 19:38:59 Software Distribution Service 3.0
25-12-2013 20:12:53 Software Distribution Service 3.0
26-12-2013 00:47:34 Restore Operation
26-12-2013 00:59:47 Restore Operation

==================== Hosts content: ==========================

2011-05-08 10:46 - 2011-06-03 15:30 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\SANDRA~1\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2005-12-10 16:29 - 2004-12-16 09:15 - 00073728 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dlbxPP5C.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/24/2013 08:31:39 PM) (Source: Application Error) (User: )
Description: Faulting application avsscreencapture.exe, version 2.0.3.90, faulting module avsmpegcodecs.dll, version 1.0.1.354, fault address 0x002ab293.
Processing media-specific event for [avsscreencapture.exe!ws!]

Error: (12/23/2013 09:13:15 PM) (Source: Application Error) (User: )
Description: Faulting application avsscreencapture.exe, version 2.0.3.90, faulting module avsvideoplayer.dll, version 1.0.1.523, fault address 0x0002ff88.
Processing media-specific event for [avsscreencapture.exe!ws!]

Error: (12/22/2013 09:43:15 AM) (Source: ESENT) (User: )
Description: Catalog Database (1196) The version store for this instance (0) has reached its maximum size of 16Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.

Possible long-running transaction:

SessionId: 0x01FC03C0

Session-context: 0x00000000

Session-context ThreadId: 0x00000A8C

Error: (12/22/2013 09:43:15 AM) (Source: ESENT) (User: )
Description: Catalog Database (1196) The version store for this instance (0) has reached its maximum size of 16Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.

Possible long-running transaction:

SessionId: 0x01FC03C0

Session-context: 0x00000000

Session-context ThreadId: 0x00000A8C

Error: (12/22/2013 09:43:15 AM) (Source: ESENT) (User: )
Description: Catalog Database (1196) The version store for this instance (0) has reached its maximum size of 16Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.

Possible long-running transaction:

SessionId: 0x01FC03C0

Session-context: 0x00000000

Session-context ThreadId: 0x00000A8C

Error: (12/22/2013 09:43:15 AM) (Source: ESENT) (User: )
Description: Catalog Database (1196) The version store for this instance (0) has reached its maximum size of 16Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.

Possible long-running transaction:

SessionId: 0x01FC03C0

Session-context: 0x00000000

Session-context ThreadId: 0x00000A8C

Error: (12/22/2013 09:43:15 AM) (Source: ESENT) (User: )
Description: Catalog Database (1196) The version store for this instance (0) has reached its maximum size of 16Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.

Possible long-running transaction:

SessionId: 0x01FC03C0

Session-context: 0x00000000

Session-context ThreadId: 0x00000A8C

Error: (12/22/2013 09:43:15 AM) (Source: ESENT) (User: )
Description: Catalog Database (1196) The version store for this instance (0) has reached its maximum size of 16Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.

Possible long-running transaction:

SessionId: 0x01FC03C0

Session-context: 0x00000000

Session-context ThreadId: 0x00000A8C

Error: (12/22/2013 09:43:15 AM) (Source: ESENT) (User: )
Description: Catalog Database (1196) The version store for this instance (0) has reached its maximum size of 16Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.

Possible long-running transaction:

SessionId: 0x01FC03C0

Session-context: 0x00000000

Session-context ThreadId: 0x00000A8C

Error: (12/22/2013 09:43:15 AM) (Source: ESENT) (User: )
Description: Catalog Database (1196) The version store for this instance (0) has reached its maximum size of 16Mb. It is likely that a long-running transaction is preventing cleanup of the version store and causing it to build up in size. Updates will be rejected until the long-running transaction has been completely committed or rolled back.

Possible long-running transaction:

SessionId: 0x01FC03C0

Session-context: 0x00000000

Session-context ThreadId: 0x00000A8C


System errors:
=============
Error: (12/27/2013 06:21:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (12/27/2013 05:55:20 PM) (Source: 0) (User: )
Description: \Device\Harddisk2\D

Error: (12/27/2013 05:54:50 PM) (Source: 0) (User: )
Description: \Device\Harddisk2\D

Error: (12/27/2013 05:54:21 PM) (Source: DCOM) (User: DIMENSION9150)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/27/2013 05:49:21 PM) (Source: DCOM) (User: DIMENSION9150)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/27/2013 05:49:20 PM) (Source: DCOM) (User: DIMENSION9150)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/27/2013 05:30:29 PM) (Source: DCOM) (User: DIMENSION9150)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/27/2013 05:27:31 PM) (Source: DCOM) (User: DIMENSION9150)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (12/27/2013 05:21:00 PM) (Source: Schedule) (User: )
Description: The At1.job command failed to start due to the following error:
%%2147942403

Error: (12/27/2013 05:02:21 PM) (Source: DCOM) (User: DIMENSION9150)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}


Microsoft Office Sessions:
=========================
Error: (12/24/2013 08:31:39 PM) (Source: Application Error)(User: )
Description: avsscreencapture.exe2.0.3.90avsmpegcodecs.dll1.0.1.354002ab293

Error: (12/23/2013 09:13:15 PM) (Source: Application Error)(User: )
Description: avsscreencapture.exe2.0.3.90avsvideoplayer.dll1.0.1.5230002ff88

Error: (12/22/2013 09:43:15 AM) (Source: ESENT)(User: )
Description: Catalog Database11960160x01FC03C00x000000000x00000A8C

Error: (12/22/2013 09:43:15 AM) (Source: ESENT)(User: )
Description: Catalog Database11960160x01FC03C00x000000000x00000A8C

Error: (12/22/2013 09:43:15 AM) (Source: ESENT)(User: )
Description: Catalog Database11960160x01FC03C00x000000000x00000A8C

Error: (12/22/2013 09:43:15 AM) (Source: ESENT)(User: )
Description: Catalog Database11960160x01FC03C00x000000000x00000A8C

Error: (12/22/2013 09:43:15 AM) (Source: ESENT)(User: )
Description: Catalog Database11960160x01FC03C00x000000000x00000A8C

Error: (12/22/2013 09:43:15 AM) (Source: ESENT)(User: )
Description: Catalog Database11960160x01FC03C00x000000000x00000A8C

Error: (12/22/2013 09:43:15 AM) (Source: ESENT)(User: )
Description: Catalog Database11960160x01FC03C00x000000000x00000A8C

Error: (12/22/2013 09:43:15 AM) (Source: ESENT)(User: )
Description: Catalog Database11960160x01FC03C00x000000000x00000A8C


==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 1022.09 MB
Available physical RAM: 526.6 MB
Total Pagefile: 2524.18 MB
Available Pagefile: 2180.35 MB
Total Virtual: 2047.88 MB
Available Virtual: 1949.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:229.77 GB) (Free:152.79 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (Elements) (Fixed) (Total:931.51 GB) (Free:257.51 GB) NTFS
Drive g: (Elements) (Fixed) (Total:2794.52 GB) (Free:2450.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 0006B71E)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#4
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
The FRST routine should create a file winsock2.reg on your desktop. It's just for insurance since we are going to be working on the winsock2 stack. If you can't get back on line after running the FRST fix and rebooting you should be able to revert back by right clicking on winsock2.reg and selecting Merge. Then reboot.

Uninstall Bonjour since it is broken.
Also uninstall Internet Download Manager
and Windows Search 4.0 (broken)

Download the attached fixlist.txt to the same location as FRST
Run FRST and press Fix
A fix log will be generated please post that then
1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Start, Run, eventvwr.msc, OK to bring up the Event Viewer. Right click on System and Clear All Events, No (we don't want to save the old log), OK. Repeat for Application.

Reboot.

The disk check will run and will probably take an hour or more to finish.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Run FRST again, check the Additions box and then Scan. You will get two logs. Post them both.
  • 0

#5
SandyStone

SandyStone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Okay, I uninstalled the three programs with Revo Uninstaller.

The question I have is, where is the "attached fixlist.txt" that you are referring to?
  • 0

#6
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
oops
  • 0

#7
SandyStone

SandyStone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I did not create a winsock2.reg file. It went over my head I guess. It worked out anyway. When I went to save the vew file to the desktop, notepad froze up. I discovered it saved in the c drive so I just pasted that one to my desktop.


Here are the logs

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 27-12-2013 01
Ran by Infinite Library at 2013-12-27 20:57:33 Run:1
Running from C:\Documents and Settings\Infinite Library\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
CMD: reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg
S4 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [x]
S4 Bonjour Service; "C:\Program Files\Bonjour\mDNSResponder.exe" [x]
S3 MEMSWEEP2; \??\C:\WINDOWS\system32\12.tmp [x]
U3 TlntSvr;
S3 wanatw; system32\DRIVERS\wanatw4.sys [x]
U1 WS2IFSL;
R1 IDMTDI; C:\Windows\System32\DRIVERS\idmtdi.sys [121184 2013-11-27] (Tonec Inc.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll File Not found ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
URLSearchHook: HKCU - (No Name) - {d1e06b91-60e6-4492-af9f-53043fa32716} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {4EF1AA21-9C2B-45BA-B94E-52B75F18DE2A} URL = https://duckduckgo.c...q={searchTerms}
SearchScopes: HKCU - {7C25484A-2547-467A-B24F-F84BECA2CA8A} URL = https://startpage.co...anguage=english
HKCU\...\Run: [IDMan] - C:\Program Files\Internet Download Manager\IDMan.exe [3821136 2013-12-15] (Tonec Inc.)
HKU\Default User\...\Run: [DellSupport] - "C:\Program Files\DellSupport\DSAgnt.exe" /startup
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)
FF Plugin: @oberon-media.com/ONCAdapter - C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll No File
FF SearchPlugin: C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\thepiratebayorg.xml
FF Extension: anonymoX - C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\Extensions\[email protected]
FF Extension: KickassTorrents Search - C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\Extensions\{d9891a46-b4e2-4afd-a15a-d8f05f13e5d4}.xpi
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Documents and Settings\Infinite Library\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - C:\Documents and Settings\Infinite Library\Application Data\IDM\idmmzcc5
FF HKCU\...\SeaMonkey\Extensions: [[email protected]] - C:\Documents and Settings\Infinite Library\Application Data\IDM\idmmzcc5
FF Extension: IDM CC - C:\Documents and Settings\Infinite Library\Application Data\IDM\idmmzcc5
C:\Program Files\Internet Download Manager
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\SANDRA~1\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
CMD: netsh winsock reset catalog
CMD: net stop wuauserv
C:\Windows\SoftwareDistribution\DataStore



*****************


========= reg export HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\WinSock2\Parameters %userprofile%\Desktop\winsock2.reg =========


Error: Too many command-line parameters

========= End of CMD: =========

Apple Mobile Device => Service deleted successfully.
Bonjour Service => Service not found.
MEMSWEEP2 => Service deleted successfully.
TlntSvr => Service deleted successfully.
wanatw => Service deleted successfully.
WS2IFSL => Service deleted successfully.
IDMTDI => Service not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{56F9679E-7826-4C84-81F3-532071A8BCC5} => Value not found.
HKCR\CLSID\{56F9679E-7826-4C84-81F3-532071A8BCC5} => Key not found.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004 => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Value deleted successfully.
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{d1e06b91-60e6-4492-af9f-53043fa32716} => Value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4EF1AA21-9C2B-45BA-B94E-52B75F18DE2A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{4EF1AA21-9C2B-45BA-B94E-52B75F18DE2A} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7C25484A-2547-467A-B24F-F84BECA2CA8A} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{7C25484A-2547-467A-B24F-F84BECA2CA8A} => Key not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\IDMan => Value not found.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\Run\\DellSupport => Value deleted successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk not found.
C:\Program Files\Windows Desktop Search\WindowsSearch.exe not found.
HKLM\Software\MozillaPlugins\@oberon-media.com/ONCAdapter => Key deleted successfully.
C:\Program Files\Common Files\Oberon Media\NCAdapter\1.0.0.7\npapicomadapter.dll not found.
"C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\duckduckgo.xml" => not found.
"C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\startpage-ssl.xml" => not found.
"C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\thepiratebayorg.xml" => not found.
C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\Extensions\[email protected] => not found.
C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\Extensions\{d9891a46-b4e2-4afd-a15a-d8f05f13e5d4}.xpi => not found.
HKCU\Software\Mozilla\Firefox\Extensions\\[email protected] => Value not found.
C:\Documents and Settings\Infinite Library\Application Data\IDM\idmmzcc5 => not found.
HKCU\Software\Mozilla\SeaMonkey\Extensions\\[email protected] => Value not found.
C:\Documents and Settings\Infinite Library\Application Data\IDM\idmmzcc5 => not found.
"C:\Program Files\Internet Download Manager" => File/Directory not found.
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => Moved successfully.
C:\WINDOWS\Tasks\At1.job => Moved successfully.
C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job => Moved successfully.
C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job => Moved successfully.
C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1006.job => Moved successfully.
C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-3990514779-3826623117-1682299583-1009.job => Moved successfully.

========= netsh winsock reset catalog =========

Initialization Function InitHelperDll in IPMONTR.DLL failed to start with error code 11003

Sucessfully reset the Winsock Catalog.
You must restart the machine in order to complete the reset.


========= End of CMD: =========


========= net stop wuauserv =========

The Automatic Updates service is stopping..
The Automatic Updates service was stopped successfully.


========= End of CMD: =========

C:\Windows\SoftwareDistribution\DataStore => Moved successfully.

==== End of Fixlog ====







Vino's Event Viewer v01c run on Windows XP in English
Report run at 27/12/2013 11:06:31 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/12/2013 11:06:05 PM
Type: error Category: 0
Event: 7 Source: Disk
The device, \Device\Harddisk2\D, has a bad block.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 27/12/2013 11:06:13 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 27/12/2013 11:06:02 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 27/12/2013 11:05:51 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 27/12/2013 11:05:40 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 27/12/2013 11:05:29 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 27/12/2013 11:05:18 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 27/12/2013 11:05:07 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 27/12/2013 11:04:56 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 27/12/2013 11:04:45 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 27/12/2013 11:04:34 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 27/12/2013 11:04:13 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.

Log: 'System' Date/Time: 27/12/2013 11:04:08 PM
Type: warning Category: 0
Event: 51 Source: Disk
An error was detected on device \Device\Harddisk1\D during a paging operation.





Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-12-2013 01
Ran by Infinite Library (administrator) on DIMENSION9150 on 27-12-2013 23:08:32
Running from C:\Documents and Settings\Infinite Library\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Puran Software) C:\WINDOWS\system32\PuranDefragS.exe
(Microsoft Corp., Veritas Software) C:\WINDOWS\system32\dmadmin.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [DLBXCATS] - rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBXtime.dll,_RunDLLEntry@16
Winlogon\Notify\AtiExtEvent: C:\Windows\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKCU\...\Run: [SandboxieControl] - C:\Program Files\Sandboxie\SbieCtrl.exe [543432 2013-10-16] (Sandboxie Holdings, LLC)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...ie=utf8&oe=utf8
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.ma...director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://static.harper...geUploader5.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.micros...ntent/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default
FF DefaultSearchEngine: Startpage (SSL)
FF Homepage: hxxp://www.danier.com/leather-women-jackets-blazers-103030340-P8329.aspx?lang=en&colour=950|666666&mc=yes
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\dictionary.xml
FF SearchPlugin: C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\startpage-ssl.xml
FF SearchPlugin: C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\searchplugins\thepiratebayorg.xml
FF Extension: anonymoX - C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\Extensions\[email protected]
FF Extension: Adblock Plus - C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: KickassTorrents Search - C:\Documents and Settings\Infinite Library\Application Data\Mozilla\Firefox\Profiles\kvtw6ksd.default\Extensions\{d9891a46-b4e2-4afd-a15a-d8f05f13e5d4}.xpi
FF HKCU\...\Firefox\Extensions: [[email protected]] - C:\Program Files\WordWeb\WCaptureMoz

========================== Services (Whitelisted) =================

S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [516096 2005-08-05] ()
S3 dlbx_device; C:\WINDOWS\system32\dlbxcoms.exe [462848 2004-12-16] (Dell)
S4 DSBrokerService; C:\Program Files\DellSupport\brkrsvc.exe [76848 2007-03-07] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 NetSvc; C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe [147456 2004-11-19] (Intel® Corporation)
R2 PuranDefrag; C:\WINDOWS\system32\PuranDefragS.exe [260992 2013-08-15] (Puran Software)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [130248 2013-10-16] (Sandboxie Holdings, LLC)
R2 JavaQuickStarterService; "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"

==================== Drivers (Whitelisted) ====================

S4 abp480n5; C:\Windows\system32\DRIVERS\ABP480N5.SYS [23552 2001-08-17] (Microsoft Corporation)
S3 bvrp_pci; C:\Windows\System32\Drivers\bvrp_pci.sys [4272 2004-03-24] ()
R3 IntelC51; C:\Windows\System32\DRIVERS\IntelC51.sys [1339776 2005-05-06] (Intel Corporation)
R3 IntelC52; C:\Windows\System32\DRIVERS\IntelC52.sys [618880 2006-03-01] (Intel Corporation)
R3 IntelC53; C:\Windows\System32\DRIVERS\IntelC53.sys [47360 2005-05-06] (Intel Corporation)
R3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [30984 2013-01-03] (Logitech, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R3 mohfilt; C:\Windows\System32\DRIVERS\mohfilt.sys [36880 2005-05-06] (Intel Corporation)
R0 MxEFUF; C:\Windows\System32\DRIVERS\MxEFUF32.sys [102728 2010-11-04] (Matrox Graphics Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [159840 2013-10-16] (Sandboxie Holdings, LLC)
S3 SONYPVU1; C:\Windows\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R3 STHDA; C:\Windows\System32\drivers\sthda.sys [180864 2005-06-14] (SigmaTel, Inc.)
U5 ScsiPort; C:\Windows\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-27 23:03 - 2013-12-27 23:06 - 00002906 _____ C:\Documents and Settings\Infinite Library\Desktop\VEW.txt
2013-12-27 20:17 - 2013-12-27 20:17 - 00061440 _____ ( ) C:\Documents and Settings\Infinite Library\Desktop\VEW.exe
2013-12-27 20:03 - 2013-12-27 20:03 - 00025410 _____ C:\WINDOWS\KB940157Uninst.log
2013-12-27 18:22 - 2013-12-27 18:24 - 00021500 _____ C:\Documents and Settings\Infinite Library\Desktop\Addition.txt
2013-12-27 18:20 - 2013-12-27 23:08 - 00008169 _____ C:\Documents and Settings\Infinite Library\Desktop\FRST.txt
2013-12-27 18:19 - 2013-12-27 18:19 - 00000000 ____D C:\FRST
2013-12-27 18:18 - 2013-12-27 18:18 - 01063657 _____ (Farbar) C:\Documents and Settings\Infinite Library\Desktop\FRST.exe
2013-12-27 17:51 - 2013-12-27 17:51 - 00007347 _____ C:\Documents and Settings\Infinite Library\Desktop\AdwCleaner[S0].txt
2013-12-27 17:38 - 2013-12-27 17:44 - 00000000 ____D C:\AdwCleaner
2013-12-27 17:36 - 2013-12-27 17:36 - 01233962 _____ C:\Documents and Settings\Infinite Library\Desktop\AdwCleaner.exe
2013-12-27 17:23 - 2013-12-27 17:27 - 00004137 _____ C:\Documents and Settings\Infinite Library\Desktop\JRT.txt
2013-12-27 17:13 - 2013-12-27 17:13 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-27 17:11 - 2013-12-27 17:11 - 01034531 _____ (Thisisu) C:\Documents and Settings\Infinite Library\Desktop\JRT.exe
2013-12-26 12:28 - 2013-12-26 13:31 - 00069980 _____ C:\Documents and Settings\Infinite Library\Desktop\OTL.Txt
2013-12-26 12:18 - 2013-12-26 12:18 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Infinite Library\Desktop\OTL.exe
2013-12-25 18:53 - 2013-12-25 18:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-25 18:53 - 2013-12-25 18:53 - 00000000 ____D C:\Program Files\CCleaner
2013-12-25 18:53 - 2013-12-25 18:53 - 00000000 ____D C:\Documents and Settings\Infinite Library\Local Settings\Application Data\Google
2013-12-25 13:35 - 2013-12-25 18:54 - 00000000 __HDC C:\WINDOWS\ie8
2013-12-25 13:02 - 2013-12-25 13:04 - 16883056 _____ (Microsoft Corporation) C:\Program Files\IE8-WindowsXP-x86-ENU.exe
2013-12-25 12:18 - 2013-12-25 18:53 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-25 12:18 - 2013-12-25 12:18 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2013-12-25 12:18 - 2013-12-25 12:18 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-12-25 12:15 - 2013-12-25 12:15 - 00282992 _____ (Mozilla) C:\Program Files\Firefox Setup Stub 26.0.exe
2013-12-25 12:00 - 2013-12-25 17:01 - 00011231 _____ C:\Documents and Settings\Infinite Library\Desktop\links.txt
2013-12-25 08:01 - 2013-12-25 18:53 - 00000000 ____D C:\Documents and Settings\Infinite Library\Desktop\mbar
2013-12-25 01:22 - 2013-12-25 18:53 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2013-12-25 01:22 - 2013-12-25 01:22 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-12-25 01:18 - 2013-12-25 01:18 - 00755792 _____ C:\Program Files\cc_setup.exe
2013-12-24 22:19 - 2013-12-24 22:19 - 00000107 _____ C:\Documents and Settings\Infinite Library\Desktop\TPV.m3u
2013-12-24 18:52 - 2013-12-24 18:52 - 00004608 ___SH C:\WINDOWS\Thumbs.db
2013-12-24 18:36 - 2013-12-24 18:36 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Cool Record Edit Pro
2013-12-24 18:24 - 2013-12-24 18:36 - 00000000 ____D C:\Documents and Settings\Infinite Library\My Documents\Free Sound Recorder
2013-12-24 03:00 - 2013-12-24 03:00 - 00309374 _____ C:\Documents and Settings\Infinite Library\Desktop\untitled.bmp
2013-12-24 02:19 - 2013-12-24 02:19 - 00204496 _____ (Malwarebytes) C:\Program Files\startuplite-setup-1.07.exe
2013-12-23 20:57 - 2013-12-23 21:01 - 00000954 _____ C:\Documents and Settings\Infinite Library\Desktop\Unmute Volume CTRL+U.lnk
2013-12-23 20:53 - 2013-12-23 21:00 - 00000946 _____ C:\Documents and Settings\Infinite Library\Desktop\Mute Volume CRTL+M.lnk
2013-12-23 20:04 - 2013-08-11 15:41 - 00044032 _____ (NirSoft) C:\WINDOWS\nircmd.exe
2013-12-23 18:57 - 2013-12-23 19:34 - 00000000 ____D C:\Program Files\NirCmd - Mute Sound Via Hot Keys
2013-12-22 21:33 - 2013-12-22 21:33 - 00000846 _____ C:\Documents and Settings\Infinite Library\Desktop\AVS4YOUSoftwareNavigator.lnk
2013-12-21 22:32 - 2013-12-21 22:32 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB835221WXP$
2013-12-21 21:47 - 2013-12-21 22:24 - 00000450 _____ C:\WINDOWS\system32\Drivers\sthdae.log
2013-12-21 21:34 - 2013-12-21 22:31 - 00000000 ____D C:\Program Files\HDAQFE
2013-12-21 20:13 - 2013-12-21 20:14 - 00005252 _____ C:\WINDOWS\KB835221Uninst.log
2013-12-16 04:10 - 2013-12-16 04:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
2013-12-11 16:19 - 2013-12-25 13:44 - 00083453 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-11 16:19 - 2013-12-11 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-11 16:18 - 2013-12-11 16:18 - 00005086 _____ C:\WINDOWS\KB2904266.log
2013-12-11 16:18 - 2013-12-11 16:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-11 16:14 - 2013-12-11 16:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-11 16:13 - 2013-12-11 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-11 16:13 - 2013-12-11 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-11 13:51 - 2013-12-11 16:19 - 00010496 _____ C:\WINDOWS\KB2898715.log
2013-12-11 13:51 - 2013-12-11 16:14 - 00010017 _____ C:\WINDOWS\KB2893984.log
2013-12-11 13:51 - 2013-12-11 16:14 - 00009302 _____ C:\WINDOWS\KB2893294.log
2013-12-11 13:51 - 2013-12-11 16:13 - 00008546 _____ C:\WINDOWS\KB2892075.log
2013-12-10 19:41 - 2013-12-10 19:41 - 00000000 ____D C:\Documents and Settings\Infinite Library\My Documents\AVS4YOU
2013-12-10 03:22 - 2013-12-10 03:22 - 00000472 _____ C:\Documents and Settings\Infinite Library\My Documents\My Pictures.lnk
2013-12-10 02:24 - 2013-12-24 18:52 - 00020480 ___SH C:\WINDOWS\system32\Thumbs.db
2013-12-10 02:00 - 2013-12-10 02:00 - 00000000 ____D C:\Program Files\Aegisub-3.0.2-32
2013-12-07 01:22 - 2013-12-07 01:22 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Publish Providers
2013-12-07 01:22 - 2013-12-07 01:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sony
2013-11-30 15:03 - 2013-11-30 15:03 - 00000000 ____D C:\Program Files\Ffmpeg For Audacity

==================== One Month Modified Files and Folders =======

2013-12-27 23:09 - 2011-06-06 22:28 - 02551747 _____ C:\WINDOWS\pfirewall.log
2013-12-27 23:08 - 2013-12-27 18:20 - 00008169 _____ C:\Documents and Settings\Infinite Library\Desktop\FRST.txt
2013-12-27 23:06 - 2013-12-27 23:03 - 00002906 _____ C:\Documents and Settings\Infinite Library\Desktop\VEW.txt
2013-12-27 23:00 - 2004-08-10 13:02 - 01509095 _____ C:\WINDOWS\WindowsUpdate.log
2013-12-27 23:00 - 2004-08-10 12:51 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2013-12-27 22:59 - 2004-08-10 13:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-12-27 22:59 - 2004-08-10 12:59 - 00000159 _____ C:\WINDOWS\wiadebug.log
2013-12-27 22:59 - 2004-08-10 12:59 - 00000050 _____ C:\WINDOWS\wiaservc.log
2013-12-27 21:14 - 2005-12-07 16:23 - 00000278 ___SH C:\Documents and Settings\Infinite Library\ntuser.ini
2013-12-27 21:14 - 2004-08-10 13:08 - 00032416 _____ C:\WINDOWS\SchedLgU.Txt
2013-12-27 20:49 - 2013-10-07 12:54 - 00002600 _____ C:\WINDOWS\Sandboxie.ini
2013-12-27 20:17 - 2013-12-27 20:17 - 00061440 _____ ( ) C:\Documents and Settings\Infinite Library\Desktop\VEW.exe
2013-12-27 20:03 - 2013-12-27 20:03 - 00025410 _____ C:\WINDOWS\KB940157Uninst.log
2013-12-27 20:03 - 2013-06-11 15:36 - 00194504 _____ C:\WINDOWS\setupapi.log
2013-12-27 20:03 - 2011-05-10 09:31 - 00717920 _____ C:\WINDOWS\tsoc.log
2013-12-27 20:03 - 2011-05-10 09:31 - 00596283 _____ C:\WINDOWS\comsetup.log
2013-12-27 20:03 - 2011-05-10 09:31 - 00373801 _____ C:\WINDOWS\ntdtcsetup.log
2013-12-27 20:03 - 2011-05-10 09:31 - 00273488 _____ C:\WINDOWS\iis6.log
2013-12-27 20:03 - 2011-05-10 09:31 - 00103522 _____ C:\WINDOWS\ocmsn.log
2013-12-27 20:03 - 2011-05-10 09:31 - 00093117 _____ C:\WINDOWS\msgsocm.log
2013-12-27 20:03 - 2011-05-10 09:31 - 00001393 _____ C:\WINDOWS\imsins.log
2013-12-27 20:03 - 2011-05-10 09:30 - 01783318 _____ C:\WINDOWS\FaxSetup.log
2013-12-27 20:03 - 2011-05-10 09:30 - 01001472 _____ C:\WINDOWS\ocgen.log
2013-12-27 18:24 - 2013-12-27 18:22 - 00021500 _____ C:\Documents and Settings\Infinite Library\Desktop\Addition.txt
2013-12-27 18:19 - 2013-12-27 18:19 - 00000000 ____D C:\FRST
2013-12-27 18:18 - 2013-12-27 18:18 - 01063657 _____ (Farbar) C:\Documents and Settings\Infinite Library\Desktop\FRST.exe
2013-12-27 17:51 - 2013-12-27 17:51 - 00007347 _____ C:\Documents and Settings\Infinite Library\Desktop\AdwCleaner[S0].txt
2013-12-27 17:44 - 2013-12-27 17:38 - 00000000 ____D C:\AdwCleaner
2013-12-27 17:44 - 2009-05-07 16:25 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Uniblue
2013-12-27 17:36 - 2013-12-27 17:36 - 01233962 _____ C:\Documents and Settings\Infinite Library\Desktop\AdwCleaner.exe
2013-12-27 17:27 - 2013-12-27 17:23 - 00004137 _____ C:\Documents and Settings\Infinite Library\Desktop\JRT.txt
2013-12-27 17:13 - 2013-12-27 17:13 - 00000000 ____D C:\WINDOWS\ERUNT
2013-12-27 17:11 - 2013-12-27 17:11 - 01034531 _____ (Thisisu) C:\Documents and Settings\Infinite Library\Desktop\JRT.exe
2013-12-27 00:27 - 2009-06-22 08:56 - 00000444 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job
2013-12-26 22:08 - 2013-11-12 18:51 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\vlc
2013-12-26 13:31 - 2013-12-26 12:28 - 00069980 _____ C:\Documents and Settings\Infinite Library\Desktop\OTL.Txt
2013-12-26 12:18 - 2013-12-26 12:18 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Infinite Library\Desktop\OTL.exe
2013-12-26 00:50 - 2011-05-10 09:31 - 00017312 _____ C:\WINDOWS\setupact.log
2013-12-26 00:38 - 2011-06-06 22:28 - 04194327 _____ C:\WINDOWS\pfirewall.log.old
2013-12-25 20:45 - 2011-06-23 18:03 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2013-12-25 19:16 - 2009-04-25 19:28 - 00000000 ____D C:\WINDOWS\pss
2013-12-25 18:55 - 2009-06-19 23:22 - 00000000 ____D C:\WINDOWS\ie8updates
2013-12-25 18:54 - 2013-12-25 13:35 - 00000000 __HDC C:\WINDOWS\ie8
2013-12-25 18:53 - 2013-12-25 18:53 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-25 18:53 - 2013-12-25 18:53 - 00000000 ____D C:\Program Files\CCleaner
2013-12-25 18:53 - 2013-12-25 18:53 - 00000000 ____D C:\Documents and Settings\Infinite Library\Local Settings\Application Data\Google
2013-12-25 18:53 - 2013-12-25 12:18 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-25 18:53 - 2013-12-25 08:01 - 00000000 ____D C:\Documents and Settings\Infinite Library\Desktop\mbar
2013-12-25 18:53 - 2013-12-25 01:22 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
2013-12-25 18:53 - 2012-01-12 15:34 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Mozilla
2013-12-25 18:53 - 2011-05-08 10:21 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-25 18:53 - 2005-12-07 16:23 - 00000000 ____D C:\Documents and Settings\Infinite Library
2013-12-25 17:01 - 2013-12-25 12:00 - 00011231 _____ C:\Documents and Settings\Infinite Library\Desktop\links.txt
2013-12-25 14:27 - 2004-08-10 12:52 - 00000000 ____D C:\WINDOWS\Help
2013-12-25 14:14 - 2011-08-26 19:43 - 00036844 _____ C:\WINDOWS\KB2510531-IE8.log
2013-12-25 14:14 - 2011-05-10 09:31 - 00001393 _____ C:\WINDOWS\imsins.BAK
2013-12-25 14:13 - 2011-05-10 09:30 - 00536267 _____ C:\WINDOWS\updspapi.log
2013-12-25 13:52 - 2011-05-25 21:34 - 00168052 _____ C:\WINDOWS\spupdsvc.log
2013-12-25 13:50 - 2004-08-10 12:52 - 00000000 ____D C:\WINDOWS\Media
2013-12-25 13:45 - 2011-08-25 21:13 - 00955087 _____ C:\WINDOWS\ie8_main.log
2013-12-25 13:44 - 2013-12-11 16:19 - 00083453 _____ C:\WINDOWS\KB2898785-IE8.log
2013-12-25 13:43 - 2013-08-15 00:20 - 00300450 _____ C:\WINDOWS\KB2862772-IE8.log
2013-12-25 13:43 - 2012-09-21 20:46 - 00311945 _____ C:\WINDOWS\KB2744842-IE8.log
2013-12-25 13:42 - 2011-12-15 08:51 - 00327440 _____ C:\WINDOWS\KB2618444-IE8.log
2013-12-25 13:41 - 2013-01-20 13:01 - 00291836 _____ C:\WINDOWS\KB2598845-IE8.log
2013-12-25 13:40 - 2011-08-25 21:26 - 00458100 _____ C:\WINDOWS\KB982381-IE8.log
2013-12-25 13:38 - 2011-08-25 21:23 - 00423306 _____ C:\WINDOWS\ie8.log
2013-12-25 13:04 - 2013-12-25 13:02 - 16883056 _____ (Microsoft Corporation) C:\Program Files\IE8-WindowsXP-x86-ENU.exe
2013-12-25 12:59 - 2010-12-02 12:36 - 00000000 ____D C:\Documents and Settings\Infinite Library\Local Settings\Application Data\Deployment
2013-12-25 12:57 - 2011-08-25 21:13 - 00232303 _____ C:\WINDOWS\ie8Uninst.log
2013-12-25 12:18 - 2013-12-25 12:18 - 00000730 _____ C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
2013-12-25 12:18 - 2013-12-25 12:18 - 00000724 _____ C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
2013-12-25 12:15 - 2013-12-25 12:15 - 00282992 _____ (Mozilla) C:\Program Files\Firefox Setup Stub 26.0.exe
2013-12-25 09:06 - 2013-10-26 18:21 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2013-12-25 08:02 - 2013-10-26 18:18 - 00051416 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2013-12-25 07:36 - 2013-05-09 17:12 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2013-12-25 07:36 - 2013-05-09 17:12 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2013-12-25 07:31 - 2006-08-15 17:24 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB918899$
2013-12-25 01:22 - 2013-12-25 01:22 - 00000682 _____ C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
2013-12-25 01:18 - 2013-12-25 01:18 - 00755792 _____ C:\Program Files\cc_setup.exe
2013-12-24 22:19 - 2013-12-24 22:19 - 00000107 _____ C:\Documents and Settings\Infinite Library\Desktop\TPV.m3u
2013-12-24 21:51 - 2013-11-23 02:55 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Audacity
2013-12-24 18:52 - 2013-12-24 18:52 - 00004608 ___SH C:\WINDOWS\Thumbs.db
2013-12-24 18:52 - 2013-12-10 02:24 - 00020480 ___SH C:\WINDOWS\system32\Thumbs.db
2013-12-24 18:52 - 2013-09-14 09:50 - 00000000 ____D C:\WINDOWS\SHELLNEW
2013-12-24 18:52 - 2008-08-27 19:03 - 00000000 __HDC C:\WINDOWS\$NtServicePackUninstall$
2013-12-24 18:52 - 2004-08-10 12:52 - 00000000 ___RD C:\WINDOWS\Web
2013-12-24 18:36 - 2013-12-24 18:36 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Cool Record Edit Pro
2013-12-24 18:36 - 2013-12-24 18:24 - 00000000 ____D C:\Documents and Settings\Infinite Library\My Documents\Free Sound Recorder
2013-12-24 18:21 - 2011-05-10 19:40 - 00142091 _____ C:\WINDOWS\wmsetup.log
2013-12-24 10:53 - 2004-08-10 12:51 - 00000701 _____ C:\WINDOWS\win.ini
2013-12-24 03:42 - 2005-11-28 15:14 - 00000327 __RSH C:\boot.ini
2013-12-24 03:42 - 2004-08-10 12:51 - 00000254 _____ C:\WINDOWS\system.ini
2013-12-24 03:00 - 2013-12-24 03:00 - 00309374 _____ C:\Documents and Settings\Infinite Library\Desktop\untitled.bmp
2013-12-24 02:19 - 2013-12-24 02:19 - 00204496 _____ (Malwarebytes) C:\Program Files\startuplite-setup-1.07.exe
2013-12-24 01:33 - 2009-06-10 13:17 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB961501$
2013-12-23 21:01 - 2013-12-23 20:57 - 00000954 _____ C:\Documents and Settings\Infinite Library\Desktop\Unmute Volume CTRL+U.lnk
2013-12-23 21:00 - 2013-12-23 20:53 - 00000946 _____ C:\Documents and Settings\Infinite Library\Desktop\Mute Volume CRTL+M.lnk
2013-12-23 20:48 - 2013-09-15 18:08 - 00000082 _____ C:\Documents and Settings\Infinite Library\Desktop\Times.txt
2013-12-23 19:34 - 2013-12-23 18:57 - 00000000 ____D C:\Program Files\NirCmd - Mute Sound Via Hot Keys
2013-12-22 21:33 - 2013-12-22 21:33 - 00000846 _____ C:\Documents and Settings\Infinite Library\Desktop\AVS4YOUSoftwareNavigator.lnk
2013-12-21 22:33 - 2005-12-23 10:36 - 00000000 ____D C:\Documents and Settings\Administrator
2013-12-21 22:33 - 2005-12-07 16:23 - 00000000 ____D C:\Documents and Settings\Infinite Library\Start Menu\Programs\Dell
2013-12-21 22:33 - 2004-08-10 13:08 - 00000000 __SHD C:\Documents and Settings\NetworkService
2013-12-21 22:33 - 2004-08-10 13:08 - 00000000 __SHD C:\Documents and Settings\LocalService
2013-12-21 22:33 - 2004-08-10 13:02 - 00000000 ____D C:\WINDOWS\Registration
2013-12-21 22:32 - 2013-12-21 22:32 - 00000000 ___HD C:\WINDOWS\$NtUninstallKB835221WXP$
2013-12-21 22:31 - 2013-12-21 21:34 - 00000000 ____D C:\Program Files\HDAQFE
2013-12-21 22:24 - 2013-12-21 21:47 - 00000450 _____ C:\WINDOWS\system32\Drivers\sthdae.log
2013-12-21 21:47 - 2005-11-28 15:16 - 00000000 ____D C:\WINDOWS\system32\ReinstallBackups
2013-12-21 21:35 - 2005-11-28 15:25 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-12-21 20:14 - 2013-12-21 20:13 - 00005252 _____ C:\WINDOWS\KB835221Uninst.log
2013-12-18 22:17 - 2013-05-06 16:11 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Media Player Classic
2013-12-18 19:12 - 2013-08-12 19:24 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\tixati
2013-12-18 01:24 - 2010-12-11 14:51 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\dvdcss
2013-12-16 04:10 - 2013-12-16 04:10 - 00000000 ____D C:\Documents and Settings\All Users\Start Menu\Programs\ImgBurn
2013-12-16 04:07 - 2013-05-23 10:59 - 00000000 ____D C:\Program Files\ImgBurn
2013-12-16 02:07 - 2013-10-26 19:08 - 00001586 _____ C:\Documents and Settings\All Users\Start Menu\Programs\SumatraPDF.lnk
2013-12-16 02:07 - 2013-10-26 19:08 - 00000000 ____D C:\Program Files\SumatraPDF
2013-12-13 22:06 - 2011-11-16 00:25 - 00000214 _____ C:\Documents and Settings\Infinite Library\Desktop\KINGSTON DATA TRAVLER (H).lnk
2013-12-12 00:16 - 2013-05-26 00:06 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Aegisub
2013-12-12 00:12 - 2013-10-30 20:30 - 00000000 ____D C:\Documents and Settings\Infinite Library\Local Settings\Application Data\Paint.NET
2013-12-11 23:36 - 2005-12-08 00:01 - 00000000 ____D C:\Program Files\Microsoft Office
2013-12-11 17:05 - 2004-08-10 12:57 - 00145216 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2013-12-11 16:19 - 2013-12-11 16:19 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2898715$
2013-12-11 16:19 - 2013-12-11 13:51 - 00010496 _____ C:\WINDOWS\KB2898715.log
2013-12-11 16:18 - 2013-12-11 16:18 - 00005086 _____ C:\WINDOWS\KB2904266.log
2013-12-11 16:18 - 2013-12-11 16:18 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2904266$
2013-12-11 16:18 - 2013-08-15 00:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-12-11 16:18 - 2007-02-14 22:44 - 00900600 _____ C:\WINDOWS\system32\TZLog.log
2013-12-11 16:15 - 2005-12-08 02:38 - 88123800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-12-11 16:14 - 2013-12-11 16:14 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893294$
2013-12-11 16:14 - 2013-12-11 13:51 - 00010017 _____ C:\WINDOWS\KB2893984.log
2013-12-11 16:14 - 2013-12-11 13:51 - 00009302 _____ C:\WINDOWS\KB2893294.log
2013-12-11 16:13 - 2013-12-11 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2893984$
2013-12-11 16:13 - 2013-12-11 16:13 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2892075$
2013-12-11 16:13 - 2013-12-11 13:51 - 00008546 _____ C:\WINDOWS\KB2892075.log
2013-12-10 19:41 - 2013-12-10 19:41 - 00000000 ____D C:\Documents and Settings\Infinite Library\My Documents\AVS4YOU
2013-12-10 03:29 - 2013-05-06 18:32 - 00000000 ___RD C:\Documents and Settings\Infinite Library\My Documents\xxComputerTrashxx
2013-12-10 03:22 - 2013-12-10 03:22 - 00000472 _____ C:\Documents and Settings\Infinite Library\My Documents\My Pictures.lnk
2013-12-10 02:25 - 2005-12-23 10:36 - 00000000 ___RD C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2013-12-10 02:17 - 2011-05-09 16:25 - 00000000 ____D C:\Program Files\FileHippo.com
2013-12-10 02:00 - 2013-12-10 02:00 - 00000000 ____D C:\Program Files\Aegisub-3.0.2-32
2013-12-10 01:55 - 2013-05-26 03:08 - 00000000 ____D C:\Program Files\Aegisub
2013-12-08 01:49 - 2006-06-15 00:54 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB918439$
2013-12-08 01:34 - 2010-06-11 15:41 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB975562$
2013-12-07 11:31 - 2007-06-13 12:49 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB935840$
2013-12-07 11:15 - 2013-10-08 23:00 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2868038$
2013-12-07 01:22 - 2013-12-07 01:22 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Publish Providers
2013-12-07 01:22 - 2013-12-07 01:22 - 00000000 ____D C:\Documents and Settings\All Users\Application Data\Sony
2013-12-07 01:21 - 2012-05-06 21:04 - 00000000 ____D C:\Documents and Settings\Infinite Library\Local Settings\Application Data\Sony
2013-12-07 01:21 - 2012-05-06 20:48 - 00000000 ____D C:\Documents and Settings\Infinite Library\Application Data\Sony
2013-12-06 19:30 - 2011-08-10 23:05 - 00000000 __HDC C:\WINDOWS\$NtUninstallKB2562937$
2013-12-05 22:08 - 2013-05-08 20:22 - 00000000 ____D C:\Program Files\Media Player Classic
2013-11-30 15:03 - 2013-11-30 15:03 - 00000000 ____D C:\Program Files\Ffmpeg For Audacity
2013-11-30 14:59 - 2013-11-23 02:54 - 00000000 ____D C:\Program Files\Audacity

Files to move or delete:
====================
C:\Documents and Settings\Infinite Library\Application Data\Camdata.ini
C:\Documents and Settings\Infinite Library\Application Data\CamLayout.ini
C:\Documents and Settings\Infinite Library\Application Data\CamShapes.ini
C:\Documents and Settings\Infinite Library\Application Data\CamStudio.Producer.Data.ini


Some content of TEMP:
====================
C:\Documents and Settings\Infinite Library\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Infinite Library\Local Settings\temp\vlc-2.1.2-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================





Additional scan result of Farbar Recovery Scan Tool (x86) Version: 27-12-2013 01
Ran by Infinite Library at 2013-12-27 23:11:22
Running from C:\Documents and Settings\Infinite Library\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================


==================== Installed Programs ======================

7-Zip 9.22beta
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Aegisub 3.0.4 (Version: 3.0.4)
AMD APP SDK Runtime (Version: 2.4.595.10)
AMP Font Viewer
ATI Catalyst Install Manager (Version: 3.0.825.0)
ATI Control Panel (Version: 6.14.10.5160)
ATI Display Driver (Version: 8.591-090225a-076825C-ATI)
AVS Audio Converter 7 (Version: 7.2.1.528)
AVS Audio Editor 7.2 (Version: 7.2.1.487)
AVS Audio Recorder version 4.0
AVS Cover Editor 2.0.1.3
AVS Disc Creator 5 (Version: 5.1.2.525)
AVS Document Converter 2.2.8 (Version: 2.2.8.225)
AVS DVD Copy 4.1.2.283
AVS Image Converter 2.3.3.249 (Version: 2.3.3.249)
AVS Photo Editor (Version: 2.1.2.136)
AVS Ringtone Maker version 1.6
AVS Screen Capture version 2.0.2
AVS Update Manager 1.0
AVS Video Converter 8 (Version: 8.4.2.541)
AVS Video Editor 6 (Version: 6.4.2.241)
AVS Video Recorder 2.5 (Version: 2.5.5.85)
AVS Video ReMaker 4.2.2.153 (Version: 4.2.2.153)
AVS4YOU Software Navigator 1.4
CCleaner (Version: 4.02)
Classic PhoneTools (Version: 4.24)
Dell Digital Jukebox Driver
Dell Driver Download Manager (HKCU Version: 3.0.0.0)
Dell Photo AIO Printer 962
Dell Resource CD (Version: 1.00.0000)
Dell System Restore (Version: 2.00.0000)
DellSupport (Version: 6.0.3062)
DriverMax 7 (Version: 7.13.0.23)
DVD Decrypter (Remove Only)
DVD Shrink 3.2
ExplorerXP (remove only)
FastStone Image Viewer 4.8 (Version: 4.8)
FFmpeg v0.6.2 for Audacity
FileHippo.com Update Checker
High Definition Audio Driver Package - KB835221 (Version: 20040219.000000)
ImgBurn (Version: 2.5.8.0)
Intel® 537EP V9x DFV PCI Modem
Intel® Matrix Storage Manager
Intel® PRO Network Connections Drivers
Intel® PROSet for Wired Connections (Version: 9.30.0000)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
MediaInfo 0.7.63 (Version: 0.7.63)
Microsoft .NET Framework 1.1 (Version: 1.1.4322)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2833941)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2 (Version: 2.2.30729)
Microsoft .NET Framework 3.0 Service Pack 2 (Version: 3.2.30729)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Compression Client Pack 1.0 for Windows XP (Version: 1)
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
Microsoft National Language Support Downlevel APIs
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Standard Edition 2003 (Version: 11.0.8173.0)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Modem Event Monitor
Modem Helper (Version: 2.40)
Modem On Hold (Version: 1.12)
Mozilla Firefox 26.0 (x86 en-US) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
MPC-HC 1.7.0 (Version: 1.7.0.7858)
MSXML 4.0 SP2 (KB927978) (Version: 4.20.9841.0)
MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NWZ-E460 WALKMAN Guide (Version: 2.0.2.04130)
Paint.NET v3.5.11 (Version: 3.61.0)
Print to Fax (Version: 1.00)
Puran Defrag 7.7
Revo Uninstaller Pro 3.0.7 (Version: 3.0.7)
Sandboxie 4.06 (32-bit) (Version: 4.06)
Sony USB Driver (Version: 2.00)
SumatraPDF 2.5.8500 (Version: 2.5.8500)
Tixati
Tweak UI
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Windows Internet Explorer 8 (KB2598845) (Version: 1)
Update for Windows XP (KB2141007) (Version: 1)
Update for Windows XP (KB2345886) (Version: 1)
Update for Windows XP (KB2467659) (Version: 1)
Update for Windows XP (KB2492386) (Version: 1)
Update for Windows XP (KB2541763) (Version: 1)
Update for Windows XP (KB2607712) (Version: 1)
Update for Windows XP (KB2616676) (Version: 1)
Update for Windows XP (KB2641690) (Version: 1)
Update for Windows XP (KB2661254-v2) (Version: 2)
Update for Windows XP (KB2718704) (Version: 1)
Update for Windows XP (KB2736233) (Version: 1)
Update for Windows XP (KB2749655) (Version: 1)
Update for Windows XP (KB2863058) (Version: 1)
Update for Windows XP (KB2904266) (Version: 1)
Update for Windows XP (KB951072-v2) (Version: 2)
Update for Windows XP (KB951978) (Version: 1)
Update for Windows XP (KB955759) (Version: 1)
Update for Windows XP (KB955839) (Version: 1)
Update for Windows XP (KB961503) (Version: 1)
Update for Windows XP (KB967715) (Version: 1)
Update for Windows XP (KB968389) (Version: 1)
Update for Windows XP (KB971029) (Version: 1)
Update for Windows XP (KB971737) (Version: 1)
Update for Windows XP (KB973687) (Version: 1)
Update for Windows XP (KB973815) (Version: 1)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
VLC media player 2.1.2 (Version: 2.1.2)
WebFldrs XP (Version: 9.50.7523)
Windows Genuine Advantage Notifications (KB905474) (Version: 1.7.0018.5)
Windows Genuine Advantage Validation Tool (KB892130)
Windows Genuine Advantage Validation Tool (KB892130) (Version: 1.7.0069.2)
Windows Installer Clean Up (Version: 3.00.00.0000)
Windows Internet Explorer 7 (Version: 20061107.210142)
Windows Internet Explorer 8 (Version: 20090308.140743)
Windows Live Install Wizard (Version: 1.00.0000)
Windows Live Sign-in Assistant (Version: 5.000.818.5)
Windows Live Upload Tool (Version: 14.0.8014.1029)
Windows Media Format 11 runtime
Windows Media Player 10 (Version: 9.00.3636)
Windows Media Player 11
Windows PowerShell™ 1.0 (Version: 2)
Windows XP Service Pack 3 (Version: 20080414.031525)
WinRAR 5.00 (32-bit) (Version: 5.00.0)

==================== Restore Points =========================

01-12-2013 01:59:50 System Checkpoint
02-12-2013 02:06:55 System Checkpoint
03-12-2013 06:08:34 System Checkpoint
04-12-2013 22:35:32 System Checkpoint
06-12-2013 04:35:01 System Checkpoint
07-12-2013 09:17:53 System Checkpoint
09-12-2013 01:38:24 Revo Uninstaller Pro's restore point - MKVToolNix 6.5.0
10-12-2013 05:14:55 System Checkpoint
10-12-2013 07:50:12 Revo Uninstaller Pro's restore point - CBR and CBZ to PDF
10-12-2013 07:52:14 Revo Uninstaller Pro's restore point - Sony Vegas Pro 10.0
10-12-2013 07:56:06 Revo Uninstaller Pro's restore point - Amazon
10-12-2013 08:01:38 Revo Uninstaller Pro's restore point - DVD Flick 1.3.0.7
10-12-2013 08:04:53 Revo Uninstaller Pro's restore point - WebCyberCoach
10-12-2013 08:46:24 Revo Uninstaller Pro's restore point - Xesc & Technology
10-12-2013 08:51:21 Revo Uninstaller Pro's restore point - W3i
10-12-2013 08:53:11 Revo Uninstaller Pro's restore point - sw4b4
11-12-2013 22:11:50 Software Distribution Service 3.0
13-12-2013 19:09:49 System Checkpoint
14-12-2013 02:48:31 Software Distribution Service 3.0
15-12-2013 03:46:07 System Checkpoint
16-12-2013 10:15:59 Revo Uninstaller Pro's restore point - Search Protect
18-12-2013 05:08:59 System Checkpoint
18-12-2013 16:28:26 Revo Uninstaller Pro's restore point - WordWeb
20-12-2013 03:32:26 System Checkpoint
22-12-2013 01:43:17 Before Sigmatel Fiddling
22-12-2013 02:13:44 Revo Uninstaller Pro's restore point - High Definition Audio Driver Package - KB835221
22-12-2013 02:55:39 Revo Uninstaller Pro's restore point - R126205
22-12-2013 03:10:01 Restore Operation
22-12-2013 03:48:12 Installed SigmaTel Audio
22-12-2013 04:28:49 Restore Operation
23-12-2013 05:37:57 System Checkpoint
24-12-2013 16:52:27 Software Distribution Service 3.0
25-12-2013 00:38:24 Revo Uninstaller Pro's restore point - Free Sound Recorder v9.7.2
25-12-2013 00:46:52 Revo Uninstaller Pro's restore point - SearchProtect
25-12-2013 07:12:40 Revo Uninstaller Pro's restore point - conduit.com
25-12-2013 13:41:40 Revo Uninstaller Pro's restore point - conduit
25-12-2013 15:21:18 Revo Uninstaller Pro's restore point - conduit
25-12-2013 17:20:56 Revo Uninstaller Pro's restore point - DeviceDesc
25-12-2013 18:03:55 Revo Uninstaller Pro's restore point - Mozilla Firefox 26.0 (x86 en-US)
25-12-2013 18:55:51 Revo Uninstaller Pro's restore point - Windows Internet Explorer 8
25-12-2013 18:58:59 Revo Uninstaller Pro's restore point - Dell System Detect
25-12-2013 19:37:43 Installed Windows Internet Explorer 8.
25-12-2013 19:38:59 Software Distribution Service 3.0
25-12-2013 20:12:53 Software Distribution Service 3.0
26-12-2013 00:47:34 Restore Operation
26-12-2013 00:59:47 Restore Operation
28-12-2013 01:59:37 Revo Uninstaller Pro's restore point - bonjour
28-12-2013 02:03:08 Revo Uninstaller Pro's restore point - Windows Search 4.0
28-12-2013 02:05:29 Revo Uninstaller Pro's restore point - Internet Download Manager

==================== Hosts content: ==========================

2011-05-08 10:46 - 2011-06-03 15:30 - 00000098 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{BBA3DE1D-12C5-4743-B18F-6153BA9C2721}.job => C:\WINDOWS\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2005-12-10 16:29 - 2004-12-16 09:15 - 00073728 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\dlbxPP5C.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (12/27/2013 11:06:37 PM) (Source: 0) (User: )
Description: \Device\Harddisk2\D

Error: (12/27/2013 11:06:05 PM) (Source: 0) (User: )
Description: \Device\Harddisk2\D


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 48%
Total physical RAM: 1022.09 MB
Available physical RAM: 526.71 MB
Total Pagefile: 2524.18 MB
Available Pagefile: 2177.78 MB
Total Virtual: 2047.88 MB
Available Virtual: 1946.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:229.77 GB) (Free:152.94 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (Elements) (Fixed) (Total:931.51 GB) (Free:257.51 GB) NTFS
Drive g: (Elements) (Fixed) (Total:2794.52 GB) (Free:2450.92 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: D0F4738C)
Partition 1: (Not Active) - (Size=55 MB) - (Type=DE)
Partition 2: (Active) - (Size=230 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=3 GB) - (Type=DB)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 1.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 0006B71E)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#8
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
FRST seems to have worked as planned. You are showing a hard drive error - with both drives.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C: (then repeat for F: G: They may not need a reboot)
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check, but don't restart yet.

Right click on (My) Computer and select Manage (Continue) Then the Event Viewer. Next select Windows Logs. Right click on System and Clear Log, Clear. Repeat for Application. Reboot. The disk check will run and will probably take an hour or more to finish.


Start, All Programs, Accessories then right click on Command Prompt and Run as Administrator. Then type (with an Enter after each line).

sfc /scannow

(SPACE after sfc. This will check your critical system files. Does this finish without complaint? IF it says it couldn't fix everything then:

Copy the next two lines:

findstr /c:"[SR]" \windows\logs\cbs\cbs.log > \windows\logs\cbs\junk.txt
notepad \windows\logs\cbs\junk.txt

Start, All Programs, Accessories, right click on Command Prompt and Run as Administrator, Continue. Right click and Paste or Edit then Paste and the copied line should appear.
Hit Enter if notepad does not open. Copy and paste the text from notepad into a reply. Close nOtepad. Close the Command Window.


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Right-click VEW.exe and Run AS Administrator
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.
  • 0

#9
SandyStone

SandyStone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
I'm back, it took about 22 hours. :wacko:

Was Internet Download Manager buggy, just out of curosity?

The fix ran with no problems.

Here are the logs

Vino's Event Viewer v01c run on Windows XP in English
Report run at 28/12/2013 10:52:51 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Vino's Event Viewer v01c run on Windows XP in English
Report run at 28/12/2013 10:55:00 PM

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'Application' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#10
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
IDM is just not needed and can cause problems.

Did you really reboot before running VEW? Normally we get a few alarms.
  • 0

Advertisements


#11
SandyStone

SandyStone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
No, I did not restart after the sfc scan before the VEW.
  • 0

#12
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
But you did clear the alarms before rebooting?

How is it running now?
  • 0

#13
SandyStone

SandyStone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Yes, I cleared the logs. It's running fine right now. I would have to restart it again to see if the start up process is still acting off.
  • 0

#14
RKinner

RKinner

    Malware Expert

  • Expert
  • 24,598 posts
  • MVP
Generally it's the video driver that takes so long. You might look and see if there is an upgraded version available on your PC maker's website.
  • 0

#15
SandyStone

SandyStone

    Member

  • Topic Starter
  • Member
  • PipPip
  • 69 posts
Bad news, everything crashed and I have to borrow the neighbours laptop.

I rebooted and I can not access the internet.

The icons on the desktop are all gone except for their names. I clicked the space where the icon is supposed to be and I got the blue screen of death.

ATIKVMAG.DLL address BFO92E00 @ BF07D000

0XC0000005, 0XBF092E000XB7F85708, 0X000000000

For windows log on there are no **** when you type your password.

Windows does not load properly, there is now a power button on the log on screen.


I appreciate you trying to help me but, is this way over your head? Should I ask someone else?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP