Jump to content

infected malware keeps popping back up


Recommended Posts

Hello johnnytay9! My name is Borislav and I will be glad to help you solve your malware problem.

Please note:

  • If you are a paying customer, you have the privilege to contact the help desk at Consumer Support. If you choose this option to get help, please let me know.
  • I recommend you to keep the instructions I will be giving you so that they are available to you at any time. You can save them in a text file or print them.
  • Make sure you read all of the instructions and fixes thoroughly before continuing with them.
  • Follow my instructions strictly and don’t hesitate to stop and ask me if you have any questions.
  • Post your log files, don't attach them. Every log file should be copy/pasted in your next reply.
  • Do not perform any kind of scanning and fixing without my instructions. If you want to proceed on your own, please let me know.
Step 1

Please uninstall this program: DeltaInstaller

Step 2

  • Launch Malwarebytes' Anti-Malware
  • Go to Update tab and select Check for Updates. If an update is found, it will download and install the latest version.
  • Go to Scanner tab and select Threat Scan, then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer,please do so immediately.

In your next reply, post the following log files:

  • Malwarebytes' Anti-Malware log
  • a new fresh FRST log
Link to post
Share on other sites

deleated deltainstaler I have added the last scan log as instructed but had to go about getting the log file a bit diffrently as instructed and the frst file

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 7/21/2014
Scan Time: 4:59:06 PM
Logfile: mbam 1.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.21.09
Rootkit Database: v2014.07.17.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Owner

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 305437
Time Elapsed: 17 min, 4 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.WeCare, HKU\S-1-5-21-1229272821-602609370-1417001333-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6ED0A312-78F5-493C-A90C-5DAF321D0BF8}, Quarantined, [fd30643eaecd9b9b0f89193e45bdf30d],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-07-2014
Ran by Owner (administrator) on OWNER-5F0C70B85 on 21-07-2014 18:44:31
Running from C:\Documents and Settings\Owner\My Documents\My Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
(Pinnacle Systems GmbH) C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Avid Technology, Inc.) C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NDS Technologies) C:\Documents and Settings\Owner\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe
(MagicISO, Inc.) C:\Program Files\MagicDisc\MagicDisc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
() C:\Documents and Settings\Owner\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe


==================== Registry (Whitelisted) ==================

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect"
HKU\S-1-5-21-1229272821-602609370-1417001333-1003\...\Run: [PCShowServer] => "C:\Documents and Settings\Owner\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrappe (the data entry has 7 more characters).
HKU\S-1-5-21-1229272821-602609370-1417001333-1003\...\Run: [steam] => C:\Program Files\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.genieo.com/?v=w3i18W_29&wtag=W3i_IA,206,0_01,StartPage,20140417,20056,FF28,0,6944
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C13224581F6CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
SearchScopes: HKCU - {497F0CB2-F3DA-4C33-804C-D99FF1235D9F} URL = http://search.genieo.com/results.html?v=w3i18W_29&wtag=W3i_IA,206,0_01,DefaultSearch,20140417,20056,FF28,0,6944&q={searchTerms}
SearchScopes: HKCU - {A6451A73-4159-47A5-927F-AEF5819BE63E} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3289663&CUI=UN20822354091131711&UM=2
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name -> {878B8524-AED5-4870-9A96-A515440DAC75} ->  No File
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} -  No File
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0bn7dit.default-1383525458218
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nds.com/PCShowPlugin - C:\Documents and Settings\Owner\Local Settings\Application Data\DIRECTV Player\npPCShowPlugin.dll No File
FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Documents and Settings\Owner\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Documents and Settings\Owner\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF user.js: detected! => C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0bn7dit.default-1383525458218\user.js
FF Extension: YouTube Video and Audio Downloader - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0bn7dit.default-1383525458218\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-03-08]
FF Extension: FlashGot - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0bn7dit.default-1383525458218\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-04-26]
FF Extension: InfoAtoms - C:\Program Files\Mozilla Firefox\extensions\infoatoms@infoatoms.com [2014-06-18]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-11]
FF HKLM\...\Firefox\Extensions: [infoatoms@infoatoms.com] - C:\Program Files\Mozilla Firefox\extensions\infoatoms@infoatoms.com

Chrome:
=======
CHR HomePage: hxxp://search.genieo.com/?v=w3i18W_29&wtag=W3i_IA,206,0_01,StartPage,20140417,20056,FF28,0,6944
CHR RestoreOnStartup: "hxxp://search.genieo.com/?v=w3i18W_29&wtag=W3i_IA,206,0_01,StartPage,20140417,20056,FF28,0,6944"
CHR Extension: (No Name) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\2.0.0.0_0 [2013-01-22]
CHR HKLM\...\Chrome\Extension: [abnkjjaindmeijiaclngfiegcocnlmic] - C:\Program Files\MediaViewV1\MediaViewV1alpha3970\ch\MediaViewV1alpha3970.crx [2013-01-22]
CHR HKLM\...\Chrome\Extension: [cjkieepjbfgdblnjfeemmlnodkbihjoc] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1829\ch\MediaViewerV1alpha1829.crx [2013-01-22]
CHR HKLM\...\Chrome\Extension: [fmhcgnejlbndjdbacbafhcemeodklfkg] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha207\ch\WebexpEnhancedV1alpha207.crx [2013-01-22]
CHR HKLM\...\Chrome\Extension: [hhbgpoakplhahbklhkcfbpicgjcaoglk] - C:\Program Files\InfoAtoms\Chrome\InfoAtoms.crx [2013-01-22]
CHR HKLM\...\Chrome\Extension: [kaakakfgoidcakmnmnlnbdgikehdmjhm] - C:\Program Files\MediaWatchV1\MediaWatchV1home854\ch\MediaWatchV1home854.crx [2013-01-22]
CHR HKLM\...\Chrome\Extension: [nmcplojcnfkidldniclmkldglinhfhjc] - C:\Program Files\MediaViewV1\MediaViewV1alpha5474\ch\MediaViewV1alpha5474.crx [2013-01-22]
CHR HKLM\...\Chrome\Extension: [ofmidfjimajmljniocckajfpmagihhpn] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta871\ch\VideoPlayerV3beta871.crx [2013-01-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
S2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [479232 2007-06-14] (ATI Technologies Inc.) [File not signed]
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-10-15] (Macrovision Europe Ltd.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 rpcnet; C:\WINDOWS\system32\rpcnet.exe [69792 2014-07-10] (Absolute Software Corp.)

==================== Drivers (Whitelisted) ====================

S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-14] (Microsoft Corporation)
S3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2301440 2007-06-14] (ATI Technologies Inc.) [File not signed]
R1 ATITool; C:\WINDOWS\System32\DRIVERS\ATITool.sys [24064 2006-11-10] () [File not signed]
S3 AVCSTRM; C:\WINDOWS\System32\DRIVERS\avcstrm.sys [13696 2008-04-14] (Microsoft Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 DELTA; C:\WINDOWS\System32\DRIVERS\delta.sys [302336 2007-01-25] (Midiman/M-Audio) [File not signed]
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-21] (Malwarebytes Corporation)
R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 MSTAPE; C:\WINDOWS\System32\DRIVERS\mstape.sys [49024 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 PinnacleMarvinAVS; C:\WINDOWS\System32\DRIVERS\MarvinAVS.sys [434176 2007-05-09] (Pinnacle a division of Avid Technology, Inc.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TRIDCap; C:\WINDOWS\System32\DRIVERS\AVerTM62.sys [859136 2012-11-22] (AVerMedia TECHNOLOGIES, Inc. ) [File not signed]
S3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
S0 cerc6; No ImagePath
S2 StarOpen; No ImagePath

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-21 17:23 - 2014-07-21 17:23 - 00001281 _____ () C:\Documents and Settings\Owner\My Documents\mbam 1.txt
2014-07-20 20:01 - 2014-07-20 20:01 - 00000000 ____D () C:\WINDOWS\LastGood
2014-07-20 19:52 - 2014-07-20 19:52 - 00000000 ____D () C:\Program Files\M-Audio
2014-07-20 19:52 - 2014-07-20 19:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\M-Audio
2014-07-20 19:52 - 2007-01-25 11:12 - 00302336 _____ (Midiman/M-Audio) C:\WINDOWS\system32\Drivers\delta.sys
2014-07-20 19:52 - 2007-01-25 11:12 - 00022528 _____ (Avid Technology, Inc.) C:\WINDOWS\system32\deltasio.dll
2014-07-20 19:52 - 2007-01-25 11:12 - 00019456 _____ (M-Audio) C:\WINDOWS\system32\DeltaCPL.cpl
2014-07-20 19:52 - 2007-01-25 11:11 - 01122304 _____ (M-Audio) C:\WINDOWS\system32\deltapnl.exe
2014-07-20 19:52 - 2007-01-25 11:11 - 00046592 _____ (M-Audio) C:\WINDOWS\system32\deltapnl.dll
2014-07-20 19:52 - 2007-01-25 10:54 - 00154112 _____ (Avid Technology, Inc.) C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
2014-07-20 19:52 - 2007-01-24 17:15 - 02502633 _____ (Avid Technology, Inc.) C:\WINDOWS\system32\pcifmdio.dll
2014-07-20 19:14 - 2014-07-20 19:14 - 00065536 _____ () C:\WINDOWS\Minidump\Mini072014-01.dmp
2014-07-19 10:32 - 2014-07-19 10:32 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071914-01.dmp
2014-07-19 09:22 - 2014-07-21 18:44 - 00000000 ____D () C:\FRST
2014-07-18 19:40 - 2014-07-18 19:46 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\you tube stuff
2014-07-18 13:26 - 2014-07-18 13:26 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071814-01.dmp
2014-07-17 20:05 - 2014-07-17 20:05 - 00093520 _____ () C:\Documents and Settings\Owner\Desktop\luchie$$$ & v rock mix down.mp3.sfk
2014-07-16 12:04 - 2014-07-16 12:04 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071614-01.dmp
2014-07-15 19:34 - 2014-07-15 19:35 - 08091315 _____ () C:\Documents and Settings\Owner\Desktop\JVC GY-HD110 Film Look in 3 Minutes Sharpness and iris settings   polarizing filter.flv
2014-07-15 11:56 - 2014-07-15 11:56 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071514-01.dmp
2014-07-14 19:42 - 2014-07-14 19:42 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071414-01.dmp
2014-07-13 14:28 - 2014-07-13 14:28 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071314-01.dmp
2014-07-13 07:52 - 2014-07-13 07:53 - 04947831 _____ () C:\Documents and Settings\Owner\Desktop\Ronnie Laws - Friends & Strangers.flv
2014-07-10 19:04 - 2014-07-20 19:55 - 00069792 _____ (Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.dll
2014-07-10 19:03 - 2014-07-10 19:03 - 00069792 ____N (Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.exe
2014-07-10 08:51 - 2014-07-10 08:51 - 00090112 _____ () C:\WINDOWS\Minidump\Mini071014-01.dmp
2014-07-10 08:44 - 2014-07-21 18:37 - 00017408 _____ () C:\WINDOWS\system32\rpcnetp.exe
2014-07-10 08:44 - 2014-07-10 19:01 - 00017408 _____ () C:\WINDOWS\system32\rpcnetp.dll
2014-07-09 17:08 - 2014-07-09 17:08 - 00000000 ____D () C:\New Folder
2014-07-07 19:49 - 2014-07-07 19:49 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070714-02.dmp
2014-07-07 17:34 - 2014-07-07 17:34 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070714-01.dmp
2014-07-05 20:34 - 2014-07-05 20:33 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070514-01.dmp
2014-07-05 19:46 - 2014-07-06 08:51 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\classes stuff
2014-07-03 19:01 - 2014-07-03 19:01 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070314-01.dmp
2014-06-30 20:59 - 2014-06-30 20:59 - 00065536 _____ () C:\WINDOWS\Minidump\Mini063014-01.dmp
2014-06-29 19:36 - 2014-06-29 19:37 - 00000014 _____ () C:\WINDOWS\system32\nvModes.dat
2014-06-29 09:26 - 2014-06-29 09:26 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062914-01.dmp
2014-06-28 16:33 - 2014-06-28 16:33 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Nvidia Corporation
2014-06-28 15:29 - 2014-06-28 15:29 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-28 15:29 - 2014-06-28 15:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-06-28 15:29 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-28 15:29 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-06-28 15:29 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-06-28 15:29 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-06-28 15:29 - 2014-05-07 14:42 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-06-28 15:28 - 2014-06-28 15:29 - 00004360 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-28 15:17 - 2014-06-28 15:17 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062814-02.dmp
2014-06-28 10:18 - 2014-06-28 10:18 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062814-01.dmp
2014-06-26 17:33 - 2014-06-29 19:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Ulead VideoGraphics Lab 1.0
2014-06-26 17:33 - 2014-06-26 17:33 - 00001889 _____ () C:\Documents and Settings\Owner\Desktop\Video Paint.lnk
2014-06-25 19:26 - 2014-06-25 19:26 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062514-02.dmp
2014-06-25 18:06 - 2014-06-25 18:06 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062514-01.dmp
2014-06-23 16:00 - 2014-06-23 16:00 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062314-01.dmp
2014-06-22 14:58 - 2014-06-22 14:58 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\HandBrake
2014-06-22 14:52 - 2014-06-22 14:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB932716-v2$
2014-06-22 14:51 - 2014-06-22 14:52 - 00005651 _____ () C:\WINDOWS\KB932716-v2.log
2014-06-22 14:51 - 2008-05-02 09:25 - 00465920 ____N (Microsoft Corporation) C:\WINDOWS\system32\imapi2fs.dll
2014-06-22 14:51 - 2008-05-02 09:25 - 00465920 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imapi2fs.dll
2014-06-22 14:51 - 2008-05-02 09:25 - 00317952 ____N (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2014-06-22 14:51 - 2008-05-02 09:25 - 00317952 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\imapi2.dll
2014-06-22 14:51 - 2008-05-02 06:49 - 00062976 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\cdrom.sys
2014-06-22 14:49 - 2014-06-22 14:49 - 00000892 _____ () C:\Documents and Settings\All Users\Desktop\DVDVideoSoft Free Studio.lnk
2014-06-22 14:49 - 2014-06-22 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
2014-06-22 14:45 - 2014-06-22 14:49 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-06-22 14:45 - 2014-06-22 14:45 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-22 14:44 - 2014-06-22 17:44 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\DVDVideoSoft
2014-06-22 09:19 - 2014-06-22 09:19 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\vgl crack
2014-06-21 20:55 - 2014-06-21 20:55 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\DVD Architect Studio 5.0 Projects

==================== One Month Modified Files and Folders =======

2014-07-21 18:45 - 2013-01-26 10:26 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\temp
2014-07-21 18:44 - 2014-07-19 09:22 - 00000000 ____D () C:\FRST
2014-07-21 18:43 - 2014-01-31 20:20 - 00014210 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-07-21 18:38 - 2013-04-18 17:35 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-21 18:37 - 2014-07-10 08:44 - 00017408 _____ () C:\WINDOWS\system32\rpcnetp.exe
2014-07-21 17:23 - 2014-07-21 17:23 - 00001281 _____ () C:\Documents and Settings\Owner\My Documents\mbam 1.txt
2014-07-21 17:08 - 2012-10-11 14:11 - 01087315 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-21 17:03 - 2013-01-26 10:26 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-07-21 16:58 - 2014-04-22 20:31 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-21 16:53 - 2012-10-11 14:56 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-20 20:05 - 2014-03-26 17:41 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-07-20 20:01 - 2014-07-20 20:01 - 00000000 ____D () C:\WINDOWS\LastGood
2014-07-20 20:01 - 2014-01-19 15:37 - 00822343 _____ () C:\WINDOWS\setupapi.log
2014-07-20 19:58 - 2013-11-10 19:43 - 00000000 ____D () C:\Program Files\Steam
2014-07-20 19:56 - 2008-04-13 19:00 - 00002278 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-20 19:55 - 2014-07-10 19:04 - 00069792 _____ (Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.dll
2014-07-20 19:55 - 2014-03-17 18:52 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-20 19:55 - 2013-04-18 17:35 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-20 19:55 - 2012-10-11 14:16 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-20 19:55 - 2012-10-11 10:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-07-20 19:55 - 2012-10-11 10:07 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-07-20 19:53 - 2013-05-20 21:09 - 00000349 _____ () C:\WINDOWS\Q813347.log
2014-07-20 19:53 - 2012-10-11 14:18 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-07-20 19:53 - 2012-10-11 14:16 - 00032414 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-20 19:52 - 2014-07-20 19:52 - 00000000 ____D () C:\Program Files\M-Audio
2014-07-20 19:52 - 2014-07-20 19:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\M-Audio
2014-07-20 19:52 - 2012-10-13 16:34 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-20 19:36 - 2012-10-11 14:10 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-07-20 19:14 - 2014-07-20 19:14 - 00065536 _____ () C:\WINDOWS\Minidump\Mini072014-01.dmp
2014-07-20 19:14 - 2013-03-01 16:56 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-19 19:06 - 2012-10-17 17:50 - 00000135 _____ () C:\WINDOWS\NeroDigital.ini
2014-07-19 10:32 - 2014-07-19 10:32 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071914-01.dmp
2014-07-18 19:46 - 2014-07-18 19:40 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\you tube stuff
2014-07-18 18:55 - 2013-05-21 20:00 - 00000000 ____D () C:\Cakewalk Projects
2014-07-18 17:10 - 2012-10-14 08:53 - 00105984 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-18 13:26 - 2014-07-18 13:26 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071814-01.dmp
2014-07-17 20:05 - 2014-07-17 20:05 - 00093520 _____ () C:\Documents and Settings\Owner\Desktop\luchie$$$ & v rock mix down.mp3.sfk
2014-07-16 19:47 - 2012-10-13 20:19 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Vegas Movie Studio HD Platinum 10.0 Projects
2014-07-16 18:59 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP70cb.tmp
2014-07-16 18:57 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP73d8.tmp
2014-07-16 12:04 - 2014-07-16 12:04 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071614-01.dmp
2014-07-16 11:34 - 2013-05-20 18:15 - 00001984 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-15 19:52 - 2012-12-07 21:55 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc
2014-07-15 19:35 - 2014-07-15 19:34 - 08091315 _____ () C:\Documents and Settings\Owner\Desktop\JVC GY-HD110 Film Look in 3 Minutes Sharpness and iris settings   polarizing filter.flv
2014-07-15 11:56 - 2014-07-15 11:56 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071514-01.dmp
2014-07-15 08:02 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP71b5.tmp
2014-07-14 19:42 - 2014-07-14 19:42 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071414-01.dmp
2014-07-13 14:28 - 2014-07-13 14:28 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071314-01.dmp
2014-07-13 07:53 - 2014-07-13 07:52 - 04947831 _____ () C:\Documents and Settings\Owner\Desktop\Ronnie Laws - Friends & Strangers.flv
2014-07-10 19:03 - 2014-07-10 19:03 - 00069792 ____N (Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.exe
2014-07-10 19:01 - 2014-07-10 08:44 - 00017408 _____ () C:\WINDOWS\system32\rpcnetp.dll
2014-07-10 09:00 - 2012-10-11 10:03 - 00190832 _____ () C:\WINDOWS\setupact.log
2014-07-10 08:51 - 2014-07-10 08:51 - 00090112 _____ () C:\WINDOWS\Minidump\Mini071014-01.dmp
2014-07-09 17:17 - 2014-03-15 22:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\convertor
2014-07-09 17:08 - 2014-07-09 17:08 - 00000000 ____D () C:\New Folder
2014-07-09 15:10 - 2013-08-14 08:07 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 15:07 - 2012-10-14 03:36 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 15:06 - 2012-10-14 07:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-07-08 20:54 - 2012-10-11 14:56 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-08 20:54 - 2012-10-11 14:56 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-08 19:58 - 2014-03-17 18:52 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-07-08 19:55 - 2013-11-15 19:52 - 01160880 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-07-08 19:44 - 2013-04-18 17:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2014-07-07 19:49 - 2014-07-07 19:49 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070714-02.dmp
2014-07-07 17:34 - 2014-07-07 17:34 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070714-01.dmp
2014-07-06 08:51 - 2014-07-05 19:46 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\classes stuff
2014-07-05 20:33 - 2014-07-05 20:34 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070514-01.dmp
2014-07-05 12:20 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP756e.tmp
2014-07-05 12:18 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP7714.tmp
2014-07-05 12:17 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP7639.tmp
2014-07-03 19:01 - 2014-07-03 19:01 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070314-01.dmp
2014-07-03 18:54 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP7a8f.tmp
2014-06-30 20:59 - 2014-06-30 20:59 - 00065536 _____ () C:\WINDOWS\Minidump\Mini063014-01.dmp
2014-06-29 19:44 - 2014-06-26 17:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Ulead VideoGraphics Lab 1.0
2014-06-29 19:37 - 2014-06-29 19:36 - 00000014 _____ () C:\WINDOWS\system32\nvModes.dat
2014-06-29 10:08 - 2012-10-11 14:30 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-06-29 10:07 - 2014-01-31 19:23 - 01143680 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2014-06-29 10:07 - 2014-01-31 19:23 - 01143680 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2014-06-29 10:07 - 2014-01-31 19:23 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-06-29 09:30 - 2014-01-30 22:18 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-29 09:26 - 2014-06-29 09:26 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062914-01.dmp
2014-06-28 16:33 - 2014-06-28 16:33 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Nvidia Corporation
2014-06-28 15:54 - 2013-01-24 18:22 - 01875706 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1229272821-602609370-1417001333-1003-0.dat
2014-06-28 15:54 - 2013-01-23 04:33 - 00389910 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-06-28 15:29 - 2014-06-28 15:29 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-28 15:29 - 2014-06-28 15:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-06-28 15:29 - 2014-06-28 15:28 - 00004360 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-28 15:29 - 2013-06-14 17:46 - 00000000 ____D () C:\Program Files\Java
2014-06-28 15:17 - 2014-06-28 15:17 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062814-02.dmp
2014-06-28 15:16 - 2012-10-11 09:58 - 00000000 ____D () C:\WINDOWS\addins
2014-06-28 10:18 - 2014-06-28 10:18 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062814-01.dmp
2014-06-26 17:33 - 2014-06-26 17:33 - 00001889 _____ () C:\Documents and Settings\Owner\Desktop\Video Paint.lnk
2014-06-26 17:33 - 2012-10-13 20:51 - 00000087 _____ () C:\WINDOWS\dswplug.ini
2014-06-26 17:33 - 2012-10-13 20:51 - 00000000 ____D () C:\Program Files\Common Files\Ulead Systems
2014-06-26 17:32 - 2012-10-13 20:51 - 00000000 ____D () C:\Program Files\Ulead Systems
2014-06-25 19:26 - 2014-06-25 19:26 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062514-02.dmp
2014-06-25 18:06 - 2014-06-25 18:06 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062514-01.dmp
2014-06-24 17:45 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP6cf2.tmp
2014-06-24 16:28 - 2012-12-07 21:58 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\dvdcss
2014-06-23 16:00 - 2014-06-23 16:00 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062314-01.dmp
2014-06-23 15:54 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP74f1.tmp
2014-06-22 17:44 - 2014-06-22 14:44 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\DVDVideoSoft
2014-06-22 14:58 - 2014-06-22 14:58 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\HandBrake
2014-06-22 14:52 - 2014-06-22 14:52 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB932716-v2$
2014-06-22 14:52 - 2014-06-22 14:51 - 00005651 _____ () C:\WINDOWS\KB932716-v2.log
2014-06-22 14:52 - 2012-10-11 10:04 - 01507520 _____ () C:\WINDOWS\iis6.log
2014-06-22 14:52 - 2012-10-11 10:04 - 01360596 _____ () C:\WINDOWS\FaxSetup.log
2014-06-22 14:52 - 2012-10-11 10:04 - 00659180 _____ () C:\WINDOWS\ocgen.log
2014-06-22 14:52 - 2012-10-11 10:04 - 00625781 _____ () C:\WINDOWS\tsoc.log
2014-06-22 14:52 - 2012-10-11 10:04 - 00462307 _____ () C:\WINDOWS\comsetup.log
2014-06-22 14:52 - 2012-10-11 10:04 - 00422220 _____ () C:\WINDOWS\msmqinst.log
2014-06-22 14:52 - 2012-10-11 10:04 - 00278581 _____ () C:\WINDOWS\ntdtcsetup.log
2014-06-22 14:52 - 2012-10-11 10:04 - 00238884 _____ () C:\WINDOWS\netfxocm.log
2014-06-22 14:52 - 2012-10-11 10:04 - 00094148 _____ () C:\WINDOWS\MedCtrOC.log
2014-06-22 14:52 - 2012-10-11 10:04 - 00075441 _____ () C:\WINDOWS\ocmsn.log
2014-06-22 14:52 - 2012-10-11 10:04 - 00069092 _____ () C:\WINDOWS\tabletoc.log
2014-06-22 14:52 - 2012-10-11 10:04 - 00068233 _____ () C:\WINDOWS\msgsocm.log
2014-06-22 14:52 - 2012-10-11 10:04 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-06-22 14:49 - 2014-06-22 14:49 - 00000892 _____ () C:\Documents and Settings\All Users\Desktop\DVDVideoSoft Free Studio.lnk
2014-06-22 14:49 - 2014-06-22 14:49 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
2014-06-22 14:49 - 2014-06-22 14:45 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-06-22 14:45 - 2014-06-22 14:45 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-06-22 14:16 - 2012-10-20 07:39 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\AMAREC
2014-06-22 14:09 - 2012-10-11 14:19 - 00113080 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2014-06-22 14:08 - 2012-10-11 10:03 - 01647648 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-06-22 12:11 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP72ed.tmp
2014-06-22 09:19 - 2014-06-22 09:19 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\vgl crack
2014-06-21 22:22 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP7b1b.tmp
2014-06-21 20:55 - 2014-06-21 20:55 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\DVD Architect Studio 5.0 Projects

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\temp\37_jre-7u21-windows-i586.exe
C:\Documents and Settings\Owner\Local Settings\temp\air3F.exe
C:\Documents and Settings\Owner\Local Settings\temp\air8B.exe
C:\Documents and Settings\Owner\Local Settings\temp\air8C.exe
C:\Documents and Settings\Owner\Local Settings\temp\D2M-Precheck.exe
C:\Documents and Settings\Owner\Local Settings\temp\DrvInst64.exe
C:\Documents and Settings\Owner\Local Settings\temp\Firefox Setup 13.0.1.exe
C:\Documents and Settings\Owner\Local Settings\temp\GenericUninstall.exe
C:\Documents and Settings\Owner\Local Settings\temp\IeSearchProvider4854050226234968393.exe
C:\Documents and Settings\Owner\Local Settings\temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\temp\jre-7u60-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\temp\OtshotInstaller7.exe
C:\Documents and Settings\Owner\Local Settings\temp\setup_wm.exe
C:\Documents and Settings\Owner\Local Settings\temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Documents and Settings\Owner\Local Settings\temp\tbInt0.dll
C:\Documents and Settings\Owner\Local Settings\temp\tbWhi0.dll
C:\Documents and Settings\Owner\Local Settings\temp\TotalSystemCare_Installer_4e1e2a0e398391e14a256cc1ed48384b.exe
C:\Documents and Settings\Owner\Local Settings\temp\uninst1.exe
C:\Documents and Settings\Owner\Local Settings\temp\uninstaller.exe
C:\Documents and Settings\Owner\Local Settings\temp\updater_uninstall.exe
C:\Documents and Settings\Owner\Local Settings\temp\WSSetup.exe
C:\Documents and Settings\Owner\Local Settings\temp\x2qsbhnp.dll


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

Link to post
Share on other sites

Step 1

Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Step 2

Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan button. Wait until is finished.
  • Click on Clean.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner\AdwCleaner[s0].txt as well.
In your next reply, post the following log files:
  • Junkware Removal Tool log
  • AdwCleaner log
  • a new fresh FRST log
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:24-07-2014 01
Ran by Owner (administrator) on OWNER-5F0C70B85 on 24-07-2014 15:17:59
Running from C:\Documents and Settings\Owner\My Documents\My Downloads
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore.exe
(Apple Computer, Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsssvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Pinnacle Systems GmbH) C:\PROGRA~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Family Safety\fsui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Avid Technology, Inc.) C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
(NDS Technologies) C:\Documents and Settings\Owner\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrapper.exe
(MagicISO, Inc.) C:\Program Files\MagicDisc\MagicDisc.exe
() C:\Documents and Settings\Owner\Local Settings\Application Data\DIRECTV Player\NDSPCShowServer.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] => C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [434080 2011-07-27] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [spUninstallDeleteDir] => rmdir /s /q "C:\WINDOWS\system32\config\systemprofile\Application Data\SearchProtect"
HKU\S-1-5-21-1229272821-602609370-1417001333-1003\...\Run: [PCShowServer] => "C:\Documents and Settings\Owner\Local Settings\Application Data\DIRECTV Player\PCShowServerPMWrappe (the data entry has 7 more characters).
HKU\S-1-5-21-1229272821-602609370-1417001333-1003\...\Run: [steam] => C:\Program Files\Steam\Steam.exe [1754816 2014-05-29] (Valve Corporation)
Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\MagicDisc.lnk
ShortcutTarget: MagicDisc.lnk -> C:\Program Files\MagicDisc\MagicDisc.exe (MagicISO, Inc.)
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files\Google\Drive\googledrivesync32.dll (Google)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x0C13224581F6CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
URLSearchHook: HKCU - YTNavAssistPlugin Class - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Windows Live Family Safety Browser Helper Class -> {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} -> C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [113024 2011-07-18] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [94208] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0bn7dit.default-1383525458218
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @nds.com/PCShowPlugin - C:\Documents and Settings\Owner\Local Settings\Application Data\DIRECTV Player\npPCShowPlugin.dll No File
FF Plugin HKCU: @nds.com/PlayerPlugin - C:\Documents and Settings\Owner\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Plugin HKCU: NDS.com/PlayerPlugin - C:\Documents and Settings\Owner\Local Settings\Application Data\DIRECTV Player\npPlayerPlugin.dll (NDS)
FF Extension: YouTube Video and Audio Downloader - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0bn7dit.default-1383525458218\Extensions\feca4b87-3be4-43da-a1b1-137c24220968@jetpack.xpi [2014-03-08]
FF Extension: FlashGot - C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0bn7dit.default-1383525458218\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2014-04-26]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2012-10-11]

Chrome:
=======
CHR HomePage: hxxp://search.genieo.com/?v=w3i18W_29&wtag=W3i_IA,206,0_01,StartPage,20140417,20056,FF28,0,6944
CHR RestoreOnStartup: "hxxp://search.genieo.com/?v=w3i18W_29&wtag=W3i_IA,206,0_01,StartPage,20140417,20056,FF28,0,6944"
CHR Extension: (No Name) - C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\2.0.0.0_0 [2013-01-22]
CHR HKLM\...\Chrome\Extension: [abnkjjaindmeijiaclngfiegcocnlmic] - C:\Program Files\MediaViewV1\MediaViewV1alpha3970\ch\MediaViewV1alpha3970.crx [2013-01-22]
CHR HKLM\...\Chrome\Extension: [cjkieepjbfgdblnjfeemmlnodkbihjoc] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1829\ch\MediaViewerV1alpha1829.crx [2013-01-22]
CHR HKLM\...\Chrome\Extension: [fmhcgnejlbndjdbacbafhcemeodklfkg] - C:\Program Files\WebexpEnhancedV1\WebexpEnhancedV1alpha207\ch\WebexpEnhancedV1alpha207.crx [2013-01-22]
CHR HKLM\...\Chrome\Extension: [kaakakfgoidcakmnmnlnbdgikehdmjhm] - C:\Program Files\MediaWatchV1\MediaWatchV1home854\ch\MediaWatchV1home854.crx [2013-01-22]
CHR HKLM\...\Chrome\Extension: [nmcplojcnfkidldniclmkldglinhfhjc] - C:\Program Files\MediaViewV1\MediaViewV1alpha5474\ch\MediaViewV1alpha5474.crx [2013-01-22]
CHR HKLM\...\Chrome\Extension: [ofmidfjimajmljniocckajfpmagihhpn] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta871\ch\VideoPlayerV3beta871.crx [2013-01-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [116608 2012-07-11] (SUPERAntiSpyware.com) [File not signed]
S2 Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [479232 2007-06-14] (ATI Technologies Inc.) [File not signed]
R2 Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [654848 2012-10-15] (Macrovision Europe Ltd.) [File not signed]
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-05-07] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 rpcnet; C:\WINDOWS\system32\rpcnet.exe [69792 2014-07-10] (Absolute Software Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 61883; C:\WINDOWS\System32\DRIVERS\61883.sys [48128 2008-04-14] (Microsoft Corporation)
S3 ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2301440 2007-06-14] (ATI Technologies Inc.) [File not signed]
R1 ATITool; C:\WINDOWS\System32\DRIVERS\ATITool.sys [24064 2006-11-10] () [File not signed]
S3 AVCSTRM; C:\WINDOWS\System32\DRIVERS\avcstrm.sys [13696 2008-04-14] (Microsoft Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
R3 DELTA; C:\WINDOWS\System32\DRIVERS\delta.sys [302336 2007-01-25] (Midiman/M-Audio) [File not signed]
R2 fssfltr; C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys [54760 2010-04-28] (Microsoft Corporation)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-07-24] (Malwarebytes Corporation)
R3 mcdbus; C:\WINDOWS\System32\DRIVERS\mcdbus.sys [116736 2009-02-24] (MagicISO, Inc.) [File not signed]
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-14] (Microsoft Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
S3 MSTAPE; C:\WINDOWS\System32\DRIVERS\mstape.sys [49024 2008-04-14] (Microsoft Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
S3 PinnacleMarvinAVS; C:\WINDOWS\System32\DRIVERS\MarvinAVS.sys [434176 2007-05-09] (Pinnacle a division of Avid Technology, Inc.)
S3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2008-04-13] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 TRIDCap; C:\WINDOWS\System32\DRIVERS\AVerTM62.sys [859136 2012-11-22] (AVerMedia TECHNOLOGIES, Inc. ) [File not signed]
S3 catchme; \??\C:\DOCUME~1\Owner\LOCALS~1\Temp\catchme.sys [X]
S0 cerc6; No ImagePath
S2 StarOpen; No ImagePath

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 15:09 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\system32\sqlite3.dll
2014-07-24 15:08 - 2014-07-24 15:16 - 00000000 ____D () C:\AdwCleaner
2014-07-23 19:52 - 2014-07-23 19:52 - 00007140 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-07-23 19:21 - 2014-07-23 19:21 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-21 17:23 - 2014-07-21 17:23 - 00001281 _____ () C:\Documents and Settings\Owner\My Documents\mbam 1.txt
2014-07-20 19:52 - 2014-07-20 19:52 - 00000000 ____D () C:\Program Files\M-Audio
2014-07-20 19:52 - 2014-07-20 19:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\M-Audio
2014-07-20 19:52 - 2007-01-25 11:12 - 00302336 _____ (Midiman/M-Audio) C:\WINDOWS\system32\Drivers\delta.sys
2014-07-20 19:52 - 2007-01-25 11:12 - 00022528 _____ (Avid Technology, Inc.) C:\WINDOWS\system32\deltasio.dll
2014-07-20 19:52 - 2007-01-25 11:12 - 00019456 _____ (M-Audio) C:\WINDOWS\system32\DeltaCPL.cpl
2014-07-20 19:52 - 2007-01-25 11:11 - 01122304 _____ (M-Audio) C:\WINDOWS\system32\deltapnl.exe
2014-07-20 19:52 - 2007-01-25 11:11 - 00046592 _____ (M-Audio) C:\WINDOWS\system32\deltapnl.dll
2014-07-20 19:52 - 2007-01-25 10:54 - 00154112 _____ (Avid Technology, Inc.) C:\WINDOWS\system32\M-AudioTaskBarIcon.exe
2014-07-20 19:52 - 2007-01-24 17:15 - 02502633 _____ (Avid Technology, Inc.) C:\WINDOWS\system32\pcifmdio.dll
2014-07-20 19:14 - 2014-07-20 19:14 - 00065536 _____ () C:\WINDOWS\Minidump\Mini072014-01.dmp
2014-07-19 10:32 - 2014-07-19 10:32 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071914-01.dmp
2014-07-19 09:22 - 2014-07-24 15:18 - 00000000 ____D () C:\FRST
2014-07-18 19:40 - 2014-07-18 19:46 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\you tube stuff
2014-07-18 13:26 - 2014-07-18 13:26 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071814-01.dmp
2014-07-17 20:05 - 2014-07-17 20:05 - 00093520 _____ () C:\Documents and Settings\Owner\Desktop\luchie$$$ & v rock mix down.mp3.sfk
2014-07-16 12:04 - 2014-07-16 12:04 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071614-01.dmp
2014-07-15 19:34 - 2014-07-15 19:35 - 08091315 _____ () C:\Documents and Settings\Owner\Desktop\JVC GY-HD110 Film Look in 3 Minutes Sharpness and iris settings   polarizing filter.flv
2014-07-15 11:56 - 2014-07-15 11:56 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071514-01.dmp
2014-07-14 19:42 - 2014-07-14 19:42 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071414-01.dmp
2014-07-13 14:28 - 2014-07-13 14:28 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071314-01.dmp
2014-07-13 07:52 - 2014-07-13 07:53 - 04947831 _____ () C:\Documents and Settings\Owner\Desktop\Ronnie Laws - Friends & Strangers.flv
2014-07-10 19:04 - 2014-07-24 15:13 - 00069792 _____ (Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.dll
2014-07-10 19:03 - 2014-07-10 19:03 - 00069792 ____N (Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.exe
2014-07-10 08:51 - 2014-07-10 08:51 - 00090112 _____ () C:\WINDOWS\Minidump\Mini071014-01.dmp
2014-07-10 08:44 - 2014-07-24 15:13 - 00017408 _____ () C:\WINDOWS\system32\rpcnetp.exe
2014-07-10 08:44 - 2014-07-10 19:01 - 00017408 _____ () C:\WINDOWS\system32\rpcnetp.dll
2014-07-09 17:08 - 2014-07-09 17:08 - 00000000 ____D () C:\New Folder
2014-07-07 19:49 - 2014-07-07 19:49 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070714-02.dmp
2014-07-07 17:34 - 2014-07-07 17:34 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070714-01.dmp
2014-07-05 20:34 - 2014-07-05 20:33 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070514-01.dmp
2014-07-05 19:46 - 2014-07-06 08:51 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\classes stuff
2014-07-03 19:01 - 2014-07-03 19:01 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070314-01.dmp
2014-06-30 20:59 - 2014-06-30 20:59 - 00065536 _____ () C:\WINDOWS\Minidump\Mini063014-01.dmp
2014-06-29 19:36 - 2014-06-29 19:37 - 00000014 _____ () C:\WINDOWS\system32\nvModes.dat
2014-06-29 09:26 - 2014-06-29 09:26 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062914-01.dmp
2014-06-28 16:33 - 2014-06-28 16:33 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Nvidia Corporation
2014-06-28 15:29 - 2014-06-28 15:29 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-28 15:29 - 2014-06-28 15:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-06-28 15:29 - 2014-05-07 15:02 - 00096680 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-06-28 15:29 - 2014-05-07 14:59 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-06-28 15:29 - 2014-05-07 14:59 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-06-28 15:29 - 2014-05-07 14:58 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-06-28 15:29 - 2014-05-07 14:42 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-06-28 15:28 - 2014-06-28 15:29 - 00004360 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-28 15:17 - 2014-06-28 15:17 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062814-02.dmp
2014-06-28 10:18 - 2014-06-28 10:18 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062814-01.dmp
2014-06-26 17:33 - 2014-06-29 19:44 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Ulead VideoGraphics Lab 1.0
2014-06-26 17:33 - 2014-06-26 17:33 - 00001889 _____ () C:\Documents and Settings\Owner\Desktop\Video Paint.lnk
2014-06-25 19:26 - 2014-06-25 19:26 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062514-02.dmp
2014-06-25 18:06 - 2014-06-25 18:06 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062514-01.dmp

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-24 15:18 - 2014-07-19 09:22 - 00000000 ____D () C:\FRST
2014-07-24 15:18 - 2013-01-26 10:26 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\temp
2014-07-24 15:16 - 2014-07-24 15:08 - 00000000 ____D () C:\AdwCleaner
2014-07-24 15:16 - 2013-11-10 19:43 - 00000000 ____D () C:\Program Files\Steam
2014-07-24 15:16 - 2012-10-11 14:11 - 01177817 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-24 15:15 - 2014-04-22 20:31 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-24 15:14 - 2014-01-31 20:20 - 00014210 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-07-24 15:14 - 2008-04-13 19:00 - 00002278 _____ () C:\WINDOWS\system32\wpa.dbl
2014-07-24 15:13 - 2014-07-10 19:04 - 00069792 _____ (Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.dll
2014-07-24 15:13 - 2014-07-10 08:44 - 00017408 _____ () C:\WINDOWS\system32\rpcnetp.exe
2014-07-24 15:13 - 2014-03-17 18:52 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-07-24 15:13 - 2013-04-18 17:35 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-24 15:13 - 2012-10-11 14:16 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-24 15:13 - 2012-10-11 10:07 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-07-24 15:13 - 2012-10-11 10:07 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-07-24 15:12 - 2012-10-11 14:18 - 00000178 ___SH () C:\Documents and Settings\Owner\ntuser.ini
2014-07-24 15:12 - 2012-10-11 14:16 - 00032414 _____ () C:\WINDOWS\SchedLgU.Txt
2014-07-24 15:09 - 2014-03-26 17:41 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-07-24 15:05 - 2013-01-26 09:36 - 01354223 _____ () C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
2014-07-24 14:59 - 2012-10-11 14:56 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-07-24 14:57 - 2012-10-11 14:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-07-23 20:53 - 2012-10-11 14:56 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-23 20:44 - 2013-05-21 20:00 - 00000000 ____D () C:\Cakewalk Projects
2014-07-23 20:38 - 2013-04-18 17:35 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-23 19:52 - 2014-07-23 19:52 - 00007140 _____ () C:\Documents and Settings\Owner\Desktop\JRT.txt
2014-07-23 19:26 - 2014-06-18 20:59 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-23 19:21 - 2014-07-23 19:21 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-23 19:02 - 2013-01-26 10:26 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\temp
2014-07-23 18:48 - 2013-05-20 18:15 - 00001984 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-07-21 17:23 - 2014-07-21 17:23 - 00001281 _____ () C:\Documents and Settings\Owner\My Documents\mbam 1.txt
2014-07-20 20:01 - 2014-01-19 15:37 - 00822343 _____ () C:\WINDOWS\setupapi.log
2014-07-20 19:53 - 2013-05-20 21:09 - 00000349 _____ () C:\WINDOWS\Q813347.log
2014-07-20 19:52 - 2014-07-20 19:52 - 00000000 ____D () C:\Program Files\M-Audio
2014-07-20 19:52 - 2014-07-20 19:52 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\M-Audio
2014-07-20 19:52 - 2012-10-13 16:34 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-07-20 19:36 - 2012-10-11 14:10 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-07-20 19:14 - 2014-07-20 19:14 - 00065536 _____ () C:\WINDOWS\Minidump\Mini072014-01.dmp
2014-07-20 19:14 - 2013-03-01 16:56 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-19 19:06 - 2012-10-17 17:50 - 00000135 _____ () C:\WINDOWS\NeroDigital.ini
2014-07-19 10:32 - 2014-07-19 10:32 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071914-01.dmp
2014-07-18 19:46 - 2014-07-18 19:40 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\you tube stuff
2014-07-18 17:10 - 2012-10-14 08:53 - 00105984 _____ () C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-07-18 13:26 - 2014-07-18 13:26 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071814-01.dmp
2014-07-17 20:05 - 2014-07-17 20:05 - 00093520 _____ () C:\Documents and Settings\Owner\Desktop\luchie$$$ & v rock mix down.mp3.sfk
2014-07-16 19:47 - 2012-10-13 20:19 - 00000000 ____D () C:\Documents and Settings\Owner\My Documents\Vegas Movie Studio HD Platinum 10.0 Projects
2014-07-16 18:59 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP70cb.tmp
2014-07-16 18:57 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP73d8.tmp
2014-07-16 12:04 - 2014-07-16 12:04 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071614-01.dmp
2014-07-15 19:52 - 2012-12-07 21:55 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\vlc
2014-07-15 19:35 - 2014-07-15 19:34 - 08091315 _____ () C:\Documents and Settings\Owner\Desktop\JVC GY-HD110 Film Look in 3 Minutes Sharpness and iris settings   polarizing filter.flv
2014-07-15 11:56 - 2014-07-15 11:56 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071514-01.dmp
2014-07-15 08:02 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP71b5.tmp
2014-07-14 19:42 - 2014-07-14 19:42 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071414-01.dmp
2014-07-13 14:28 - 2014-07-13 14:28 - 00065536 _____ () C:\WINDOWS\Minidump\Mini071314-01.dmp
2014-07-13 07:53 - 2014-07-13 07:52 - 04947831 _____ () C:\Documents and Settings\Owner\Desktop\Ronnie Laws - Friends & Strangers.flv
2014-07-10 19:03 - 2014-07-10 19:03 - 00069792 ____N (Absolute Software Corp.) C:\WINDOWS\system32\rpcnet.exe
2014-07-10 19:01 - 2014-07-10 08:44 - 00017408 _____ () C:\WINDOWS\system32\rpcnetp.dll
2014-07-10 09:00 - 2012-10-11 10:03 - 00190832 _____ () C:\WINDOWS\setupact.log
2014-07-10 08:51 - 2014-07-10 08:51 - 00090112 _____ () C:\WINDOWS\Minidump\Mini071014-01.dmp
2014-07-09 17:17 - 2014-03-15 22:04 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\convertor
2014-07-09 17:08 - 2014-07-09 17:08 - 00000000 ____D () C:\New Folder
2014-07-09 15:10 - 2013-08-14 08:07 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 15:07 - 2012-10-14 03:36 - 93585272 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 15:06 - 2012-10-14 07:43 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Microsoft Help
2014-07-08 20:54 - 2012-10-11 14:56 - 00699056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-07-08 20:54 - 2012-10-11 14:56 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-07-08 19:58 - 2014-03-17 18:52 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-07-08 19:55 - 2013-11-15 19:52 - 01160880 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2014-07-08 19:44 - 2013-04-18 17:35 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Google Drive
2014-07-07 19:49 - 2014-07-07 19:49 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070714-02.dmp
2014-07-07 17:34 - 2014-07-07 17:34 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070714-01.dmp
2014-07-06 08:51 - 2014-07-05 19:46 - 00000000 ____D () C:\Documents and Settings\Owner\Desktop\classes stuff
2014-07-05 20:33 - 2014-07-05 20:34 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070514-01.dmp
2014-07-05 12:20 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP756e.tmp
2014-07-05 12:18 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP7714.tmp
2014-07-05 12:17 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP7639.tmp
2014-07-03 19:01 - 2014-07-03 19:01 - 00065536 _____ () C:\WINDOWS\Minidump\Mini070314-01.dmp
2014-07-03 18:54 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP7a8f.tmp
2014-06-30 20:59 - 2014-06-30 20:59 - 00065536 _____ () C:\WINDOWS\Minidump\Mini063014-01.dmp
2014-06-29 19:44 - 2014-06-26 17:33 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Ulead VideoGraphics Lab 1.0
2014-06-29 19:37 - 2014-06-29 19:36 - 00000014 _____ () C:\WINDOWS\system32\nvModes.dat
2014-06-29 10:08 - 2012-10-11 14:30 - 00000000 ____D () C:\WINDOWS\system32\ReinstallBackups
2014-06-29 10:07 - 2014-01-31 19:23 - 01143680 _____ () C:\WINDOWS\system32\nvdrsdb1.bin
2014-06-29 10:07 - 2014-01-31 19:23 - 01143680 _____ () C:\WINDOWS\system32\nvdrsdb0.bin
2014-06-29 10:07 - 2014-01-31 19:23 - 00000001 _____ () C:\WINDOWS\system32\nvdrssel.bin
2014-06-29 09:30 - 2014-01-30 22:18 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-29 09:26 - 2014-06-29 09:26 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062914-01.dmp
2014-06-28 16:33 - 2014-06-28 16:33 - 00000000 ____D () C:\Documents and Settings\Owner\Local Settings\Application Data\Nvidia Corporation
2014-06-28 15:54 - 2013-01-24 18:22 - 01875706 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1229272821-602609370-1417001333-1003-0.dat
2014-06-28 15:54 - 2013-01-23 04:33 - 00389910 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-06-28 15:29 - 2014-06-28 15:29 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-06-28 15:29 - 2014-06-28 15:29 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-06-28 15:29 - 2014-06-28 15:28 - 00004360 _____ () C:\WINDOWS\system32\jupdate-1.7.0_60-b19.log
2014-06-28 15:29 - 2013-06-14 17:46 - 00000000 ____D () C:\Program Files\Java
2014-06-28 15:17 - 2014-06-28 15:17 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062814-02.dmp
2014-06-28 15:16 - 2012-10-11 09:58 - 00000000 ____D () C:\WINDOWS\addins
2014-06-28 10:18 - 2014-06-28 10:18 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062814-01.dmp
2014-06-26 17:33 - 2014-06-26 17:33 - 00001889 _____ () C:\Documents and Settings\Owner\Desktop\Video Paint.lnk
2014-06-26 17:33 - 2012-10-13 20:51 - 00000087 _____ () C:\WINDOWS\dswplug.ini
2014-06-26 17:33 - 2012-10-13 20:51 - 00000000 ____D () C:\Program Files\Common Files\Ulead Systems
2014-06-26 17:32 - 2012-10-13 20:51 - 00000000 ____D () C:\Program Files\Ulead Systems
2014-06-25 19:26 - 2014-06-25 19:26 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062514-02.dmp
2014-06-25 18:06 - 2014-06-25 18:06 - 00065536 _____ () C:\WINDOWS\Minidump\Mini062514-01.dmp
2014-06-24 17:45 - 2012-10-11 09:58 - 00065536 _____ () C:\WINDOWS\DUMP6cf2.tmp
2014-06-24 16:28 - 2012-12-07 21:58 - 00000000 ____D () C:\Documents and Settings\Owner\Application Data\dvdcss

Some content of TEMP:
====================
C:\Documents and Settings\Owner\Local Settings\temp\37_jre-7u21-windows-i586.exe
C:\Documents and Settings\Owner\Local Settings\temp\air3F.exe
C:\Documents and Settings\Owner\Local Settings\temp\air8B.exe
C:\Documents and Settings\Owner\Local Settings\temp\air8C.exe
C:\Documents and Settings\Owner\Local Settings\temp\D2M-Precheck.exe
C:\Documents and Settings\Owner\Local Settings\temp\DrvInst64.exe
C:\Documents and Settings\Owner\Local Settings\temp\Firefox Setup 13.0.1.exe
C:\Documents and Settings\Owner\Local Settings\temp\GenericUninstall.exe
C:\Documents and Settings\Owner\Local Settings\temp\IeSearchProvider4854050226234968393.exe
C:\Documents and Settings\Owner\Local Settings\temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\temp\jre-7u60-windows-i586-iftw.exe
C:\Documents and Settings\Owner\Local Settings\temp\OtshotInstaller7.exe
C:\Documents and Settings\Owner\Local Settings\temp\Quarantine.exe
C:\Documents and Settings\Owner\Local Settings\temp\setup_wm.exe
C:\Documents and Settings\Owner\Local Settings\temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Documents and Settings\Owner\Local Settings\temp\tbInt0.dll
C:\Documents and Settings\Owner\Local Settings\temp\tbWhi0.dll
C:\Documents and Settings\Owner\Local Settings\temp\TotalSystemCare_Installer_4e1e2a0e398391e14a256cc1ed48384b.exe
C:\Documents and Settings\Owner\Local Settings\temp\uninst1.exe
C:\Documents and Settings\Owner\Local Settings\temp\updater_uninstall.exe
C:\Documents and Settings\Owner\Local Settings\temp\WSSetup.exe
C:\Documents and Settings\Owner\Local Settings\temp\x2qsbhnp.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End Of Log ============================

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Microsoft Windows XP x86
Ran by Owner on Wed 07/23/2014 at 19:23:00.57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1229272821-602609370-1417001333-1003\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\yt.ytnavassistplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB8B3AE-757D-443F-B3A4-0629E709B0D9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1229272821-602609370-1417001333-1003\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\infoatoms
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220222182204}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289663
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289847
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550255185504}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660266186604}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{497F0CB2-F3DA-4C33-804C-D99FF1235D9F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A6451A73-4159-47A5-927F-AEF5819BE63E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}



~~~ Files

Successfully deleted: [File] "C:\Documents and Settings\Owner\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] "C:\Program Files\mozilla firefox\nsprotector.js"
Successfully deleted: [File] "C:\end"



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\tarma installer"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Application Data\searchprotect"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\Owner\Local Settings\Application Data\visi_coupon"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\Program Files\infoatoms"
Successfully deleted: [Folder] "C:\Program Files\oapps"
Successfully deleted: [Folder] "C:\Program Files\videoplayerv3"



~~~ FireFox

Successfully deleted: [File] C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\v0bn7dit.default-1383525458218\user.js
Successfully deleted: [Folder] "C:\Program Files\Mozilla Firefox\extensions\infoatoms@infoatoms.com"
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\infoatoms@infoatoms.com
Successfully deleted the following from C:\Documents and Settings\Owner\Application Data\mozilla\firefox\profiles\v0bn7dit.default-1383525458218\prefs.js

user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN15729991126104400&UM=2&UP=SP00E42F5F-023F-4C24-9272
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3298566&octid=CT3298566&SearchSource=61&CUI=UN15729991126104400&UM=2&UP=SP00E42F5F-023F-4C24-9272-





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 07/23/2014 at 19:52:38.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

# AdwCleaner v3.216 - Report created 24/07/2014 at 15:11:08
# Updated 17/07/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Owner - OWNER-5F0C70B85
# Running from : C:\Documents and Settings\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\MediaPlayerV1
Folder Deleted : C:\Program Files\MediaViewerV1
Folder Deleted : C:\Program Files\MediaViewV1
Folder Deleted : C:\Program Files\MediaWatchV1
Folder Deleted : C:\DOCUME~1\Owner\LOCALS~1\Temp\AirInstaller
File Deleted : C:\DOCUME~1\Owner\LOCALS~1\Temp\uninstaller.exe

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\hhbgpoakplhahbklhkcfbpicgjcaoglk
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\Iminent
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A1CCCE0D-AE21-42A2-BE58-8E6109410995}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{878B8524-AED5-4870-9A96-A515440DAC75}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\WINDOWS\system32\ARFC\wrtc.exe]
Key Deleted : HKLM\Software\BetterSurf
Key Deleted : HKLM\Software\InfoAtoms
Key Deleted : HKLM\Software\MediaPlayerV1
Key Deleted : HKLM\Software\MediaViewerV1
Key Deleted : HKLM\Software\MediaViewV1
Key Deleted : HKLM\Software\MediaWatchV1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Video Converter
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InfoAtoms
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PC Speed Maximizer_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v30.0 (en-US)

[ File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8u8smhmr.default\prefs.js ]


[ File : C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\v0bn7dit.default-1383525458218\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\Owner\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted [Extension] : igdhbblpcellaljokkpfhcjlagemhgjl

*************************

AdwCleaner[R0].txt - [5848 octets] - [24/07/2014 15:09:10]
AdwCleaner[s0].txt - [5867 octets] - [24/07/2014 15:11:08]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [5927 octets] ##########
 

Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.