Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

DVD Drives Suddenly don't AutoPlay [Solved]


  • This topic is locked This topic is locked

#31
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts

Welcome back Jackpine!
You can make an Acronis image before we start, and then make one after we are done, just in case.
You already heard about XP and it's end of life, so you know what you are up against there.

Let's just make sure there is nothing hiding in there, I doubt it, but let's be sure.....

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the 32 bit version of the tool.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

In your next reply I would like to see:


  •   FRST.txt
  •   Addition.txt

 

 


  • 0

Advertisements


#32
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts

Hi Crowbar!  I didn't think I would be back this soon, but after working with phillpower2 for so long to fix my DVD autoplay issue, I thought it's best to make sure that everything else is up to snuff.  (What an epic battle that was!  The stuff of legend.)

 

My logs are posted below.  I notice that the Addition.txt shows dozens and dozens of Microsoft updates. Phillpower2 noticed that the Speccy tool didn't show many updates.  As a matter of fact, when I go to the Microsoft update site, alll my updates from 2005 onwards when I built this machine have disappeared except for the last month.  And I know that I installed them all except for things like Bing and Silverlight, etc.  I suspect they are still on my machine, but hidden somehow.  (I don't want to create a red herring about this.  My main reason is to ensure that the computer is clean after all the downloading and testing and fixing before I create another Acronis image.  I did create one before running these scans by the way.)  Anyways, to the logs.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-04-2014 01
Ran by Robert (administrator) on FIRSTBUILD on 17-04-2014 20:24:15
Running from C:\Documents and Settings\Robert\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
() C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2021400 2009-02-06] (ESET)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [4359600 2009-01-21] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [960560 2009-01-21] (Acronis)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [8523776 2007-11-06] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0

==================== Internet (Whitelisted) ====================

BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1292380760937
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} http://eserv.sympati...adaPortalAX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\..\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
FF Keyword.URL: hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.91 - C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Robert\Application Data\mozilla\plugins\npPxPlay.dll ( )
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618944 2009-01-21] (Acronis)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [20680 2009-02-06] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [727720 2009-02-06] (ESET)
S4 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S2 NOD32FiXTemDono; C:\WINDOWS\system32\regedt32.exe [3584 2004-08-04] (Microsoft Corporation)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [1252616 2011-07-07] (Raxco Software, Inc.)
S3 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2111752 2011-07-07] (Raxco Software, Inc.)
S2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] ()
R2 ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [181312 2009-04-23] ()
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2008-07-10] (SolidWorks)
S3 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [598856 2007-11-26] (Webroot Software, Inc.)
S4 Roxio UPnP Renderer 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" [X]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [120616 2013-11-26] (SlySoft, Inc.)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [4962 2004-10-14] ()
R2 cvintdrv; C:\WINDOWS\system32\Drivers\cvintdrv.sys [4096 2006-07-27] ()
R2 DefragFS; C:\WINDOWS\system32\Drivers\DefragFS.sys [138768 2011-06-30] (Raxco Software, Inc.)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [113448 2009-02-06] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [106208 2009-02-06] (ESET)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S4 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [130952 2009-02-06] (ESET)
S4 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [56280 2009-02-06] (ESET)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [670208 2004-11-05] (Aladdin Knowledge Systems Ltd.)
R0 iteatapi; C:\WINDOWS\System32\DRIVERS\iteatapi.sys [28672 2008-03-01] (ITE Tech. Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
S3 moufiltr; C:\WINDOWS\System32\DRIVERS\moufiltr.sys [62592 2007-01-14] (Chic Tech.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
R2 PDFSFilter; C:\WINDOWS\System32\DRIVERS\PDFsFilter.sys [66320 2011-06-30] (Raxco Software, Inc.)
R0 SI3132; C:\WINDOWS\System32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\WINDOWS\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
R0 snapman380; C:\WINDOWS\System32\DRIVERS\snman380.sys [134272 2009-10-24] (Acronis)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 tdrpman174; C:\WINDOWS\System32\DRIVERS\tdrpm174.sys [971552 2009-10-24] (Acronis)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44704 2009-10-24] (Acronis)
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2008-05-10] (EnTech Taiwan)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [285952 2007-12-06] (Marvell)
S3 Ad-Watch Connect Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys [X]
S3 catchme; \??\C:\DOCUME~1\Robert\LOCALS~1\Temp\catchme.sys [X]
U2 ccEvtMgr;
U2 ccSetMgr;
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S3 FLASHSYS; No ImagePath
S3 GMSIPCI; No ImagePath
S4 IntelIde; No ImagePath
U3 navapsvc;
S3 NTACCESS; No ImagePath
U2 RemoteRegistry;
U3 SAVRT;
U1 SAVRTPEL;
S3 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S1 SpyEmrg; No ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-17 20:24 - 2014-04-17 20:24 - 00013403 _____ () C:\Documents and Settings\Robert\Desktop\FRST.txt
2014-04-17 20:24 - 2014-04-17 20:24 - 00000000 ____D () C:\FRST
2014-04-17 20:22 - 2014-04-17 20:22 - 01146880 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe
2014-04-16 17:29 - 2014-04-16 17:29 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-16_17-29-39.txt
2014-04-16 17:29 - 2014-04-16 17:29 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-16_17-29-52.txt
2014-04-16 17:16 - 2014-04-16 17:58 - 00014907 _____ () C:\WINDOWS\KB971029.log
2014-04-15 18:30 - 2014-04-15 18:30 - 00000000 ____D () C:\Program Files\ESET
2014-04-15 18:30 - 2014-04-15 18:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2014-04-10 17:06 - 2014-04-16 22:08 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\AlawarEntertainment
2014-04-10 17:02 - 2014-04-10 17:02 - 00000000 ____D () C:\WINDOWS\Stray Souls 2 - Stolen Memories Collector's Edition
2014-04-10 16:59 - 2014-04-17 16:32 - 00000000 ____D () C:\Program Files\Games
2014-04-10 16:38 - 2014-04-10 16:38 - 00000000 ____D () C:\WINDOWS\Emberwing - Lost Legacy Collectors Edition
2014-04-09 19:47 - 2014-04-09 19:47 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\LestaStudio
2014-04-08 20:30 - 2014-04-08 20:30 - 00012775 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-08 20:30 - 2014-04-08 20:30 - 00003833 _____ () C:\WINDOWS\updspapi.log
2014-04-08 20:26 - 2014-04-08 20:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-08 20:23 - 2014-04-08 20:30 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-04-08 20:23 - 2014-04-08 20:30 - 00018550 _____ () C:\WINDOWS\FaxSetup.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00008868 _____ () C:\WINDOWS\ocgen.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00007077 _____ () C:\WINDOWS\tsoc.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00006170 _____ () C:\WINDOWS\comsetup.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00003744 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00002934 _____ () C:\WINDOWS\iis6.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00001026 _____ () C:\WINDOWS\ocmsn.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00000927 _____ () C:\WINDOWS\msgsocm.log
2014-04-08 20:23 - 2014-04-08 20:26 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-04-08 20:22 - 2014-04-08 20:26 - 00009140 _____ () C:\WINDOWS\KB2922229.log
2014-04-08 16:07 - 2014-04-15 17:30 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-04-08 16:07 - 2014-04-08 16:07 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2014-04-08 16:06 - 2014-04-08 16:06 - 00714464 _____ () C:\Documents and Settings\Robert\Desktop\Adware-Removal-Tool-v3.8.exe
2014-04-05 18:30 - 2014-04-05 18:30 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-05_18-30-34.txt
2014-04-05 18:30 - 2014-04-05 18:30 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-05_18-30-16.txt
2014-04-05 14:45 - 2014-04-05 14:45 - 00000697 _____ () C:\Documents and Settings\Robert\Desktop\Demonoid.url
2014-04-05 08:43 - 2014-04-14 16:47 - 00012480 _____ () C:\WINDOWS\setupapi.log
2014-04-05 08:43 - 2014-04-05 08:43 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-05 08:43 - 2014-04-05 08:43 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-04-04 17:50 - 2014-04-04 17:50 - 00001880 _____ () C:\WINDOWS\bitssetup.log
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Program Files\SmartPack
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Documents and Settings\Robert\Start Menu\Programs\SmartPack
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Documents and Settings\Robert\My Documents\SmartPack
2014-04-03 16:58 - 2014-04-06 17:57 - 00000000 ____D () C:\Program Files\PCPitstop
2014-04-02 22:28 - 2014-04-02 22:30 - 00009333 _____ () C:\Documents and Settings\Robert\Application Data\Comma Separated Values (Windows).EML
2014-04-02 16:46 - 2014-04-02 16:46 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\tabagames
2014-04-01 15:02 - 2014-04-05 15:02 - 00000000 _____ () C:\Documents and Settings\Robert\hotfix.html
2014-03-29 08:48 - 2014-03-29 08:49 - 05192704 _____ (Geza Kovacs) C:\Documents and Settings\Robert\Desktop\unetbootin-windows-585.exe
2014-03-28 22:17 - 2014-04-08 18:20 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 22:17 - 2014-04-08 18:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-28 22:17 - 2014-04-08 18:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-03-28 22:17 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-28 19:47 - 2014-03-28 19:57 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Natural Threat.Ominous Shores
2014-03-28 19:40 - 2014-03-28 19:40 - 00000000 ____D () C:\WINDOWS\Secret Trails - Frozen Heart Collector's Edition
2014-03-23 19:15 - 2014-04-01 15:35 - 00000000 __SHD () C:\WINDOWS\system32\AI_RecycleBin
2014-03-23 19:15 - 2014-03-23 19:15 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Application Data\Caphyon
2014-03-23 19:14 - 2014-03-23 19:14 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\H&R Block Canada Inc
2014-03-23 09:47 - 2014-03-23 09:47 - 00000000 ____D () C:\WINDOWS\Dark Romance - Vampire in Love Collector's Edition
2014-03-22 23:53 - 2014-03-22 23:53 - 00000798 _____ () C:\Documents and Settings\Robert\Start Menu\Programs\Windows Media Player.lnk
2014-03-22 20:53 - 2014-03-22 20:53 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\JetFun
2014-03-19 16:52 - 2014-03-19 16:53 - 00000000 ____D () C:\Documents and Settings\Robert\My Documents\My AutoRun Projects
2014-03-19 16:32 - 2014-03-19 16:32 - 00000936 _____ () C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
2014-03-19 16:32 - 2014-03-19 16:32 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-03-19 16:32 - 2014-03-19 16:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2014-03-19 16:32 - 2014-02-27 14:00 - 00112640 _____ () C:\WINDOWS\system32\ff_vfw.dll
2014-03-19 16:32 - 2013-03-17 13:21 - 03649536 _____ (x264vfw project) C:\WINDOWS\system32\x264vfw.dll
2014-03-19 16:32 - 2012-07-21 07:54 - 00122880 _____ (fccHandler) C:\WINDOWS\system32\ac3acm.acm
2014-03-19 16:32 - 2011-12-07 14:32 - 00216064 _____ ( ) C:\WINDOWS\system32\lagarith.dll
2014-03-19 16:32 - 2011-06-24 11:44 - 00243200 _____ () C:\WINDOWS\system32\xvidvfw.dll
2014-03-19 16:32 - 2011-06-24 11:28 - 00650752 _____ () C:\WINDOWS\system32\xvidcore.dll
2014-03-19 16:32 - 2011-06-22 11:14 - 00000714 _____ () C:\WINDOWS\system32\ff_vfw.dll.manifest
2014-03-18 16:46 - 2014-03-18 20:53 - 01072544 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2014-03-18 16:46 - 2014-03-18 20:53 - 01072544 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2014-03-18 16:46 - 2014-03-18 20:53 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-03-18 16:46 - 2014-03-18 16:46 - 00000000 _____ () C:\WINDOWS\system32\nvdrswr.lk
2014-03-18 16:46 - 2013-02-08 05:03 - 02816504 _____ () C:\WINDOWS\system32\nvdata.data
2014-03-18 16:46 - 2013-02-08 05:03 - 01010464 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco32.dll
2014-03-18 16:46 - 2013-02-08 05:02 - 05967872 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2014-03-18 16:46 - 2013-02-08 05:02 - 00892704 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco32.dll
2014-03-18 16:30 - 2014-03-18 16:30 - 00000000 ____D () C:\Program Files\Innovative Solutions

==================== One Month Modified Files and Folders =======

2014-04-17 20:24 - 2014-04-17 20:24 - 00013403 _____ () C:\Documents and Settings\Robert\Desktop\FRST.txt
2014-04-17 20:24 - 2014-04-17 20:24 - 00000000 ____D () C:\FRST
2014-04-17 20:22 - 2014-04-17 20:22 - 01146880 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe
2014-04-17 20:21 - 2008-08-16 09:32 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\uTorrent
2014-04-17 20:12 - 2010-03-11 23:40 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-17 20:12 - 2006-06-03 18:06 - 01100969 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-17 20:09 - 2013-05-25 08:34 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-17 16:56 - 2010-10-30 14:18 - 00002521 _____ () C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
2014-04-17 16:52 - 2014-03-14 16:16 - 00000363 _____ () C:\DelFix.txt
2014-04-17 16:46 - 2014-03-12 23:32 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-17 16:46 - 2013-09-14 20:51 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-17 16:46 - 2013-09-14 20:51 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-17 16:46 - 2010-03-11 23:40 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-17 16:46 - 2006-06-03 18:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-17 16:46 - 2004-08-04 08:00 - 00013710 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-17 16:44 - 2006-06-03 18:32 - 00000278 ___SH () C:\Documents and Settings\Robert\ntuser.ini
2014-04-17 16:37 - 2006-06-03 18:31 - 00032640 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-17 16:32 - 2014-04-10 16:59 - 00000000 ____D () C:\Program Files\Games
2014-04-16 22:08 - 2014-04-10 17:06 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\AlawarEntertainment
2014-04-16 18:37 - 2010-10-30 14:30 - 00002515 _____ () C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
2014-04-16 17:58 - 2014-04-16 17:16 - 00014907 _____ () C:\WINDOWS\KB971029.log
2014-04-16 17:29 - 2014-04-16 17:29 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-16_17-29-39.txt
2014-04-16 17:29 - 2014-04-16 17:29 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-16_17-29-52.txt
2014-04-15 18:36 - 2012-08-13 16:23 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-15 18:36 - 2012-08-13 16:23 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-04-15 18:36 - 2006-06-10 08:50 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Application Data\Adobe
2014-04-15 18:30 - 2014-04-15 18:30 - 00000000 ____D () C:\Program Files\ESET
2014-04-15 18:30 - 2014-04-15 18:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2014-04-15 18:30 - 2011-03-31 18:57 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-04-15 18:30 - 2006-09-03 15:13 - 00000000 ____D () C:\Documents and Settings\Guest
2014-04-15 18:30 - 2006-06-03 18:32 - 00000000 ____D () C:\Documents and Settings\Robert
2014-04-15 18:30 - 2006-06-03 18:31 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-04-15 18:30 - 2006-06-03 18:09 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-04-15 18:30 - 2006-06-03 18:05 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-15 17:30 - 2014-04-08 16:07 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-04-14 16:47 - 2014-04-05 08:43 - 00012480 _____ () C:\WINDOWS\setupapi.log
2014-04-10 17:02 - 2014-04-10 17:02 - 00000000 ____D () C:\WINDOWS\Stray Souls 2 - Stolen Memories Collector's Edition
2014-04-10 16:41 - 2012-01-28 21:02 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Boomzap
2014-04-10 16:38 - 2014-04-10 16:38 - 00000000 ____D () C:\WINDOWS\Emberwing - Lost Legacy Collectors Edition
2014-04-09 19:47 - 2014-04-09 19:47 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\LestaStudio
2014-04-08 20:30 - 2014-04-08 20:30 - 00012775 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-08 20:30 - 2014-04-08 20:30 - 00003833 _____ () C:\WINDOWS\updspapi.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-04-08 20:30 - 2014-04-08 20:23 - 00018550 _____ () C:\WINDOWS\FaxSetup.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00008868 _____ () C:\WINDOWS\ocgen.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00007077 _____ () C:\WINDOWS\tsoc.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00006170 _____ () C:\WINDOWS\comsetup.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00003744 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00002934 _____ () C:\WINDOWS\iis6.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00001026 _____ () C:\WINDOWS\ocmsn.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00000927 _____ () C:\WINDOWS\msgsocm.log
2014-04-08 20:30 - 2013-08-07 15:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-08 20:30 - 2006-06-03 13:41 - 00000000 ____D () C:\WINDOWS\security
2014-04-08 20:26 - 2014-04-08 20:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-08 20:26 - 2014-04-08 20:23 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-08 20:26 - 2014-04-08 20:22 - 00009140 _____ () C:\WINDOWS\KB2922229.log
2014-04-08 20:26 - 2007-01-13 18:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-04-08 20:26 - 2006-06-05 16:35 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-04-08 20:23 - 2014-03-15 10:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2014-04-08 20:23 - 2006-12-11 17:55 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-04-08 20:23 - 2006-06-03 18:03 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-04-08 20:23 - 2006-06-03 13:41 - 00000000 ____D () C:\WINDOWS\Help
2014-04-08 18:20 - 2014-03-28 22:17 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-08 18:15 - 2014-03-28 22:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-08 18:15 - 2014-03-28 22:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-08 16:07 - 2014-04-08 16:07 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2014-04-08 16:06 - 2014-04-08 16:06 - 00714464 _____ () C:\Documents and Settings\Robert\Desktop\Adware-Removal-Tool-v3.8.exe
2014-04-08 15:00 - 2014-03-12 23:32 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-06 17:57 - 2014-04-03 16:58 - 00000000 ____D () C:\Program Files\PCPitstop
2014-04-05 18:30 - 2014-04-05 18:30 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-05_18-30-34.txt
2014-04-05 18:30 - 2014-04-05 18:30 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-05_18-30-16.txt
2014-04-05 15:02 - 2014-04-01 15:02 - 00000000 _____ () C:\Documents and Settings\Robert\hotfix.html
2014-04-05 14:45 - 2014-04-05 14:45 - 00000697 _____ () C:\Documents and Settings\Robert\Desktop\Demonoid.url
2014-04-05 08:45 - 2010-04-03 19:22 - 00276806 _____ () C:\WINDOWS\system32\NvApps.xml
2014-04-05 08:43 - 2014-04-05 08:43 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-05 08:43 - 2014-04-05 08:43 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-04-05 08:43 - 2006-06-04 12:06 - 00000000 ____D () C:\WINDOWS\nview
2014-04-04 20:45 - 2011-03-26 11:30 - 00131072 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-04-04 17:50 - 2014-04-04 17:50 - 00001880 _____ () C:\WINDOWS\bitssetup.log
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Program Files\SmartPack
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Documents and Settings\Robert\Start Menu\Programs\SmartPack
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Documents and Settings\Robert\My Documents\SmartPack
2014-04-03 09:51 - 2014-03-28 22:17 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2014-03-14 16:22 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-02 22:30 - 2014-04-02 22:28 - 00009333 _____ () C:\Documents and Settings\Robert\Application Data\Comma Separated Values (Windows).EML
2014-04-02 16:46 - 2014-04-02 16:46 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\tabagames
2014-04-01 15:35 - 2014-03-23 19:15 - 00000000 __SHD () C:\WINDOWS\system32\AI_RecycleBin
2014-03-29 08:49 - 2014-03-29 08:48 - 05192704 _____ (Geza Kovacs) C:\Documents and Settings\Robert\Desktop\unetbootin-windows-585.exe
2014-03-28 22:17 - 2010-01-10 15:21 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-28 22:17 - 2010-01-10 15:21 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Malwarebytes
2014-03-28 22:17 - 2009-04-16 17:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-28 19:57 - 2014-03-28 19:47 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Natural Threat.Ominous Shores
2014-03-28 19:40 - 2014-03-28 19:40 - 00000000 ____D () C:\WINDOWS\Secret Trails - Frozen Heart Collector's Edition
2014-03-25 16:16 - 2006-06-04 20:46 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-03-24 20:09 - 2009-01-03 21:12 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Simply Super Software
2014-03-23 19:15 - 2014-03-23 19:15 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Application Data\Caphyon
2014-03-23 19:14 - 2014-03-23 19:14 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\H&R Block Canada Inc
2014-03-23 09:47 - 2014-03-23 09:47 - 00000000 ____D () C:\WINDOWS\Dark Romance - Vampire in Love Collector's Edition
2014-03-22 23:54 - 2006-06-03 13:49 - 00724282 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-22 23:53 - 2014-03-22 23:53 - 00000798 _____ () C:\Documents and Settings\Robert\Start Menu\Programs\Windows Media Player.lnk
2014-03-22 20:53 - 2014-03-22 20:53 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\JetFun
2014-03-21 18:30 - 2006-06-09 23:04 - 00000000 ____D () C:\WINDOWS\Downloaded Installations
2014-03-19 16:53 - 2014-03-19 16:52 - 00000000 ____D () C:\Documents and Settings\Robert\My Documents\My AutoRun Projects
2014-03-19 16:32 - 2014-03-19 16:32 - 00000936 _____ () C:\Documents and Settings\All Users\Desktop\Media Player Classic.lnk
2014-03-19 16:32 - 2014-03-19 16:32 - 00000000 ____D () C:\Program Files\K-Lite Codec Pack
2014-03-19 16:32 - 2014-03-19 16:32 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
2014-03-18 21:31 - 2006-06-04 12:08 - 00000090 _____ () C:\WINDOWS\msicpl.ini
2014-03-18 20:53 - 2014-03-18 16:46 - 01072544 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2014-03-18 20:53 - 2014-03-18 16:46 - 01072544 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2014-03-18 20:53 - 2014-03-18 16:46 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-03-18 20:53 - 2009-11-25 23:41 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-03-18 16:46 - 2014-03-18 16:46 - 00000000 _____ () C:\WINDOWS\system32\nvdrswr.lk
2014-03-18 16:30 - 2014-03-18 16:30 - 00000000 ____D () C:\Program Files\Innovative Solutions
2014-03-18 16:30 - 2007-07-19 19:02 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Application Data\Innovative Solutions
2014-03-18 16:21 - 2006-06-04 20:09 - 00000000 ___HD () C:\WINDOWS\$hf_mig$

Files to move or delete:
====================
C:\Documents and Settings\Robert\Google_Earth_Pro_Patch_Setup.exe
C:\Documents and Settings\Robert\mylist.dat
C:\Documents and Settings\Robert\utorrent.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-04-2014 01
Ran by Robert at 2014-04-17 20:25:01
Running from C:\Documents and Settings\Robert\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: ESET Smart Security 4.0 (Disabled - Up to date) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET Personal firewall (Disabled) {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}

==================== Installed Programs ======================

µTorrent (HKLM\...\uTorrent) (Version: 2.0.3 - )
Acronis True Image Home (HKLM\...\{37C8899D-FD70-481F-94AA-1F1B08765E22}) (Version: 12.0.9709 - Acronis)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.0.0 - Adobe Systems) Hidden
Adobe Anchor Service CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Asset Services CS3 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS3 (Version: 2 - Adobe Systems Incorporated) Hidden
Adobe Bridge Start Meeting (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Camera Raw 4.0 (Version: 4.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color Common Settings (HKLM\...\Adobe_6c8e2cb4fd241c55406016127a6ab2e) (Version: 1.0.1 - Adobe Systems Incorporated)
Adobe Color Common Settings (Version: 1.0.1 - Adobe Systems Incorporated) Hidden
Adobe Color EU Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Recommended Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Device Central CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Download Manager (HKLM\...\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}) (Version: 1.6.2.91 - NOS Microsystems Ltd.)
Adobe ExtendScript Toolkit 2 (HKLM\...\Adobe_3e054d2218e7aa282c2369d939e58ff) (Version: 2.0.2 - Adobe Systems Incorporated)
Adobe ExtendScript Toolkit 2 (Version: 2.0.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Help Viewer CS3 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS3 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files (Version: 8.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS3 (HKLM\...\Adobe_719d6f144d0c086a0dfa7ff76bb9ac1) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop CS3 (Version: 10 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Type Support (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS3 (Version: 5.1.0 - Adobe Systems Incorporated) Hidden
Adobe Version Cue CS3 Client (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS3 (Version: 1.0 - Adobe Systems Incorporated) Hidden
Amnesia - The Dark Descent  (HKLM\...\{54B7A3C7-0940-4C16-A509-FC3C3758D22A}_is1) (Version: 1.0.0 - Frictional Games)
AnyDVD (HKLM\...\AnyDVD) (Version: 7.4.1.0 - SlySoft)
Apple Application Support (HKLM\...\{EE6097DD-05F4-4178-9719-D3170BF098E8}) (Version: 1.4.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{308B6AEA-DE50-4666-996D-0FA461719D6B}) (Version: 3.3.0.69 - Apple Inc.)
Apple Software Update (HKLM\...\{C41300B9-185D-475E-BFEC-39EF732F19B1}) (Version: 2.1.2.120 - Apple Inc.)
AVIcodec (remove only) (HKLM\...\AVIcodec) (Version:  - )
Beyond Compare Version 2.4.3 (HKLM\...\BC2_is1) (Version:  - Scooter Software)
Bonjour (HKLM\...\{2A981294-F14C-4F0F-9627-D793270922F8}) (Version: 2.0.4.0 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.00 - Piriform)
CloneDVD2 (HKLM\...\CloneDVD2) (Version:  - Elaborate Bytes)
Collectorz.com Movie Collector (HKLM\...\Collectorz.com Movie Collector) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CoreFLAC Audio Decoder+Source Filter (remove only) (HKLM\...\CoreFLAC Audio Decoder+Source Filter) (Version:  - )
Corel Painter X (Version: 10.1 - Corel Corporation) Hidden
COSMOSMotion 2008 SP0 (HKLM\...\{8876F541-F374-4375-BF2A-8FD9FA8141C4}) (Version: 16.00.9035 - SolidWorks Corporation)
COSMOSWorks 2008 SP03 (HKLM\...\{0C631AC5-3AA0-418F-B132-29F8432F1C19}) (Version: 16.30.41 - SolidWorks Corporation)
Data Lifeguard Diagnostic for Windows 1.24 (HKLM\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version:  - Western Digital Corporation)
DVD Decrypter (Remove Only) (HKLM\...\DVD Decrypter) (Version:  - )
DVD Rebuilder (HKLM\...\{584A1ECC-00AB-4FCC-B6AE-172741F32ABC}_is1) (Version: PRO v1.09 - jdobbs softworks and rockas association)
DVD Shrink 3.2 (HKLM\...\DVD Shrink_is1) (Version:  - DVD Shrink)
DVDFab 8.1.7.8 (17/04/2012) Qt (HKLM\...\DVDFab 8 Qt_is1) (Version:  - Fengtao Software Inc.)
DVDFab 9.0.1.5 (08/12/2012) Qt (HKLM\...\DVDFab 9_is1) (Version:  - Fengtao Software Inc.)
DVDInfoPro (HKLM\...\{32611C62-474D-47B1-B347-06453D430A28}) (Version: 4.36.0000 - Nic Wilson)
DWGeditor (HKLM\...\{C8DE0FC9-5BD0-4D26-B5AD-D38146F2083C}) (Version: 16.00.9034 - SolidWorks)
Easy CD-DA Extractor 2011 (HKLM\...\Easy CD-DA Extractor 2011) (Version: 2011 - Poikosoft)
eDrawings 2008 (HKLM\...\{40345A8F-3B72-44DE-814F-72E8A52B1161}) (Version: 8.0.708 - SolidWorks)
ERUNT 1.1j (HKLM\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Smart Security (HKLM\...\{F3E2505F-AA57-476B-9F67-F8C5E3938080}) (Version: 4.0.314.0 - ESET, spol s r. o.)
EVEREST Ultimate Edition v4.50 (HKLM\...\EVEREST Ultimate Edition_is1) (Version: 4.50 - Lavalys, Inc.)
Exact Audio Copy 0.99pb5 (HKLM\...\Exact Audio Copy) (Version: 0.99pb5 - Andre Wiethoff)
GoldWave v5.13 (HKLM\...\GoldWave v5.13) (Version:  - )
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
HP Officejet 4620 series Basic Device Software (HKLM\...\{C4E2A2F2-2A53-42C7-920A-169713776631}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
ImageConverter Plus 7.1 (HKLM\...\ImageConverter Plus_is1) (Version:  - fCoder, Ltd.)
ImgBurn (HKLM\...\ImgBurn) (Version: 2.5.6.0 - LIGHTNING UK!)
IsoBuster 3.1 (HKLM\...\IsoBuster_is1) (Version: 3.1 - Smart Projects)
K-Lite Mega Codec Pack 10.3.5 (HKLM\...\KLiteCodecPack_is1) (Version: 10.3.5 - )
Kyodai Mahjongg 2006 v1.42 (HKLM\...\Kyodai Mahjongg 2006_is1) (Version:  - Rene-Gilles Deberdt)
Malwarebytes Anti-Malware version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Maple 12 (HKLM\...\Maple 12) (Version: 12.0.0.0 - Maplesoft)
Marvell Miniport Driver (HKLM\...\{C950420B-4182-49EA-850A-A6A2ABF06C6B}) (Version: 8.20.10.3 - Marvell)
MathType 5 (HKLM\...\DSMT5) (Version: 5.2 - Design Science, Inc.)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Internationalized Domain Names Mitigation APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Math (HKLM\...\{07043840-959A-4B0D-8825-2C533F0DDB19}) (Version: 2007 - Microsoft Corporation)
Microsoft National Language Support Downlevel APIs (Version:  - Microsoft Corporation) Hidden
Microsoft Office 2003 Web Components (HKLM\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.6213.1000 - Microsoft Corporation)
Microsoft Office 2007 Primary Interop Assemblies (HKLM\...\{50120000-1105-0000-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version:  - Microsoft)
Microsoft Office Project 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Project MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Project Professional 2007 (HKLM\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Project Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CE144BF4-4950-4CDB-A5F7-CCE1888F49CB}) (Version:  - Microsoft)
Microsoft Office Visio 2007 Service Pack 3 (SP3) (Version:  - Microsoft) Hidden
Microsoft Office Visio MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Visio Professional 2007 (HKLM\...\VISPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Visio Professional 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (HKLM\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0 - Microsoft Corporation) Hidden
Microsoft XML Parser (Version: 8.70.1104.04 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSConfig CleanUp 1.2 (HKLM\...\MSConfig CleanUp_is1) (Version:  - Virtuoza)
MSXML 4.0 SP2 (KB925672) (HKLM\...\{A9CF9052-F4A0-475D-A00F-A8388C62DD63}) (Version: 4.20.9839.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 and SOAP Toolkit 3.0 (Version: 1.0.0.0 - Webroot Software, Inc.) Hidden
MSXML 4.0 SP2 Parser and SDK (HKLM\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
Nero 7 Ultra Edition (HKLM\...\{43FFE159-3199-4188-A1CD-629166AD1033}) (Version: 7.02.6445 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up  (HKLM\...\Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1) (Version:  - )
NOD32 v3.x FiX 1.1 by TemDono (Free Updates - Expire in 2050) (HKLM\...\NOD32 v3.x FiX 1.1 by TemDono_is1) (Version:  - )
NVIDIA Display Control Panel (HKLM\...\NVIDIA Display Control Panel) (Version: 6.14.11.9745 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NVIDIA nView Desktop Manager (HKLM\...\NVIDIA nView Desktop Manager) (Version: 6.14.10.12561 - NVIDIA Corporation)
OriginPro 7.5 (HKLM\...\{ECE12161-B445-48FA-9056-FD54D8A72459}) (Version:  - )
PC Probe II (HKLM\...\{F7338FA3-DAB5-49B2-900D-0AFB5760C166}) (Version: 1.00.43 - )
PDF Settings (Version: 1.0 - Adobe Systems Incorporated) Hidden
PerfectDisk 12 Professional (HKLM\...\{A3D5B54A-9792-404F-AE8B-BDA961EBA58E}) (Version: 12.00.275 - Raxco Software Inc.)
PFConfig 1.0.296 (HKLM\...\PFConfig) (Version: 1.0.296 - Portforward.com)
PFPortChecker 1.0.39 (HKLM\...\PFPortChecker) (Version: 1.0.39 - Portforward.com)
Photodex Presenter (HKLM\...\Photodex Presenter) (Version:  - )
Picture Package Music Transfer (HKLM\...\{CE2121C6-C94D-4A73-8EA4-6943F33EE335}) (Version: 1.0.02.02130 - Sony Corporation)
Portforward Static IP Address 1.0.47 (HKLM\...\Portforward Static IP Address) (Version: 1.0.47 - Portforward.com)
ProShow Producer (HKLM\...\ProShow Producer) (Version:  - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 5.10.0.5345 - Realtek Semiconductor Corp.)
River Past Audio Converter Pro (HKLM\...\Audio Converter Pro) (Version: 7.7.1 - River Past)
SigmaPlot 10.0 (HKLM\...\{43224D30-5941-47A4-9AD7-9250EE794396}) (Version: 10.0.0 - Systat Software, Inc.)
SolidWorks 2008 SP03 (HKLM\...\{266EB766-9ABB-40D0-AB9F-41EE46D23876}) (Version: 16.1.0303 - SolidWorks)
SolidWorks Explorer 2008 sp0 (HKLM\...\{A8567E18-9E80-4EA3-A5C1-A6186C86F2CC}) (Version: 16.00.9034 - SolidWorks Corporation)
Spy Sweeper Updater 2.0.0 Alpha 4000 (HKLM\...\Spy Sweeper Updater 2.0.0 Alpha 4000) (Version: 2.0.0 Alpha 4000 - BigScott27)
Sudoku Works (HKLM\...\{5B10C186-C6CF-45D8-9E2D-4F18247A5C63}) (Version: 1.0 - Oak Systems)
System Requirements Lab (HKLM\...\SystemRequirementsLab) (Version:  - )
Tetris (HKLM\...\{95E0E6DC-C308-4C96-BEDB-68C75A32FAF8}_is1) (Version: 1.35 - Crystal Office Systems)
Unlocker 1.8.9 (HKLM\...\Unlocker) (Version: 1.8.9 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2836939) (Version: 1 - Microsoft Corporation)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{6FAA03BD-2B51-4029-9AD9-64A3B8E3C84C}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (HKLM\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version:  - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version:  - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version:  - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version:  - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2878297) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{9B1DEEA3-B4ED-49F0-9EF7-4A820EEEA7F1}) (Version:  - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version:  - Microsoft)
Update for Microsoft Office Project 2007 Help (KB963668) (HKLM\...\{90120000-00B4-0409-0000-0000000FF1CE}_PRJPRO_{1DF07773-4289-4998-BC2C-83539AD85C50}) (Version:  - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_PRJPRO_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (HKLM\...\{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version:  - Microsoft)
Update for Microsoft Office Visio 2007 Help (KB963666) (HKLM\...\{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{D2C4ACC9-12F5-4E1C-81A8-5DC878AC6278}) (Version:  - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (HKLM\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version:  - Microsoft)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB968220) (HKLM\...\KB968220-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB971930) (HKLM\...\KB971930-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976662) (HKLM\...\KB976662-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB976749) (HKLM\...\KB976749-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB980182) (HKLM\...\KB980182-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
VBA (2627.01) (Version: 6.03.00.9402 - Microsoft Corporation) Hidden
VC 9.0 Runtime (Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
VC80CRTRedist - 8.0.50727.762 (Version: 1.0.0 - DivX, Inc) Hidden
VCRedistSetup (Version: 1.0.0 - Nero AG) Hidden
Visual C++ 2008 x86 Runtime - (v9.0.30729) (Version: 9.0.30729 - Microsoft Corporation) Hidden
Visual C++ 2008 x86 Runtime - v9.0.30729.01 (HKLM\...\{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01) (Version: 9.0.30729.01 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Window Washer (HKLM\...\Window Washer) (Version:  - )
Windows Defender (HKLM\...\{A06275F4-324B-4E85-95E6-87B2CD729401}) (Version: 1.1.1593.0 - Microsoft Corporation)
Windows Defender Signatures (Version: 1.20.0.0 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Installer Clean Up (HKLM\...\{121634B0-2F4B-11D3-ADA3-00C04F52DD52}) (Version: 3.00.00.0000 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Presentation Foundation (Version: 3.0.6920.0 - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version:  - )
XML Paper Specification Shared Components Pack 1.0 (Version:  - Microsoft Corporation) Hidden
Your Uninstaller! 2010 (HKLM\...\YU2010_is1) (Version: 7.0 - URSoft, Inc.)

==================== Restore Points  =========================

14-03-2014 20:17:07 System Checkpoint
15-03-2014 14:01:44 Installed %1 %2.
16-03-2014 14:39:21 System Checkpoint
16-03-2014 17:14:20 Tweaking.com - Windows Repair
17-03-2014 18:12:34 System Checkpoint
17-03-2014 20:41:28 Software Distribution Service 3.0
18-03-2014 20:21:37 Software Distribution Service 3.0
19-03-2014 00:53:10 Software Distribution Service 3.0
20-03-2014 00:55:21 System Checkpoint
21-03-2014 02:11:05 System Checkpoint
21-03-2014 22:30:56 Removed Tweakui Powertoy for Windows XP
21-03-2014 22:31:52 Installed Tweakui Powertoy for Windows XP
22-03-2014 23:24:14 System Checkpoint
23-03-2014 03:52:21 Installed Windows Media Format Runtime
23-03-2014 23:14:29 Installed H&R Block Tax Software 2013
24-03-2014 23:25:58 System Checkpoint
25-03-2014 00:08:41 Removed Tweakui Powertoy for Windows XP
26-03-2014 01:29:09 System Checkpoint
27-03-2014 01:51:38 System Checkpoint
28-03-2014 02:53:16 System Checkpoint
29-03-2014 03:06:45 System Checkpoint
30-03-2014 03:13:29 System Checkpoint
01-04-2014 01:11:40 System Checkpoint
01-04-2014 19:35:30 Removed H&R Block Tax Software 2013
02-04-2014 21:24:53 System Checkpoint
03-04-2014 21:45:24 System Checkpoint
04-04-2014 21:49:35 Restore Point before Corrupt Patch Registry keys
05-04-2014 00:43:42 Installed Microsoft Fix it 50636
05-04-2014 12:43:19 Software Distribution Service 3.0
06-04-2014 22:30:04 System Checkpoint
07-04-2014 23:13:31 System Checkpoint
08-04-2014 23:42:53 System Checkpoint
09-04-2014 00:23:23 Software Distribution Service 3.0
10-04-2014 00:36:19 System Checkpoint
11-04-2014 01:45:54 System Checkpoint
12-04-2014 03:29:59 System Checkpoint
13-04-2014 17:41:15 System Checkpoint
14-04-2014 18:19:00 System Checkpoint
14-04-2014 20:47:16 Removed ESET Smart Security
14-04-2014 20:52:38 Installed ESET NOD32 Antivirus
15-04-2014 22:29:45 Restore Operation
15-04-2014 22:39:51 April 15, 2014 Restored to Apr 11, to avoid NOD32 Apr 14 install
16-04-2014 21:15:05 Prior to XP update autoplay install
16-04-2014 21:17:37 Installed Windows XP KB971029.
16-04-2014 21:40:39 Installed Windows XP KB971029.
17-04-2014 21:00:31 After XP Autoplay update install

==================== Hosts content: ==========================

2004-08-04 08:00 - 2014-03-16 13:29 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2007-11-06 20:00 - 2007-11-06 20:00 - 01474560 _____ () C:\WINDOWS\system32\nview.dll
2010-03-08 22:55 - 2010-03-08 22:55 - 00010752 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2007-11-06 20:00 - 2007-11-06 20:00 - 00466944 _____ () C:\WINDOWS\system32\nvshell.dll
2009-04-23 20:46 - 2009-04-23 20:46 - 00181312 _____ () C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:1CE11B51
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5453E5AF
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:7D938C9B
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:CB0AACC9
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:E5B07840

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Disabled items from MSCONFIG ==============

==================== Faulty Device Manager Devices =============

Name: Beep
Description: Beep
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: Beep
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (04/17/2014 08:19:24 PM) (Source: nview_info) (User: )
Description: NVIEW :  iexplore: Shared heap exhausted or damaged, process ID ce4, total alloc:3bb58...

Error: (04/17/2014 08:19:24 PM) (Source: nview_info) (User: )
Description: NVIEW :  iexplore: Shared heap exhausted or damaged, process ID ce4, total alloc:3bb58...

Error: (04/17/2014 08:19:23 PM) (Source: nview_info) (User: )
Description: NVIEW :  Explorer: Shared heap exhausted or damaged, process ID 6e8, total alloc:3bb58...

Error: (04/17/2014 08:19:23 PM) (Source: nview_info) (User: )
Description: NVIEW :  Explorer: Shared heap exhausted or damaged, process ID 6e8, total alloc:3bb58...

Error: (04/17/2014 08:19:23 PM) (Source: nview_info) (User: )
Description: NVIEW :  Explorer: Shared heap exhausted or damaged, process ID 6e8, total alloc:3bb58...

Error: (04/17/2014 08:19:23 PM) (Source: nview_info) (User: )
Description: NVIEW :  Explorer: Shared heap exhausted or damaged, process ID 6e8, total alloc:3bb58...

Error: (04/17/2014 08:19:22 PM) (Source: nview_info) (User: )
Description: NVIEW :  Explorer: Shared heap exhausted or damaged, process ID 6e8, total alloc:3bb58...

Error: (04/17/2014 08:19:22 PM) (Source: nview_info) (User: )
Description: NVIEW :  Explorer: Shared heap exhausted or damaged, process ID 6e8, total alloc:3bb58...

Error: (04/17/2014 08:19:22 PM) (Source: nview_info) (User: )
Description: NVIEW :  Explorer: Shared heap exhausted or damaged, process ID 6e8, total alloc:3bb58...

Error: (04/17/2014 08:19:22 PM) (Source: nview_info) (User: )
Description: NVIEW :  Explorer: Shared heap exhausted or damaged, process ID 6e8, total alloc:3bb58...

System errors:
=============
Error: (04/17/2014 04:46:26 PM) (Source: Service Control Manager) (User: )
Description: The ProtexisLicensing service failed to start due to the following error:
%%1053

Error: (04/17/2014 04:46:26 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the ProtexisLicensing service to connect.

Error: (04/17/2014 04:46:26 PM) (Source: Service Control Manager) (User: )
Description: The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error: (04/17/2014 04:46:26 PM) (Source: Service Control Manager) (User: )
Description: Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service to connect.

Error: (04/17/2014 04:46:09 PM) (Source: 0) (User: )
Description:

Error: (04/17/2014 04:44:22 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/17/2014 04:41:42 PM) (Source: DCOM) (User: FIRSTBUILD)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (04/17/2014 04:41:40 PM) (Source: DCOM) (User: FIRSTBUILD)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error: (04/17/2014 04:40:19 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
AsIO
ehdrv
ElbyCDIO
Fips
intelppm

Error: (04/17/2014 04:40:01 PM) (Source: DCOM) (User: FIRSTBUILD)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 32%
Total physical RAM: 2047.02 MB
Available physical RAM: 1372.35 MB
Total Pagefile: 3941.17 MB
Available Pagefile: 3524.5 MB
Total Virtual: 2047.88 MB
Available Virtual: 1948.79 MB

==================== Drives ================================

Drive c: (Boot Drive) (Fixed) (Total:298.09 GB) (Free:201.63 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: (Expansion Drive) (Fixed) (Total:465.76 GB) (Free:81.94 GB) NTFS
Drive z: (Data Drive) (Fixed) (Total:465.76 GB) (Free:411.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: 7975DF18)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: F0128678)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 0143820D)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================


Edited by Jackpine, 17 April 2014 - 06:39 PM.

  • 0

#33
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts

Hi Jackpine,
I see a little remnant of Norton Antivirus on there, so I would like to address that. Not malware, but it might slow you down a bit.
Did you ever uninstall the copy of Combofix that was used previously?  I see a trace of it in this log.
I don't see any malware in this log BTW

Step 1
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2
I would like to run the Norton Removal Tool since I saw those entries in the FRST log.
Please download the Norton Removal Tool from here
to your desktop.
Next run the tool, you may be asked to reboot your computer more than once, please allow

In your next reply I would like to see:

  •   Fixlog.txt from FRST

Attached Files


  • 0

#34
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts

Hi Crowbar, attached is the Fixlog.txt file.  I also ran the Norton Removal Tool.  By the way, I notice in my post #32, the FRST log shows two instances of Conduit Search.  Is that something to be concerned with?

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 19-04-2014
Ran by Robert at 2014-04-19 13:34:30 Run:1
Running from C:\Documents and Settings\Robert\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Toolbar: HKCU - No Name - {C4069E3A-68F1-403E-B40E-20066696354B} -  No File
S3 catchme; \??\C:\DOCUME~1\Robert\LOCALS~1\Temp\catchme.sys [X]
\??\C:\DOCUME~1\Robert\LOCALS~1\Temp\catchme.sys
U2 ccEvtMgr;
U2 ccSetMgr;
U3 navapsvc;
U3 SAVRT;
U1 SAVRTPEL;
*****************

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} => Value deleted successfully.
HKCR\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B} => Key deleted successfully.
catchme => Service deleted successfully.
ccEvtMgr => Service deleted successfully.
ccSetMgr => Service deleted successfully.
navapsvc => Service deleted successfully.
SAVRT => Service deleted successfully.
SAVRTPEL => Service deleted successfully.

==== End of Fixlog ====


  • 0

#35
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts

Hi Jackpine,
Happy Easter - I will be away visiting family for the rest of today, I wont be back online until late tonight....

You are right, I wanted to paste those 2 lines into the fix, but did not.  I believe they are left over from our previous fixing.  I apologize for missing them.
I would also like to look a little bit deeper where conduit would normally lurk just to be thourough

Step 1
Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Step 2
Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe to run the tool.
Note: Windows Vista, Windows 7/8 users right-click and select Run as administrator.
Click the Scan button.
AdwCleaner will begin. Be patient as the scan may take some time to complete.
After the scan has finished, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

Step 3
thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 4
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.

In your next reply I would like to see:

  •   Fixlog from FRST run
  •   ADWcleaner log
  •   JRT.txt from junkware removal tool
  •   Fresh FRST log file

  • 0

#36
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts

Hi Crowbar,

 

Happy Easter to you too!

 

I think you might have missed attaching the fixtlist.txt file to your previous post because I couldn't find it to download!  (Maybe you were busy hunting for Easter eggs! :D )

 

I will wait for the file and then do all the steps in the order you indicated.

 

By the way, I did remove Combofix as per previous instructions, so I don't know why there is still a trace from my log in post #32.


  • 0

#37
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts

I knew I should have taken my laptop with me!

Here is the fixlist file --

Attached Files


  • 0

#38
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts

Hi Crowbar, here are the logs.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-04-2014 02
Ran by Robert at 2014-04-21 09:34:27 Run:2
Running from C:\Documents and Settings\Robert\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
*****************

Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.

==== End of Fixlog ====

 

 

# AdwCleaner v3.102 - Report created 21/04/2014 at 09:38:13
# Updated 21/04/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Robert - FIRSTBUILD
# Running from : C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\WINDOWS\system32\AI_RecycleBin

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Robert\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [1004 octets] - [21/04/2014 09:36:32]
AdwCleaner[S0].txt - [931 octets] - [21/04/2014 09:38:13]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [990 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Robert on Mon 04/21/2014 at  9:43:47.82
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 04/21/2014 at  9:48:51.82
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-04-2014
Ran by Robert (administrator) on FIRSTBUILD on 21-04-2014 11:18:58
Running from C:\Documents and Settings\Robert\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
() C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2021400 2009-02-06] (ESET)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [4359600 2009-01-21] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [960560 2009-01-21] (Acronis)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [8523776 2007-11-06] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1292380760937
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} http://eserv.sympati...adaPortalAX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\..\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default
FF Keyword.URL: hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.91 - C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Robert\Application Data\mozilla\plugins\npPxPlay.dll ( )
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618944 2009-01-21] (Acronis)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [20680 2009-02-06] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [727720 2009-02-06] (ESET)
S2 NOD32FiXTemDono; C:\WINDOWS\system32\regedt32.exe [3584 2004-08-04] (Microsoft Corporation)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [1252616 2011-07-07] (Raxco Software, Inc.)
S3 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2111752 2011-07-07] (Raxco Software, Inc.)
S2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] ()
R2 ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [181312 2009-04-23] ()
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2008-07-10] (SolidWorks)
S3 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [598856 2007-11-26] (Webroot Software, Inc.)
S4 Roxio UPnP Renderer 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" [X]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [120616 2013-11-26] (SlySoft, Inc.)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [4962 2004-10-14] ()
R2 cvintdrv; C:\WINDOWS\system32\Drivers\cvintdrv.sys [4096 2006-07-27] ()
R2 DefragFS; C:\WINDOWS\system32\Drivers\DefragFS.sys [138768 2011-06-30] (Raxco Software, Inc.)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [113448 2009-02-06] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [106208 2009-02-06] (ESET)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S4 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [130952 2009-02-06] (ESET)
S4 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [56280 2009-02-06] (ESET)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [670208 2004-11-05] (Aladdin Knowledge Systems Ltd.)
R0 iteatapi; C:\WINDOWS\System32\DRIVERS\iteatapi.sys [28672 2008-03-01] (ITE Tech. Inc.)
S3 moufiltr; C:\WINDOWS\System32\DRIVERS\moufiltr.sys [62592 2007-01-14] (Chic Tech.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
R2 PDFSFilter; C:\WINDOWS\System32\DRIVERS\PDFsFilter.sys [66320 2011-06-30] (Raxco Software, Inc.)
R0 SI3132; C:\WINDOWS\System32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\WINDOWS\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
R0 snapman380; C:\WINDOWS\System32\DRIVERS\snman380.sys [134272 2009-10-24] (Acronis)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 tdrpman174; C:\WINDOWS\System32\DRIVERS\tdrpm174.sys [971552 2009-10-24] (Acronis)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44704 2009-10-24] (Acronis)
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2008-05-10] (EnTech Taiwan)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [285952 2007-12-06] (Marvell)
S3 Ad-Watch Connect Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys [X]
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S3 FLASHSYS; No ImagePath
S3 GMSIPCI; No ImagePath
S4 IntelIde; No ImagePath
S3 NTACCESS; No ImagePath
U2 RemoteRegistry;
S3 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S1 SpyEmrg; No ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-21 11:18 - 2014-04-21 11:19 - 00012804 _____ () C:\Documents and Settings\Robert\Desktop\FRST.txt
2014-04-21 09:48 - 2014-04-21 09:48 - 00000590 _____ () C:\Documents and Settings\Robert\Desktop\JRT.txt
2014-04-21 09:43 - 2014-04-21 09:43 - 01016261 _____ (Thisisu) C:\Documents and Settings\Robert\Desktop\JRT.exe
2014-04-21 09:36 - 2014-04-21 09:38 - 00000000 ____D () C:\AdwCleaner
2014-04-21 09:35 - 2014-04-21 09:35 - 01322687 _____ () C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
2014-04-18 10:25 - 2014-04-18 10:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-17 21:09 - 2014-04-17 21:09 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Elephant Games
2014-04-17 21:09 - 2014-04-17 21:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Elephant Games
2014-04-17 21:08 - 2014-04-17 21:08 - 00002166 _____ () C:\Documents and Settings\Robert\Desktop\Hallowed Legends 2- The Templar CE.lnk
2014-04-17 21:08 - 2014-04-17 21:08 - 00000000 ____D () C:\Documents and Settings\Robert\Start Menu\Programs\Hallowed Legends 2- The Templar CE
2014-04-17 20:24 - 2014-04-21 11:18 - 00000000 ____D () C:\FRST
2014-04-17 20:22 - 2014-04-21 11:18 - 01048576 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe
2014-04-16 17:29 - 2014-04-16 17:29 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-16_17-29-39.txt
2014-04-16 17:29 - 2014-04-16 17:29 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-16_17-29-52.txt
2014-04-16 17:16 - 2014-04-16 17:58 - 00014907 _____ () C:\WINDOWS\KB971029.log
2014-04-15 18:30 - 2014-04-15 18:30 - 00000000 ____D () C:\Program Files\ESET
2014-04-15 18:30 - 2014-04-15 18:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2014-04-10 17:06 - 2014-04-16 22:08 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\AlawarEntertainment
2014-04-10 17:02 - 2014-04-10 17:02 - 00000000 ____D () C:\WINDOWS\Stray Souls 2 - Stolen Memories Collector's Edition
2014-04-10 16:59 - 2014-04-17 21:02 - 00000000 ____D () C:\Program Files\Games
2014-04-10 16:38 - 2014-04-10 16:38 - 00000000 ____D () C:\WINDOWS\Emberwing - Lost Legacy Collectors Edition
2014-04-09 19:47 - 2014-04-09 19:47 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\LestaStudio
2014-04-08 20:30 - 2014-04-08 20:30 - 00012775 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-08 20:30 - 2014-04-08 20:30 - 00003833 _____ () C:\WINDOWS\updspapi.log
2014-04-08 20:26 - 2014-04-08 20:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-08 20:23 - 2014-04-08 20:30 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-04-08 20:23 - 2014-04-08 20:30 - 00018550 _____ () C:\WINDOWS\FaxSetup.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00008868 _____ () C:\WINDOWS\ocgen.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00007077 _____ () C:\WINDOWS\tsoc.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00006170 _____ () C:\WINDOWS\comsetup.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00003744 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00002934 _____ () C:\WINDOWS\iis6.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00001026 _____ () C:\WINDOWS\ocmsn.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00000927 _____ () C:\WINDOWS\msgsocm.log
2014-04-08 20:23 - 2014-04-08 20:26 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-04-08 20:22 - 2014-04-08 20:26 - 00009140 _____ () C:\WINDOWS\KB2922229.log
2014-04-08 16:07 - 2014-04-15 17:30 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-04-08 16:07 - 2014-04-08 16:07 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2014-04-08 16:06 - 2014-04-08 16:06 - 00714464 _____ () C:\Documents and Settings\Robert\Desktop\Adware-Removal-Tool-v3.8.exe
2014-04-05 18:30 - 2014-04-05 18:30 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-05_18-30-34.txt
2014-04-05 18:30 - 2014-04-05 18:30 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-05_18-30-16.txt
2014-04-05 14:45 - 2014-04-05 14:45 - 00000697 _____ () C:\Documents and Settings\Robert\Desktop\Demonoid.url
2014-04-05 08:43 - 2014-04-14 16:47 - 00012480 _____ () C:\WINDOWS\setupapi.log
2014-04-05 08:43 - 2014-04-05 08:43 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-05 08:43 - 2014-04-05 08:43 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-04-04 17:50 - 2014-04-04 17:50 - 00001880 _____ () C:\WINDOWS\bitssetup.log
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Program Files\SmartPack
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Documents and Settings\Robert\Start Menu\Programs\SmartPack
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Documents and Settings\Robert\My Documents\SmartPack
2014-04-03 16:58 - 2014-04-06 17:57 - 00000000 ____D () C:\Program Files\PCPitstop
2014-04-02 22:28 - 2014-04-02 22:30 - 00009333 _____ () C:\Documents and Settings\Robert\Application Data\Comma Separated Values (Windows).EML
2014-04-02 16:46 - 2014-04-02 16:46 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\tabagames
2014-04-01 15:02 - 2014-04-05 15:02 - 00000000 _____ () C:\Documents and Settings\Robert\hotfix.html
2014-03-29 08:48 - 2014-03-29 08:49 - 05192704 _____ (Geza Kovacs) C:\Documents and Settings\Robert\Desktop\unetbootin-windows-585.exe
2014-03-28 22:17 - 2014-04-19 13:59 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 22:17 - 2014-04-08 18:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-28 22:17 - 2014-04-08 18:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-03-28 22:17 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-28 19:47 - 2014-03-28 19:57 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Natural Threat.Ominous Shores
2014-03-28 19:40 - 2014-03-28 19:40 - 00000000 ____D () C:\WINDOWS\Secret Trails - Frozen Heart Collector's Edition
2014-03-23 19:15 - 2014-03-23 19:15 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Application Data\Caphyon
2014-03-23 19:14 - 2014-03-23 19:14 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\H&R Block Canada Inc
2014-03-23 09:47 - 2014-03-23 09:47 - 00000000 ____D () C:\WINDOWS\Dark Romance - Vampire in Love Collector's Edition
2014-03-22 23:53 - 2014-03-22 23:53 - 00000798 _____ () C:\Documents and Settings\Robert\Start Menu\Programs\Windows Media Player.lnk
2014-03-22 20:53 - 2014-03-22 20:53 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\JetFun

==================== One Month Modified Files and Folders =======

2014-04-21 11:19 - 2014-04-21 11:18 - 00012804 _____ () C:\Documents and Settings\Robert\Desktop\FRST.txt
2014-04-21 11:18 - 2014-04-17 20:24 - 00000000 ____D () C:\FRST
2014-04-21 11:18 - 2014-04-17 20:22 - 01048576 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe
2014-04-21 11:12 - 2010-03-11 23:40 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 11:09 - 2013-05-25 08:34 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-21 09:48 - 2014-04-21 09:48 - 00000590 _____ () C:\Documents and Settings\Robert\Desktop\JRT.txt
2014-04-21 09:43 - 2014-04-21 09:43 - 01016261 _____ (Thisisu) C:\Documents and Settings\Robert\Desktop\JRT.exe
2014-04-21 09:42 - 2006-06-03 18:06 - 01179549 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-21 09:41 - 2014-03-12 23:32 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-21 09:41 - 2013-09-14 20:51 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-21 09:41 - 2013-09-14 20:51 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-21 09:41 - 2010-03-11 23:40 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-21 09:41 - 2006-06-03 18:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-21 09:41 - 2004-08-04 08:00 - 00013710 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-21 09:39 - 2006-06-03 18:32 - 00000278 ___SH () C:\Documents and Settings\Robert\ntuser.ini
2014-04-21 09:39 - 2006-06-03 18:31 - 00032584 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-21 09:38 - 2014-04-21 09:36 - 00000000 ____D () C:\AdwCleaner
2014-04-21 09:35 - 2014-04-21 09:35 - 01322687 _____ () C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
2014-04-21 09:31 - 2010-10-30 14:18 - 00002521 _____ () C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
2014-04-20 22:32 - 2008-08-16 09:32 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\uTorrent
2014-04-19 13:59 - 2014-03-28 22:17 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-19 13:53 - 2010-10-30 14:30 - 00002515 _____ () C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
2014-04-19 13:52 - 2010-10-30 13:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2014-04-19 13:52 - 2007-01-13 18:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-04-19 09:31 - 2012-08-13 16:23 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-19 09:31 - 2012-08-13 16:23 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-04-19 09:30 - 2006-06-10 08:50 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Application Data\Adobe
2014-04-18 15:01 - 2013-03-20 18:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-18 10:58 - 2014-02-24 17:50 - 00000000 ____D () C:\HP Scans
2014-04-18 10:25 - 2014-04-18 10:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-17 21:09 - 2014-04-17 21:09 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Elephant Games
2014-04-17 21:09 - 2014-04-17 21:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Elephant Games
2014-04-17 21:08 - 2014-04-17 21:08 - 00002166 _____ () C:\Documents and Settings\Robert\Desktop\Hallowed Legends 2- The Templar CE.lnk
2014-04-17 21:08 - 2014-04-17 21:08 - 00000000 ____D () C:\Documents and Settings\Robert\Start Menu\Programs\Hallowed Legends 2- The Templar CE
2014-04-17 21:02 - 2014-04-10 16:59 - 00000000 ____D () C:\Program Files\Games
2014-04-17 16:52 - 2014-03-14 16:16 - 00000363 _____ () C:\DelFix.txt
2014-04-16 22:08 - 2014-04-10 17:06 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\AlawarEntertainment
2014-04-16 17:58 - 2014-04-16 17:16 - 00014907 _____ () C:\WINDOWS\KB971029.log
2014-04-16 17:29 - 2014-04-16 17:29 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-16_17-29-39.txt
2014-04-16 17:29 - 2014-04-16 17:29 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-16_17-29-52.txt
2014-04-15 18:30 - 2014-04-15 18:30 - 00000000 ____D () C:\Program Files\ESET
2014-04-15 18:30 - 2014-04-15 18:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2014-04-15 18:30 - 2011-03-31 18:57 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-04-15 18:30 - 2006-09-03 15:13 - 00000000 ____D () C:\Documents and Settings\Guest
2014-04-15 18:30 - 2006-06-03 18:32 - 00000000 ____D () C:\Documents and Settings\Robert
2014-04-15 18:30 - 2006-06-03 18:31 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-04-15 18:30 - 2006-06-03 18:09 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-04-15 18:30 - 2006-06-03 18:05 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-15 17:30 - 2014-04-08 16:07 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-04-14 16:47 - 2014-04-05 08:43 - 00012480 _____ () C:\WINDOWS\setupapi.log
2014-04-10 17:02 - 2014-04-10 17:02 - 00000000 ____D () C:\WINDOWS\Stray Souls 2 - Stolen Memories Collector's Edition
2014-04-10 16:41 - 2012-01-28 21:02 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Boomzap
2014-04-10 16:38 - 2014-04-10 16:38 - 00000000 ____D () C:\WINDOWS\Emberwing - Lost Legacy Collectors Edition
2014-04-09 19:47 - 2014-04-09 19:47 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\LestaStudio
2014-04-08 20:30 - 2014-04-08 20:30 - 00012775 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-08 20:30 - 2014-04-08 20:30 - 00003833 _____ () C:\WINDOWS\updspapi.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-04-08 20:30 - 2014-04-08 20:23 - 00018550 _____ () C:\WINDOWS\FaxSetup.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00008868 _____ () C:\WINDOWS\ocgen.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00007077 _____ () C:\WINDOWS\tsoc.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00006170 _____ () C:\WINDOWS\comsetup.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00003744 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00002934 _____ () C:\WINDOWS\iis6.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00001026 _____ () C:\WINDOWS\ocmsn.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00000927 _____ () C:\WINDOWS\msgsocm.log
2014-04-08 20:30 - 2013-08-07 15:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-08 20:30 - 2006-06-03 13:41 - 00000000 ____D () C:\WINDOWS\security
2014-04-08 20:26 - 2014-04-08 20:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-08 20:26 - 2014-04-08 20:23 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-08 20:26 - 2014-04-08 20:22 - 00009140 _____ () C:\WINDOWS\KB2922229.log
2014-04-08 20:26 - 2006-06-05 16:35 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-04-08 20:23 - 2014-03-15 10:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2014-04-08 20:23 - 2006-12-11 17:55 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-04-08 20:23 - 2006-06-03 18:03 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-04-08 20:23 - 2006-06-03 13:41 - 00000000 ____D () C:\WINDOWS\Help
2014-04-08 18:15 - 2014-03-28 22:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-08 18:15 - 2014-03-28 22:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-08 16:07 - 2014-04-08 16:07 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2014-04-08 16:06 - 2014-04-08 16:06 - 00714464 _____ () C:\Documents and Settings\Robert\Desktop\Adware-Removal-Tool-v3.8.exe
2014-04-08 15:00 - 2014-03-12 23:32 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-06 17:57 - 2014-04-03 16:58 - 00000000 ____D () C:\Program Files\PCPitstop
2014-04-05 18:30 - 2014-04-05 18:30 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-05_18-30-34.txt
2014-04-05 18:30 - 2014-04-05 18:30 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-05_18-30-16.txt
2014-04-05 15:02 - 2014-04-01 15:02 - 00000000 _____ () C:\Documents and Settings\Robert\hotfix.html
2014-04-05 14:45 - 2014-04-05 14:45 - 00000697 _____ () C:\Documents and Settings\Robert\Desktop\Demonoid.url
2014-04-05 08:45 - 2010-04-03 19:22 - 00276806 _____ () C:\WINDOWS\system32\NvApps.xml
2014-04-05 08:43 - 2014-04-05 08:43 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-05 08:43 - 2014-04-05 08:43 - 00000000 _____ () C:\WINDOWS\setupact.log
2014-04-05 08:43 - 2006-06-04 12:06 - 00000000 ____D () C:\WINDOWS\nview
2014-04-04 20:45 - 2011-03-26 11:30 - 00131072 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-04-04 17:50 - 2014-04-04 17:50 - 00001880 _____ () C:\WINDOWS\bitssetup.log
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Program Files\SmartPack
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Documents and Settings\Robert\Start Menu\Programs\SmartPack
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Documents and Settings\Robert\My Documents\SmartPack
2014-04-03 09:51 - 2014-03-28 22:17 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2014-03-14 16:22 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-02 22:30 - 2014-04-02 22:28 - 00009333 _____ () C:\Documents and Settings\Robert\Application Data\Comma Separated Values (Windows).EML
2014-04-02 16:46 - 2014-04-02 16:46 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\tabagames
2014-03-29 08:49 - 2014-03-29 08:48 - 05192704 _____ (Geza Kovacs) C:\Documents and Settings\Robert\Desktop\unetbootin-windows-585.exe
2014-03-28 22:17 - 2010-01-10 15:21 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-28 22:17 - 2010-01-10 15:21 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Malwarebytes
2014-03-28 22:17 - 2009-04-16 17:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-28 19:57 - 2014-03-28 19:47 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Natural Threat.Ominous Shores
2014-03-28 19:40 - 2014-03-28 19:40 - 00000000 ____D () C:\WINDOWS\Secret Trails - Frozen Heart Collector's Edition
2014-03-25 16:16 - 2006-06-04 20:46 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-03-24 20:09 - 2009-01-03 21:12 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Simply Super Software
2014-03-23 19:15 - 2014-03-23 19:15 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Application Data\Caphyon
2014-03-23 19:14 - 2014-03-23 19:14 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\H&R Block Canada Inc
2014-03-23 09:47 - 2014-03-23 09:47 - 00000000 ____D () C:\WINDOWS\Dark Romance - Vampire in Love Collector's Edition
2014-03-22 23:54 - 2006-06-03 13:49 - 00724282 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-22 23:53 - 2014-03-22 23:53 - 00000798 _____ () C:\Documents and Settings\Robert\Start Menu\Programs\Windows Media Player.lnk
2014-03-22 20:53 - 2014-03-22 20:53 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\JetFun

Files to move or delete:
====================
C:\Documents and Settings\Robert\Google_Earth_Pro_Patch_Setup.exe
C:\Documents and Settings\Robert\mylist.dat
C:\Documents and Settings\Robert\utorrent.exe


Some content of TEMP:
====================
C:\Documents and Settings\Robert\Local Settings\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

By the way, is any of this related to my disappearance of Microsoft Windows update history when viewed from the Microsoft update website (and as noted by phillpower2), or is that possibly an operating system issue not related to malware?


  • 0

#39
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts

Hello again,
That log looks good, except for one entry.
I don't know why your updates are not showing up as expected, I think it's an OS thing, and as long as windows update tells you that you are up to date, I would not worry about it.

Please remember that XP is at end of life, and there won't be any more new updates.

Step 1
This will take care of the one entry that I want to get rid of and empty out your temp folders.
We need to do an OTL fix:

Note: If you have Malwarebytes 1.6 or higher installed please disable it for the duration of this fix as it may interfere with the successfully execution of the script below. If it still hangs then please uninstall MalwareBytes' and run this fix again.
Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :commands
    [createrestorepoint]
    [emptytemp]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

  • 0

#40
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts
OK, I will run the fix when I get home. Just out of curiousity, what is the entry that you want to get rid of? Does it show in the Custom Scans/Fixes box?
  • 0

Advertisements


#41
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts

OK, I hope this explains my thinking and satisfies your curiosity, I am always glad to explain....

 

The entry I am interested in is here

Some content of TEMP:
====================
C:\Documents and Settings\Robert\Local Settings\Temp\Quarantine.exe

 

And since it's in your temp folders, I just want to empty the temp folders.  It's always good to empty them out occasionally , and I really don't like to see any .exe files hanging around in there.

I like the way that OTL does the clearing of XP's temp folders, so I choose that tool to do the job.

After we clear the temp folders, I will want to see a new FRST scan, so you can go ahead and run that again after you run the OTL fix I supplied.

 


  • 0

#42
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts

Crowbar, I ran the OTL fix, but when the computer rebooted, a window opened asking if I wanted to run OTL.  I couldn't click on Yes because the cursor showed as an hourglass when placed anywhere over the window.  So I reset the computer and when my desktop appeared, the OTL log was not there.  Instead there is a greyed out icon named thumbs.db.  I then ran FRST and the log is shown below.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 22-04-2014
Ran by Robert (administrator) on FIRSTBUILD on 22-04-2014 17:02:12
Running from C:\Documents and Settings\Robert\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
() C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [2879488 2006-05-16] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [2021400 2009-02-06] (ESET)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [4359600 2009-01-21] (Acronis)
HKLM\...\Run: [AcronisTimounterMonitor] => C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe [960560 2009-01-21] (Acronis)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [8523776 2007-11-06] (NVIDIA Corporation)
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [tscuninstall] - C:\WINDOWS\system32\tscupgrd.exe [44544 2004-08-04] (Microsoft Corporation)
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoBandCustomize] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoMovingBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoCloseDragDropBands] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-299502267-789336058-725345543-1004\...\Policies\Explorer: [NoToolbarsOnTaskbar] 0

==================== Internet (Whitelisted) ====================

SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - &Links - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.appl...ex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.micr.../OGAControl.cab
DPF: {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus....ek_sys_ctrl.cab
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://utilities.pcp...ols/pcmatic.cab
DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/stg_drm.ocx
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab
DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab
DPF: {588031A3-94BF-4CDD-86D0-939F6F93910F} https://fixit.suppor...FixItClient.CAB
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.updat...b?1292380760937
DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.co.../sysreqlab2.cab
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab
DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab
DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.co...iaSmartScan.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Twisted%20Lands%20-%20Shadow%20Town/Images/armhelper.ocx
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab
DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} http://eserv.sympati...adaPortalAX.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://driveragent.c...driveragent.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...rl.cab?lmi=1007
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\..\Interfaces\{6B4B5C21-DA99-4096-8820-43DC9BA3E4E3}: [NameServer]192.168.0.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\tonk28m2.default
FF Keyword.URL: hxxp://www.google.com/cse?cx=partner-pub-5528014799800033:cevktqnfrvl&ie=ISO-8859-1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_182.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=1.6.0_37 - C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @nosltd.com/getPlus+®,version=1.6.2.91 - C:\Program Files\NOS\bin\np_gp.dll (NOS Microsystems Ltd.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Documents and Settings\Robert\Application Data\mozilla\plugins\npPxPlay.dll ( )
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com

========================== Services (Whitelisted) =================

R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [618944 2009-01-21] (Acronis)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [20680 2009-02-06] (ESET)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [727720 2009-02-06] (ESET)
S2 NOD32FiXTemDono; C:\WINDOWS\system32\regedt32.exe [3584 2004-08-04] (Microsoft Corporation)
R2 PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [1252616 2011-07-07] (Raxco Software, Inc.)
S3 PDEngine; C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe [2111752 2011-07-07] (Raxco Software, Inc.)
S2 ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [174656 2006-11-02] ()
R2 ScsiAccess; C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe [181312 2009-04-23] ()
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2008-07-10] (SolidWorks)
S3 wwEngineSvc; C:\Program Files\Webroot\Washer\WasherSvc.exe [598856 2007-11-26] (Webroot Software, Inc.)
S4 Roxio UPnP Renderer 9; "C:\Program Files\Common Files\Sonic Shared\RoxioUPnPRenderer9.exe" [X]
S2 RoxLiveShare9; "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" [X]

==================== Drivers (Whitelisted) ====================

S3 AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [120616 2013-11-26] (SlySoft, Inc.)
R1 AsIO; C:\WINDOWS\System32\drivers\AsIO.sys [4962 2004-10-14] ()
R2 cvintdrv; C:\WINDOWS\system32\Drivers\cvintdrv.sys [4096 2006-07-27] ()
R2 DefragFS; C:\WINDOWS\system32\Drivers\DefragFS.sys [138768 2011-06-30] (Raxco Software, Inc.)
R2 eamon; C:\WINDOWS\System32\DRIVERS\eamon.sys [113448 2009-02-06] (ESET)
R1 ehdrv; C:\WINDOWS\System32\DRIVERS\ehdrv.sys [106208 2009-02-06] (ESET)
R1 ElbyCDIO; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [30616 2013-03-04] (Elaborate Bytes AG)
S4 epfw; C:\WINDOWS\System32\DRIVERS\epfw.sys [130952 2009-02-06] (ESET)
S4 epfwtdi; C:\WINDOWS\System32\DRIVERS\epfwtdi.sys [56280 2009-02-06] (ESET)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [670208 2004-11-05] (Aladdin Knowledge Systems Ltd.)
R0 iteatapi; C:\WINDOWS\System32\DRIVERS\iteatapi.sys [28672 2008-03-01] (ITE Tech. Inc.)
S3 moufiltr; C:\WINDOWS\System32\DRIVERS\moufiltr.sys [62592 2007-01-14] (Chic Tech.)
R3 MTsensor; C:\WINDOWS\System32\DRIVERS\ASACPI.sys [5810 2004-08-12] ()
R2 PDFSFilter; C:\WINDOWS\System32\DRIVERS\PDFsFilter.sys [66320 2011-06-30] (Raxco Software, Inc.)
R0 SI3132; C:\WINDOWS\System32\DRIVERS\SI3132.sys [80424 2007-10-03] (Silicon Image, Inc)
R0 SiFilter; C:\WINDOWS\System32\DRIVERS\SiWinAcc.sys [19240 2007-10-03] (Silicon Image, Inc)
R0 SiRemFil; C:\WINDOWS\System32\DRIVERS\SiRemFil.sys [15400 2007-10-03] (Silicon Image, Inc)
R0 snapman380; C:\WINDOWS\System32\DRIVERS\snman380.sys [134272 2009-10-24] (Acronis)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
R0 tdrpman174; C:\WINDOWS\System32\DRIVERS\tdrpm174.sys [971552 2009-10-24] (Acronis)
R2 tifsfilter; C:\WINDOWS\System32\DRIVERS\tifsfilt.sys [44704 2009-10-24] (Acronis)
S3 TVICHW32; C:\WINDOWS\system32\DRIVERS\TVICHW32.SYS [23600 2008-05-10] (EnTech Taiwan)
R3 yukonwxp; C:\WINDOWS\System32\DRIVERS\yk51x86.sys [285952 2007-12-06] (Marvell)
S3 Ad-Watch Connect Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys [X]
S3 EagleNT; \??\C:\WINDOWS\system32\drivers\EagleNT.sys [X]
S3 FLASHSYS; No ImagePath
S3 GMSIPCI; No ImagePath
S4 IntelIde; No ImagePath
S3 NTACCESS; No ImagePath
U2 RemoteRegistry;
S3 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S1 SpyEmrg; No ImagePath
U5 Tcpip6; C:\Windows\System32\Drivers\Tcpip6.sys [226880 2010-02-11] (Microsoft Corporation)
U3 TlntSvr;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-22 17:02 - 2014-04-22 17:02 - 00012804 _____ () C:\Documents and Settings\Robert\Desktop\FRST.txt
2014-04-22 17:02 - 2014-04-22 17:02 - 00000000 ____D () C:\Documents and Settings\Robert\Desktop\FRST-OlderVersion
2014-04-22 16:50 - 2014-04-22 16:50 - 00000000 ____D () C:\_OTL
2014-04-22 16:48 - 2014-04-22 16:48 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Robert\Desktop\OTL.exe
2014-04-21 09:43 - 2014-04-21 09:43 - 01016261 _____ (Thisisu) C:\Documents and Settings\Robert\Desktop\JRT.exe
2014-04-21 09:36 - 2014-04-21 09:38 - 00000000 ____D () C:\AdwCleaner
2014-04-21 09:35 - 2014-04-21 09:35 - 01322687 _____ () C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
2014-04-18 10:25 - 2014-04-18 10:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-17 21:09 - 2014-04-17 21:09 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Elephant Games
2014-04-17 21:09 - 2014-04-17 21:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Elephant Games
2014-04-17 21:08 - 2014-04-17 21:08 - 00002166 _____ () C:\Documents and Settings\Robert\Desktop\Hallowed Legends 2- The Templar CE.lnk
2014-04-17 21:08 - 2014-04-17 21:08 - 00000000 ____D () C:\Documents and Settings\Robert\Start Menu\Programs\Hallowed Legends 2- The Templar CE
2014-04-17 20:24 - 2014-04-22 17:02 - 00000000 ____D () C:\FRST
2014-04-17 20:22 - 2014-04-22 17:02 - 01048064 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe
2014-04-16 17:29 - 2014-04-16 17:29 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-16_17-29-39.txt
2014-04-16 17:29 - 2014-04-16 17:29 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-16_17-29-52.txt
2014-04-16 17:16 - 2014-04-16 17:58 - 00014907 _____ () C:\WINDOWS\KB971029.log
2014-04-15 18:30 - 2014-04-15 18:30 - 00000000 ____D () C:\Program Files\ESET
2014-04-15 18:30 - 2014-04-15 18:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2014-04-10 17:06 - 2014-04-16 22:08 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\AlawarEntertainment
2014-04-10 17:02 - 2014-04-10 17:02 - 00000000 ____D () C:\WINDOWS\Stray Souls 2 - Stolen Memories Collector's Edition
2014-04-10 16:59 - 2014-04-17 21:02 - 00000000 ____D () C:\Program Files\Games
2014-04-10 16:38 - 2014-04-10 16:38 - 00000000 ____D () C:\WINDOWS\Emberwing - Lost Legacy Collectors Edition
2014-04-09 19:47 - 2014-04-09 19:47 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\LestaStudio
2014-04-08 20:30 - 2014-04-08 20:30 - 00012775 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-08 20:30 - 2014-04-08 20:30 - 00003833 _____ () C:\WINDOWS\updspapi.log
2014-04-08 20:26 - 2014-04-08 20:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-08 20:23 - 2014-04-08 20:30 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-04-08 20:23 - 2014-04-08 20:30 - 00018550 _____ () C:\WINDOWS\FaxSetup.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00008868 _____ () C:\WINDOWS\ocgen.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00007077 _____ () C:\WINDOWS\tsoc.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00006170 _____ () C:\WINDOWS\comsetup.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00003744 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00002934 _____ () C:\WINDOWS\iis6.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00001026 _____ () C:\WINDOWS\ocmsn.log
2014-04-08 20:23 - 2014-04-08 20:30 - 00000927 _____ () C:\WINDOWS\msgsocm.log
2014-04-08 20:23 - 2014-04-08 20:26 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-04-08 20:22 - 2014-04-08 20:26 - 00009140 _____ () C:\WINDOWS\KB2922229.log
2014-04-08 16:07 - 2014-04-15 17:30 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-04-08 16:07 - 2014-04-08 16:07 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2014-04-08 16:06 - 2014-04-08 16:06 - 00714464 _____ () C:\Documents and Settings\Robert\Desktop\Adware-Removal-Tool-v3.8.exe
2014-04-05 18:30 - 2014-04-05 18:30 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-05_18-30-34.txt
2014-04-05 18:30 - 2014-04-05 18:30 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-05_18-30-16.txt
2014-04-05 14:45 - 2014-04-05 14:45 - 00000697 _____ () C:\Documents and Settings\Robert\Desktop\Demonoid.url
2014-04-05 08:43 - 2014-04-21 16:16 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-04-05 08:43 - 2014-04-14 16:47 - 00012480 _____ () C:\WINDOWS\setupapi.log
2014-04-05 08:43 - 2014-04-05 08:43 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-04 17:50 - 2014-04-04 17:50 - 00001880 _____ () C:\WINDOWS\bitssetup.log
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Program Files\SmartPack
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Documents and Settings\Robert\Start Menu\Programs\SmartPack
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Documents and Settings\Robert\My Documents\SmartPack
2014-04-03 16:58 - 2014-04-06 17:57 - 00000000 ____D () C:\Program Files\PCPitstop
2014-04-02 22:28 - 2014-04-02 22:30 - 00009333 _____ () C:\Documents and Settings\Robert\Application Data\Comma Separated Values (Windows).EML
2014-04-02 16:46 - 2014-04-02 16:46 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\tabagames
2014-04-01 15:02 - 2014-04-05 15:02 - 00000000 _____ () C:\Documents and Settings\Robert\hotfix.html
2014-03-29 08:48 - 2014-03-29 08:49 - 05192704 _____ (Geza Kovacs) C:\Documents and Settings\Robert\Desktop\unetbootin-windows-585.exe
2014-03-28 22:17 - 2014-04-21 21:22 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 22:17 - 2014-04-08 18:15 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-28 22:17 - 2014-04-08 18:15 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-03-28 22:17 - 2014-04-03 09:51 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-28 19:47 - 2014-03-28 19:57 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Natural Threat.Ominous Shores
2014-03-28 19:40 - 2014-03-28 19:40 - 00000000 ____D () C:\WINDOWS\Secret Trails - Frozen Heart Collector's Edition
2014-03-23 19:15 - 2014-03-23 19:15 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Application Data\Caphyon
2014-03-23 19:14 - 2014-03-23 19:14 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\H&R Block Canada Inc
2014-03-23 09:47 - 2014-03-23 09:47 - 00000000 ____D () C:\WINDOWS\Dark Romance - Vampire in Love Collector's Edition

==================== One Month Modified Files and Folders =======

2014-04-22 17:02 - 2014-04-22 17:02 - 00012804 _____ () C:\Documents and Settings\Robert\Desktop\FRST.txt
2014-04-22 17:02 - 2014-04-22 17:02 - 00000000 ____D () C:\Documents and Settings\Robert\Desktop\FRST-OlderVersion
2014-04-22 17:02 - 2014-04-17 20:24 - 00000000 ____D () C:\FRST
2014-04-22 17:02 - 2014-04-17 20:22 - 01048064 _____ (Farbar) C:\Documents and Settings\Robert\Desktop\FRST.exe
2014-04-22 17:01 - 2006-06-03 18:06 - 01207137 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-22 16:59 - 2013-09-14 20:51 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-22 16:59 - 2013-09-14 20:51 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-22 16:59 - 2004-08-04 08:00 - 00013710 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-22 16:58 - 2014-03-12 23:32 - 00000224 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-22 16:58 - 2010-03-11 23:40 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-22 16:58 - 2006-06-03 18:31 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-22 16:53 - 2006-06-03 18:32 - 00000278 ___SH () C:\Documents and Settings\Robert\ntuser.ini
2014-04-22 16:53 - 2006-06-03 18:31 - 00032584 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-22 16:51 - 2006-06-03 18:32 - 00000000 ____D () C:\Documents and Settings\Robert
2014-04-22 16:50 - 2014-04-22 16:50 - 00000000 ____D () C:\_OTL
2014-04-22 16:48 - 2014-04-22 16:48 - 00602112 _____ (OldTimer Tools) C:\Documents and Settings\Robert\Desktop\OTL.exe
2014-04-22 16:36 - 2010-10-30 14:18 - 00002521 _____ () C:\Documents and Settings\Robert\Desktop\Outlook 2007.lnk
2014-04-21 21:56 - 2008-08-16 09:32 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\uTorrent
2014-04-21 21:22 - 2014-03-28 22:17 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-21 21:12 - 2010-03-11 23:40 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-21 21:09 - 2013-05-25 08:34 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-21 16:16 - 2014-04-05 08:43 - 00000060 _____ () C:\WINDOWS\setupact.log
2014-04-21 09:43 - 2014-04-21 09:43 - 01016261 _____ (Thisisu) C:\Documents and Settings\Robert\Desktop\JRT.exe
2014-04-21 09:38 - 2014-04-21 09:36 - 00000000 ____D () C:\AdwCleaner
2014-04-21 09:35 - 2014-04-21 09:35 - 01322687 _____ () C:\Documents and Settings\Robert\Desktop\AdwCleaner.exe
2014-04-19 13:53 - 2010-10-30 14:30 - 00002515 _____ () C:\Documents and Settings\Robert\Desktop\Word 2007.lnk
2014-04-19 13:52 - 2010-10-30 13:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
2014-04-19 13:52 - 2007-01-13 18:03 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-04-19 09:31 - 2012-08-13 16:23 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-04-19 09:31 - 2012-08-13 16:23 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-04-19 09:30 - 2006-06-10 08:50 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Application Data\Adobe
2014-04-18 15:01 - 2013-03-20 18:20 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-04-18 10:58 - 2014-02-24 17:50 - 00000000 ____D () C:\HP Scans
2014-04-18 10:25 - 2014-04-18 10:25 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-17 21:09 - 2014-04-17 21:09 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Elephant Games
2014-04-17 21:09 - 2014-04-17 21:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Elephant Games
2014-04-17 21:08 - 2014-04-17 21:08 - 00002166 _____ () C:\Documents and Settings\Robert\Desktop\Hallowed Legends 2- The Templar CE.lnk
2014-04-17 21:08 - 2014-04-17 21:08 - 00000000 ____D () C:\Documents and Settings\Robert\Start Menu\Programs\Hallowed Legends 2- The Templar CE
2014-04-17 21:02 - 2014-04-10 16:59 - 00000000 ____D () C:\Program Files\Games
2014-04-17 16:52 - 2014-03-14 16:16 - 00000363 _____ () C:\DelFix.txt
2014-04-16 22:08 - 2014-04-10 17:06 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\AlawarEntertainment
2014-04-16 17:58 - 2014-04-16 17:16 - 00014907 _____ () C:\WINDOWS\KB971029.log
2014-04-16 17:29 - 2014-04-16 17:29 - 00002144 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-16_17-29-39.txt
2014-04-16 17:29 - 2014-04-16 17:29 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-16_17-29-52.txt
2014-04-15 18:30 - 2014-04-15 18:30 - 00000000 ____D () C:\Program Files\ESET
2014-04-15 18:30 - 2014-04-15 18:30 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\ESET
2014-04-15 18:30 - 2011-03-31 18:57 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-04-15 18:30 - 2006-09-03 15:13 - 00000000 ____D () C:\Documents and Settings\Guest
2014-04-15 18:30 - 2006-06-03 18:31 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-04-15 18:30 - 2006-06-03 18:09 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-04-15 18:30 - 2006-06-03 18:05 - 00000000 ____D () C:\WINDOWS\Registration
2014-04-15 17:30 - 2014-04-08 16:07 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2014-04-14 16:47 - 2014-04-05 08:43 - 00012480 _____ () C:\WINDOWS\setupapi.log
2014-04-10 17:02 - 2014-04-10 17:02 - 00000000 ____D () C:\WINDOWS\Stray Souls 2 - Stolen Memories Collector's Edition
2014-04-10 16:41 - 2012-01-28 21:02 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Boomzap
2014-04-10 16:38 - 2014-04-10 16:38 - 00000000 ____D () C:\WINDOWS\Emberwing - Lost Legacy Collectors Edition
2014-04-09 19:47 - 2014-04-09 19:47 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\LestaStudio
2014-04-08 20:30 - 2014-04-08 20:30 - 00012775 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-08 20:30 - 2014-04-08 20:30 - 00003833 _____ () C:\WINDOWS\updspapi.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00065536 _____ () C:\WINDOWS\system32\config\EventForwarding-Operational.Evt
2014-04-08 20:30 - 2014-04-08 20:23 - 00018550 _____ () C:\WINDOWS\FaxSetup.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00008868 _____ () C:\WINDOWS\ocgen.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00007077 _____ () C:\WINDOWS\tsoc.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00006170 _____ () C:\WINDOWS\comsetup.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00003744 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00002934 _____ () C:\WINDOWS\iis6.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00001026 _____ () C:\WINDOWS\ocmsn.log
2014-04-08 20:30 - 2014-04-08 20:23 - 00000927 _____ () C:\WINDOWS\msgsocm.log
2014-04-08 20:30 - 2013-08-07 15:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-08 20:30 - 2006-06-03 13:41 - 00000000 ____D () C:\WINDOWS\security
2014-04-08 20:26 - 2014-04-08 20:26 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-08 20:26 - 2014-04-08 20:23 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-08 20:26 - 2014-04-08 20:22 - 00009140 _____ () C:\WINDOWS\KB2922229.log
2014-04-08 20:26 - 2006-06-05 16:35 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 __HDC () C:\WINDOWS\$968930Uinstall_KB968930$
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 ____D () C:\WINDOWS\system32\winrm
2014-04-08 20:23 - 2014-04-08 20:23 - 00000000 ____D () C:\WINDOWS\$NtUninstallKB968930$
2014-04-08 20:23 - 2014-03-15 10:01 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
2014-04-08 20:23 - 2006-12-11 17:55 - 00000000 ____D () C:\WINDOWS\Microsoft.NET
2014-04-08 20:23 - 2006-06-03 18:03 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-04-08 20:23 - 2006-06-03 13:41 - 00000000 ____D () C:\WINDOWS\Help
2014-04-08 18:15 - 2014-03-28 22:17 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-04-08 18:15 - 2014-03-28 22:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-04-08 16:07 - 2014-04-08 16:07 - 00290304 _____ (Microsoft Corporation) C:\WINDOWS\system32\subinacl.exe
2014-04-08 16:06 - 2014-04-08 16:06 - 00714464 _____ () C:\Documents and Settings\Robert\Desktop\Adware-Removal-Tool-v3.8.exe
2014-04-08 15:00 - 2014-03-12 23:32 - 00000218 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-04-06 17:57 - 2014-04-03 16:58 - 00000000 ____D () C:\Program Files\PCPitstop
2014-04-05 18:30 - 2014-04-05 18:30 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-05_18-30-34.txt
2014-04-05 18:30 - 2014-04-05 18:30 - 00002020 _____ () C:\Documents and Settings\Robert\My Documents\AutoFix_2014-04-05_18-30-16.txt
2014-04-05 15:02 - 2014-04-01 15:02 - 00000000 _____ () C:\Documents and Settings\Robert\hotfix.html
2014-04-05 14:45 - 2014-04-05 14:45 - 00000697 _____ () C:\Documents and Settings\Robert\Desktop\Demonoid.url
2014-04-05 08:45 - 2010-04-03 19:22 - 00276806 _____ () C:\WINDOWS\system32\NvApps.xml
2014-04-05 08:43 - 2014-04-05 08:43 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-04-05 08:43 - 2006-06-04 12:06 - 00000000 ____D () C:\WINDOWS\nview
2014-04-04 20:45 - 2011-03-26 11:30 - 00131072 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-04-04 17:50 - 2014-04-04 17:50 - 00001880 _____ () C:\WINDOWS\bitssetup.log
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Program Files\SmartPack
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Documents and Settings\Robert\Start Menu\Programs\SmartPack
2014-04-04 17:33 - 2014-04-04 17:33 - 00000000 ____D () C:\Documents and Settings\Robert\My Documents\SmartPack
2014-04-03 09:51 - 2014-03-28 22:17 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-03 09:50 - 2014-03-14 16:22 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-04-02 22:30 - 2014-04-02 22:28 - 00009333 _____ () C:\Documents and Settings\Robert\Application Data\Comma Separated Values (Windows).EML
2014-04-02 16:46 - 2014-04-02 16:46 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\tabagames
2014-03-29 08:49 - 2014-03-29 08:48 - 05192704 _____ (Geza Kovacs) C:\Documents and Settings\Robert\Desktop\unetbootin-windows-585.exe
2014-03-28 22:17 - 2010-01-10 15:21 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-03-28 22:17 - 2010-01-10 15:21 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Malwarebytes
2014-03-28 22:17 - 2009-04-16 17:18 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-28 19:57 - 2014-03-28 19:47 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Natural Threat.Ominous Shores
2014-03-28 19:40 - 2014-03-28 19:40 - 00000000 ____D () C:\WINDOWS\Secret Trails - Frozen Heart Collector's Edition
2014-03-25 16:16 - 2006-06-04 20:46 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy
2014-03-24 20:09 - 2009-01-03 21:12 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\Simply Super Software
2014-03-23 19:15 - 2014-03-23 19:15 - 00000000 ____D () C:\Documents and Settings\Robert\Local Settings\Application Data\Caphyon
2014-03-23 19:14 - 2014-03-23 19:14 - 00000000 ____D () C:\Documents and Settings\Robert\Application Data\H&R Block Canada Inc
2014-03-23 09:47 - 2014-03-23 09:47 - 00000000 ____D () C:\WINDOWS\Dark Romance - Vampire in Love Collector's Edition

Files to move or delete:
====================
C:\Documents and Settings\Robert\Google_Earth_Pro_Patch_Setup.exe
C:\Documents and Settings\Robert\mylist.dat
C:\Documents and Settings\Robert\utorrent.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================


  • 0

#43
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts

Hi Jackpine,
No problem with the OTL fix log not showing, I would like to see it even though FRST is not reporting anything in there to look at.
The thumbs.db icon is visible because OTL tells Windows to show files with the hidden attribute.  That will go away after our cleanup.

If you open Windows Explorer, either via My Computer from the start menu, or press the Windows key + E,
you can find the fix log here: C:\_OTL\MovedFiles
Please post that log for me.

Your default search engine is not set in Internet Explorer, probably a consequence of removing conduit previously.
Here is how to fix that:

  • Open Internet Explorer by clicking the Start button 4f6cbd09-148c-4dd8-b1f2-48f232a2fd33_818. In the search box, type Internet Explorer, and then, in the list of results, click Internet Explorer.
  • Click the arrow to the right of the search box.
    605df6a9-5711-42f8-aa94-946ee7c48731_71.
  • Click Manage Search Providers.
  • Click the search provider you would like to set as the default, click Set as default, and then click Close.

Otherwise, I don't see any malware in that FRST log -
I would like to see that fix log then we can clean up my mess of tools once again  :)


  • 0

#44
Jackpine

Jackpine

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 347 posts

Here is the OTL fix log.

 

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 235582 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
User: Robert
->Temp folder emptied: 25482063 bytes
->Temporary Internet Files folder emptied: 2095867 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 131695709 bytes
->Flash cache emptied: 6563 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3705064 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 156.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 04222014_165056

 

Regarding my default search engine, I can't find Manage Search Providers.  (I use Firefox as my default browser and Google as my search engine - did I get that terminology right?  I'm pretty shaky in this area.)   Given what I just mentioned, how do I even open up Internet Explorer?  Shouldn't I be opening up Firefox?  Like I said, I really don't have a decent grasp of this part. 
 


  • 0

#45
Crowbar

Crowbar

    Teacher

  • GeekU Moderator
  • 4,161 posts

Hi Jackpine!

The default search in IE is not really critical for you to set, just a loose end I would like to tie up.  Nothing bad will happen if you don't set it, but doing a search with that box might not work right.

My previous instruction on how to open IE was for Vista and above, sorry about that.
For XP first look here:
click on Start
click on All Programs
Do you see an icon for Internet Explorer in there?
If not, then try this:
Click on Start
click on Search
click on All files and folders
in the All or Part of the file name box type:
internet explorer and click on search
You should see at least one shortcut in the list, double click on one of them to open IE

Firerefox has it's own setting, it's independent of the IE setting, and yes you got that terminology correct  :thumbsup:

Otherwise let's continue....
I would like to do a sweep for any remnants:
Step 1
bf_new.gif Please run Malwarebytes' Anti-Malware

  • Go to the Update tab and check for updates, please install any updates found.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Step 2
Note: You can use either Internet Explorer or Mozilla FireFox for this Scan.

Vista / 7 users: You will need to to right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator from the context menu.

Please go here then click on: EOLS1.gif
You will however need to disable your current installed Anti-Virus, how to do so can be read here.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the following instructions work with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: EOLS2.gif
  • When prompted allow Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Make sure that the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on:  EOLS3.gif
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, make sure you copy the logfile first!
  • Now click on: EOLS4.gif
  • Use notepad to open the logfile located at C:\Program Files\ESET\ESET Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

In your next reply I would like to see:

  •   Malwarebytes log file
  •   ESET online scan log - careful, this one is easy to miss.
     

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP