Brownie

Hey Georgi, You young people with the excellent vision, have it all.... Darn, I printed it out and it looked just like an i (small eye) then I asked my wife (who's on her first day of retirement at (70) looked at it with her NEW GLASSES and said, yes it's a small (eye) then right after she says, well, it looks like both.... lol Ok, I'm going back and apologizing for being not just old but blind as well.. My implants aren't as good as they use to be.. Sorry and thanks a whole lot, I'll get it right this time Brownie

Hi Georgi, The outcome of my search found nothing by the name you provided: "kolwirk.dll" (without the quotes). Could you check that name again to make sure it's spelled the way you intended it to be? And I'll do another search in that "C" (without the quotes) folder. Of Note: I didn't open that folder, just did as you said and searched. Here's exactly what took place. I went to C:\FRST\Quarantine and there was one folder a plain C folder. After doing the Ctrl + F, the search engine came up and said: Search will not work because current folder is not Indexed. Use the Search Companion to search this folder. (Which I did). After getting File Not Found, I changed the search to include: System + Hidden files, and still found nothing. I then placed an * before the file name as in: *kolwirk.dll and it still found nothing. I then Removed the: .dll and searched for the file name itself and again nothing. Whoa!!!! A bomb shell just hit me: Remember that plain folder that you just got rid of that kept poping up on Boot and/or Restart? Well, the name on that Folder was simply: C also. Don't know if it was any relation, but felt I'd mention it to you? BTW: That Quarantime folder is: 8.47 GB in size. Here is what showed up when mousing over it: Folders: Documents & Settings, WINDOWS Files: prefs.js.xBAD PS: Sorry I couldn't find what you need... I made certain I had spelled the name right, etc., I'll await your reply on what to do (at this point) because I want to follow your steps in order. Sorry I had no results other than the above. Brownie

Hi Georgi, Here is the Fixlog.txt Report you requested. Note: If you should need the FRST scan report/s I have them saved in a folder just in case they're needed: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:25-06-2014 Ran by Donny at 2014-06-26 03:32:38 Run:5 Running from C:\Documents and Settings\Donny\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** start URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File SearchScopes: HKLM - DefaultScope value is missing. BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No File 2014-05-16 14:04 - 2014-05-23 00:37 - 00000000 _____ () C:\prefs.js Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00512310.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\34865341.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00512310.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\34865341.sys => ""="Driver" C:\Documents and Settings\Donny\Local Settings\Temp end ***************** HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} => value deleted successfully. 'HKCR\CLSID\{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}' => Key deleted successfully. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}' => Key deleted successfully. 'HKCR\CLSID\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully. 'HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}' => Key deleted successfully. 'HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}' => Key deleted successfully. 'HKCR\CLSID\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}' => Key deleted successfully. C:\prefs.js => Moved successfully. C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => Moved successfully. C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => Moved successfully. 'HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\00512310.sys' => Key deleted successfully. 'HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\34865341.sys' => Key deleted successfully. 'HKLM\System\CurrentControlSet\Control\SafeBoot\Network\00512310.sys' => Key deleted successfully. 'HKLM\System\CurrentControlSet\Control\SafeBoot\Network\34865341.sys' => Key deleted successfully. C:\Documents and Settings\Donny\Local Settings\Temp => Moved successfully. ==== End of Fixlog ==== Going now to upload the: "Kolwirk.dll" to Bleeping for you. Thanks, Brownie

Hi Georgi, Quite a list. lol Ok, I'll start on it and don't think I'm lost if you don't hear back from me for a day or so. I'll follow your steps to the Letter. Right on down the list... Posting the results as per your request/s. Thanks, that was no easy deal to post... lol Quite a long list of to do's... Thanks for sticking with me. It's really appreciated. You're super! Best Regards, Brownie

Hey Georgi, I did what you said, and you're right! When I rebooted that window did not come up. lol Ok I'll wait for the next step. Thanks Brownie

Hi Georgi, I don't like anything to get me down, so I put it on Zippyshare using your instructions for 7-zip. Also of note, the new tool for uploading files is located under "uploading tools". And yes, I know you're not suppose to have to do that. But otherwise a message came up saying: "C:\fakepath\AutoRuns.7z" with a red oblong box that simply said: "Remove". Regardless, here is the link and I hope you get the file ok: http://www12.zippyshare.com/v/66414339/file.html Please let me know if it worked for you. Thanks again, Brownie

Thanks Georgi, Guess you can tell I've never had reason to have to zip any file in years and years, and when it was called for my emailing program/s took care of that. My old mind was telling me that 7-Zip must only be good for compressing large amounts of files, in order to make more room on the drive/s, or for Unzipping. I'll follow your directions and get the file uploaded to one of those sites and post the url to it here. PS: For the record, there is a (new) Zippyshare Program (on ZippyShare site to download) that will automate the uploads to Zippyshare, as well as provide the url link, without ever having to leave your desktop. It's definitely new since I last used Zippyshare 3 or 4 years back. That was the only way I could upload the file. The Upload button on their site wouldn't work. OK, I'll be sure to convert it right this time. Thanks, Brownie

Hi George, Once again, I'm sorry for the long delay, but I'm really having some Major problems trying to get that damn file to upload to Zippyshare. I even downloaded their new "Auto Upload" and the same thing takes place. The file gets there but it shows ZERO bytes. The file was originally 1.68 MB. And I honestly don't know if it's really zipped right. I had to use my son's 7-zip, and I don't think that's really working as it should. When it uploaded it gave me a link to it, but I couldn't get the link. It was not scrollable, to get it all, and it would not let me select the link to copy it. So I finally attempted to download (recommended by "PC World") a small zipping program called: "Hampster". It was installing and then it popped up a window saying: The procedure entry point "RegGetValueA" could not be located in the dynamic Link Library ADVAPI32.dll. It seems everything is going to go smooth and then this kind of thing takes place. Thanks for anything you can tell me on how to handle this, in order to get that file to you. Regards Brownie

Hi George, I had to run the program again and this time there was no problem saving it. I'll download WinZip since my son doesn't have any zip program on here. PS: The file should soon be on Zippyshare, and the Link to it posted here, if all goes well. "Hopefully" Thanks, Brownie

Hi Georgi, Concerning: "AutoRuns" I downloaded it, and followed your instructions. It all went well, until I tried to save it. I can't get it to save. Thanks for anything you can give me that will help in my dilemma. PS: I would have had it for you last night. If you don't mind, type it out and I'll copy what you type and paste it in, and then see if it will save. Thanks, Brownie

Hi Georgi, Here are the CMD Reports you requested: Don't know if I attached them right but I'm sure you'll let me know if you can't open them report1.txt report2.txt report3.txt report4.txt Best Regards, Brownie

Gosh Georgi, I'm sorry as heck.. I said it reads "C:\Windows" when in fact, I meant to say: It reads: "C:\Documents" (without the quotes) Now I think it will make more sense. Hopefully. Yes I know that C:\ is quite different than C:\Windows... lol Sorry, for that mistake. And I thought I'd Proof read it... lol So yes, that folder itself, is definitely located in: C:\ When you're at C:\ , the folder's name is simply: "Documents" (Not My Documents) Just "Documents", so naturally if you were to click on it (which I don't) it would then show: C:\Documents. The same as it shows when it comes up on the Desktop. Does that now make more sense? Thanks so very much, I honestly don't know how I made that error in thought. I think the heat here has gotten to me. Suppose to go up to 100 Degrees F. today... Yesterday I had no air conditioning and was nearly an Ink spot by the time we got the Air conditioner installed late last night. Hopefully that will cool my brain down a bit so it will work 1/2 was right. lol I am terribly sorry, as that sure confused me too after re-reading what I'd written out for you. Thanks and again, I'm sorry for the confusion on my part. My Best Brownie

Hi Georgi, Success in the installing the driver. Since it's a Dell computer, and my son found his original CD's that came with it, there was one with all the drivers. Number 2 on the list was just what we needed. It loaded the file on the desktop and from there it was automatic installation. Granted that driver may be out of date (possibly) but it's working fine. So I'm assured it's the correct one for that mother board's "Chip Set". Thought you'd like to know. Before I do this other step for that Window, I'm thinking you'd want me to first complete this last step for posting the (4) CMD Txt results. Hope I'm right. PS: I'll download AutoRuns and follow your steps to the letter. The path to that window is: C:\ Hope that's what you wanted. when it comes up, in the top bar it's shows: C:\Windows And it's definitely residing in C:\ Thanks, Brownie

Hi Georgi, My full Apologies for my delay, I'm currently (now) down to the last step before doing the CMD reports. I Disabled those start up items you listed in msconfig, but that C:\Documents "folder" is still alive and well.. Although it still comes up during (both) Cold Boot as well as on Restarts, it gives no other (seeable) problem. If I click on the X to close it, it drops down onto the Task Bar, and then if I "Right Click" on it and click on "Close" it then closes. I went to C:\ and the folder is in there. It's empty. Under the "Properties" General Tab, it's showing Size is 0 bytes, Size on disk 0 bytes, and is marked (as the other folders in there are) "Read Only" (and again as the other folders in there are) under Advanced: the box is checked: "For fast searching, allow indexing service to index this folder" Ok I'm on to installing the drivers for the Chipset. Thanks again so very much for understanding my situation, it's much appreciated. Brownie

Hi Georgi, Sorry, I had a couple of bad days (old age I guess) but I'm now back and going to get that report to you ASAP.. Thanks for asking. I was like the red headed step child for a while there. lol One thing you can bet on, is the fact I won't be leaving you until we've completed the task. Then I'll be using paypal. In the meantime, I do want to really thank you for sticking with me on this. Thanks my friend, Brownie

Hi Georgi, I'll follow the list you sent and let you know how it goes. I'm familiar with most all of it, so I have a good grip on that, so it ought to go smooth. Of (I think) great importance for you to know: I knew that system had to have some powerful infections in it, since before I came on here to get help, I'd checked over all the things I could and the one thing I noticed was the fact that most everything had been "Disabled" when I ran: "Services.msc" Concerning the "Disabled Floppy Drive" this is why that's reported as being Disabled... McAfee sent an Update out to folks a couple of months back, that had bugs in it. After the computers started up they would keep accessing the A: drive/s, making them chatter like heck over and over constantly. I had already solved that problem in our computers, via way of "Device Manager" and then "Disabling the Floppy Drives" even before anyone knew what the real problem was. So until we get word from McAfee the Disabled Reports for that (the Floppy Drive) are correct. Also the Re-Installation of McAfee went smooth and it's now working fine, right alongside of MBAM in Real Time too. I wanted to let you know about that. OK, I'll get that list of work done and give you the results. Thanks again so very much Your friend, Brownie

Here is: "Additional txt": Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-06-2014 Ran by Donny at 2014-06-06 15:12:13 Running from C:\Documents and Settings\Donny\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== ==================== Installed Programs ====================== 32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden 4500_G510gm_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden 4500G510gm (Version: 000.0.423.000 - Hewlett-Packard) Hidden 4500G510gm_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden 7-Zip 9.20 (HKLM\...\7-Zip) (Version: - ) 888pokerNJ (HKLM\...\888pokerNJ) (Version: - ) Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.) Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.) Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated) Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated) Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden Adobe Photoshop CS5 (HKLM\...\{3EB745BA-194F-4475-9164-B20BB2172395}) (Version: 12.0 - Adobe Systems Incorporated) Adobe Reader X (10.1.2) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated) Apple Application Support (HKLM\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{8153ED9A-C94A-426E-9880-5E6775C08B62}) (Version: 4.0.0.97 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) BorgataPoker (HKLM\...\BorgataPoker) (Version: - theBorgata) BovadaPoker (HKLM\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version: - ) BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - ) Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.) Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell) Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden DocMgr (Version: 130.0.000.000 - Hewlett-Packard) Hidden DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen) ESPNMotion (HKLM\...\ESPNMotion) (Version: 2.1.6.0011 - ESPN Internet Ventures) Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden Free YouTube to MP3 Converter version 3.12.33.424 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.33.424 - DVDVideoSoft Ltd.) FrostWire 5.3.8 (HKLM\...\FrostWire 5) (Version: 5.3.8.0 - FrostWire Team) GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version: - ) GeoComply Browser Plugin (HKLM\...\{31575B33-1F39-46C6-970F-3E2C45EF9DA8}) (Version: 2.1.7.1 - GeoComply) Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.) Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation) HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP) HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP) HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP) HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP) HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP) HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP) HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP) HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard) HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden InfraRecorder (HKLM\...\InfraRecorder) (Version: - Christian Kindahl) Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - ) Intel® PRO Network Connections (HKLM\...\{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}) (Version: - Dell) iRacing.com Race Simulation (HKLM\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0383 - iRacing.com Motorsport Simulations) iTunes (HKLM\...\{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}) (Version: 10.5.2.11 - Apple Inc.) Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech) MAGIX Music Maker 17 Premium Download Version (HKLM\...\MAGIX_MSI_mm17dlx) (Version: 17.0.2.6 - MAGIX AG) MAGIX Music Maker 17 Premium Download Version (Version: 17.0.2.6 - MAGIX AG) Hidden MAGIX Screenshare (HKLM\...\{4881B1D9-55E6-4F61-A76E-5836F12D3536}) (Version: 4.3.6.1987 - MAGIX AG) MAGIX Speed burnR (MSI) (HKLM\...\{FEE404D1-832A-48CA-8E2D-18830DE449CB}) (Version: 7.0.1.27 - MAGIX AG) Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation) MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden McAfee Online Backup (Version: - McAfee, Inc.) Hidden McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden Memeo AutoSync (HKLM\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.) Memeo Instant Backup (HKLM\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.) Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation) Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - ) Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - ) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) Hidden Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation) Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation) Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation) Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation) MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation) MSXML 6.0 Parser (HKLM\...\{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}) (Version: 6.00.3883.15 - Microsoft Corporation) NASCAR® Racing 2003 Season (HKLM\...\{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}) (Version: - Sierra Entertainment) Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden nj.partypoker (HKLM\...\partypokerNJ) (Version: - partyNJ) NJ.WSOP.com (HKLM\...\NJ.WSOP.com) (Version: - ) NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - ) OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP) Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version: - ) PasswordBox (HKLM\...\PasswordBox) (Version: 1.21.3.2423 - PasswordBox, Inc.) PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden PG Music DirectX Plugins 1.3.4.1 (HKLM\...\PG Music DirectX Plugins_is1) (Version: - PG Music Inc.) Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64) PS3 Media Server (HKLM\...\PS3 Media Server) (Version: 1.90.0 - PS3 Media Server) RealDrums Bonus Set (HKLM\...\bb_is1) (Version: - PG Music Inc.) Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio) Roxio MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.6 - Roxio) Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio) Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio) Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio) SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.) Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden Seagate Dashboard (HKLM\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.) Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP) SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4803.0 - SigmaTel) Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.) SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions) Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions) Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden SuperNZB v4.0.6 (HKLM\...\SuperNZB_is1) (Version: - ) TempoPerfect Metronome Software (HKLM\...\TempoPerfect) (Version: - NCH Software) Tenorshare Photo Recovery (HKLM\...\Tenorshare Photo Recovery) (Version: - Tenorshare, Inc.) Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH) Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Media Player 10 (KB913800) (Version: - Microsoft Corporation) Hidden Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation) Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM\...\{3AC82D10-23DD-48F7-9E4A-FBD3792F2655}) (Version: 2.14.0307 - Samsung Electronics Co., Ltd.) Verizon Wireless Software Utility Application for Android - Samsung (HKLM\...\{B7C5C35E-E750-4D09-BD2E-381D10124CBB}) (Version: 2.14.0305 - Samsung Electronics Co., Ltd.) Video Download Capture V4.3.5 (HKLM\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.3.5 - Apowersoft) Virtual Sound Canvas DXi (HKLM\...\{745877DC-8FFE-4E4C-ABBC-589B887A47D1}) (Version: - ) Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0 - Microsoft Corporation) Hidden VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Connect (Version: - Microsoft Corporation) Hidden Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows Media Player Packages (HKCU\...\Windows Media Player Packages) (Version: - ) <==== ATTENTION Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation) Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation) Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation) Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation) Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 30-05-2014 04:04:01 System Checkpoint ==================== Hosts content: ========================== 2004-08-10 07:00 - 2004-08-10 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-DONNY-8E17D58B6-Donny.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe ==================== Loaded Modules (whitelisted) ============= 2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2004-08-10 07:00 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll 2004-08-10 07:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll 2004-08-10 07:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2004-08-10 07:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2010-04-13 21:11 - 2010-04-13 21:11 - 00077624 _____ () C:\Program Files\McAfee Online Backup\librs2.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00512310.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\34865341.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00512310.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\34865341.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver" ==================== EXE Association (whitelisted) ============= ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^Donny^Start Menu^Programs^Startup^Verizon Wireless Software Utility Application for Android – Samsung.lnk => C:\WINDOWS\pss\Verizon Wireless Software Utility Application for Android – Samsung.lnkStartup ==================== Faulty Device Manager Devices ============= Name: Standard floppy disk controller Description: Standard floppy disk controller Class Guid: {4D36E969-E325-11CE-BFC1-08002BE10318} Manufacturer: (Standard floppy disk controllers) Service: fdc Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: SM Bus Controller Description: SM Bus Controller Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. Name: Description: Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F} Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28) Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard. ==================== Event log errors: ========================= Application errors: ================== Error: (06/06/2014 10:01:08 AM) (Source: VSS) (EventID: 12302) (User: ) Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying to contact shadow copy service writers. Please check to see that the Event Service and Volume Shadow Copy Service are operating properly. Error: (06/04/2014 01:51:13 PM) (Source: VSS) (EventID: 12302) (User: ) Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying to contact shadow copy service writers. Please check to see that the Event Service and Volume Shadow Copy Service are operating properly. Error: (06/04/2014 11:12:13 AM) (Source: VSS) (EventID: 12302) (User: ) Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying to contact shadow copy service writers. Please check to see that the Event Service and Volume Shadow Copy Service are operating properly. Error: (06/04/2014 01:27:20 AM) (Source: VSS) (EventID: 12302) (User: ) Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying to contact shadow copy service writers. Please check to see that the Event Service and Volume Shadow Copy Service are operating properly. Error: (06/03/2014 11:50:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application McSvHost.exe, version 3.8.703.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000. Processing media-specific event for [McSvHost.exe!ws!] Error: (06/03/2014 07:15:58 PM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (06/03/2014 07:15:58 PM) (Source: crypt32) (EventID: 8) (User: ) Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired. Error: (06/02/2014 02:44:47 PM) (Source: VSS) (EventID: 12302) (User: ) Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying to contact shadow copy service writers. Please check to see that the Event Service and Volume Shadow Copy Service are operating properly. Error: (06/01/2014 07:07:57 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: Hanging application DellSystemDetect.exe, version 5.7.0.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (05/31/2014 06:45:50 PM) (Source: VSS) (EventID: 12302) (User: ) Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying to contact shadow copy service writers. Please check to see that the Event Service and Volume Shadow Copy Service are operating properly. System errors: ============= Error: (06/06/2014 02:37:45 PM) (Source: DCOM) (EventID: 10005) (User: DONNY-8E17D58B6) Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (06/06/2014 02:32:45 PM) (Source: DCOM) (EventID: 10005) (User: DONNY-8E17D58B6) Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (06/06/2014 02:32:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The McAfee Application Installer Cleanup (0150511402065688) service terminated unexpectedly. It has done this 1 time(s). Error: (06/06/2014 02:32:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: ) Description: Timeout (120000 milliseconds) waiting for a transaction response from the MBAMService service. Error: (06/06/2014 02:29:51 PM) (Source: DCOM) (EventID: 10005) (User: DONNY-8E17D58B6) Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (06/06/2014 02:29:51 PM) (Source: DCOM) (EventID: 10005) (User: DONNY-8E17D58B6) Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} Error: (06/06/2014 02:29:33 PM) (Source: 0) (EventID: 1) (User: ) Description: 0xC0000034_filelst.cfgHarddiskVolume1 Error: (06/06/2014 10:51:19 AM) (Source: PlugPlayManager) (EventID: 11) (User: ) Description: The device Root\LEGACY_MFEHIDK\0000 disappeared from the system without first being prepared for removal. Error: (06/06/2014 10:51:19 AM) (Source: PlugPlayManager) (EventID: 11) (User: ) Description: The device Root\LEGACY_MFEBOPK\0000 disappeared from the system without first being prepared for removal. Error: (06/06/2014 10:51:19 AM) (Source: PlugPlayManager) (EventID: 11) (User: ) Description: The device Root\LEGACY_MFEAVFK\0000 disappeared from the system without first being prepared for removal. Microsoft Office Sessions: ========================= Error: (06/06/2014 10:01:08 AM) (Source: VSS) (EventID: 12302) (User: ) Description: Error: (06/04/2014 01:51:13 PM) (Source: VSS) (EventID: 12302) (User: ) Description: Error: (06/04/2014 11:12:13 AM) (Source: VSS) (EventID: 12302) (User: ) Description: Error: (06/04/2014 01:27:20 AM) (Source: VSS) (EventID: 12302) (User: ) Description: Error: (06/03/2014 11:50:42 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: McSvHost.exe3.8.703.0unknown0.0.0.000000000 Error: (06/03/2014 07:15:58 PM) (Source: crypt32) (EventID: 8) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired. Error: (06/03/2014 07:15:58 PM) (Source: crypt32) (EventID: 8) (User: ) Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired. Error: (06/02/2014 02:44:47 PM) (Source: VSS) (EventID: 12302) (User: ) Description: Error: (06/01/2014 07:07:57 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: DellSystemDetect.exe5.7.0.6hungapp0.0.0.000000000 Error: (05/31/2014 06:45:50 PM) (Source: VSS) (EventID: 12302) (User: ) Description: ==================== Memory info =========================== Percentage of memory in use: 24% Total physical RAM: 3069.86 MB Available physical RAM: 2324.14 MB Total Pagefile: 4433.58 MB Available Pagefile: 3833.23 MB Total Virtual: 2047.88 MB Available Virtual: 1947.3 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.75 GB) (Free:50.83 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 47314730) Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS) ==================== End Of Log ============================ PS: It also produced another scan called: "Shortcuts" If you need it too, just let me know.. I'll wait for your next reply back. Thanks, we're getting there. lol Your friend, Brownie

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014 Ran by Donny (administrator) on DONNY-8E17D58B6 on 06-06-2014 15:08:31 Running from C:\Documents and Settings\Donny\Desktop Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe (SigmaTel, Inc.) C:\WINDOWS\stsystra.exe (InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe (Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) C:\Program Files\iRacing\iRacingService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe (Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe (Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe (Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe (Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe (Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [282624 2006-03-20] (SigmaTel, Inc.) HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [8491008 2007-09-17] (NVIDIA Corporation) HKLM\...\Run: [iSUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation) HKLM\...\Run: [iSUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation) HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation) HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions) HKLM\...\Run: [Zune Launcher] => c:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation) HKLM\...\Run: [switchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.) HKLM\...\Run: [seagate Dashboard] => C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] () HKLM\...\Run: [Memeo Instant Backup] => C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-04] (Memeo Inc.) HKLM\...\Run: [Memeo AutoSync] => C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-04] (Memeo Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.) HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard) HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.) HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated) HKLM\...\Policies\Explorer: [NoCDBurning] 0 HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe [247968 2011-12-17] (Adobe Systems, Inc.) HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation) HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-17] (Google Inc.) HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation) HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [Google Update] => "C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [DellSystemDetect] => C:\Documents and Settings\Donny\Local Settings\Apps\2.0\63498J4G.OPT\9AQAPGQO.QBA\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-28] (Dell) HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\MountPoints2: {7ce7db57-c569-11e2-8b1b-001676deffa7} - F:\VZW_Software_upgrade_assistant.exe Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKCU - DefaultScope {D8CDAC95-B82F-4A59-B757-7D3B30676E1B} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms} SearchScopes: HKCU - {D8CDAC95-B82F-4A59-B757-7D3B30676E1B} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms} BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.) BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions) BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No File BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.) Toolbar: HKLM - PasswordBox - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354481751750 DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 FireFox: ======== FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin: geocomply.com/gc_browser_plugin_client_c - C:\PROGRA~1\888POK~1\bin\gc\npgc-browser-plugin-client-c.dll (GeoComply) FF Plugin HKCU: geocomply.com/gc_browser_plugin_client_2_1_7 - C:\PROGRA~1\GEOCOM~1\GC-BRO~1\217~1.1\NPGC-B~1.DLL (GeoComply) FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-15] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR DefaultSearchKeyword: mcafee CHR DefaultSearchProvider: McAfee CHR DefaultSearchURL: http://search.yahoo.com/search?fr=mcafee&type=A211US0&p={searchTerms} CHR DefaultNewTabURL: CHR Extension: (Google Docs) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-23] CHR Extension: (Google Drive) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-23] CHR Extension: (PasswordBox) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdgldefdgecfggjdniencbihfhfnenke [2013-11-23] CHR Extension: (YouTube) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-25] CHR Extension: (Google Search) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-25] CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-06-25] CHR Extension: (DVDVideoSoft Browser Extension) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-02-05] CHR Extension: (Google Wallet) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30] CHR Extension: (Gmail) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-25] CHR HKCU\...\Chrome\Extension: [bdgldefdgecfggjdniencbihfhfnenke] - C:\Documents and Settings\Donny\Local Settings\Application Data\PasswordBox\Chrome\extension [2013-04-27] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-02-05] ========================== Services (Whitelisted) ================= S2 0150511402065688mcinstcleanup; C:\Documents and Settings\Donny\Local Settings\Temp\0150511402065688mcinst.exe [836168 2014-03-13] (McAfee, Inc.) R2 iRacingService; C:\Program Files\iRacing\iRacingService.exe [527016 2013-01-25] (iRacing.com Motorsport Simulations, LLC Bedford, MA 01730) R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation) R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-05-04] (Memeo) R2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.) S4 PasswordBox; C:\Program Files\PasswordBox\pbbtnService.exe [67584 2013-03-01] (PasswordBox, Inc.) S3 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo) S4 ZuneBusEnum; c:\Program Files\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [26080 2012-10-08] (Wondershare) S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1759584 2010-09-30] (Atheros Communications, Inc.) S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation) R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions) R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions) R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions) R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions) R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions) R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions) R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions) R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions) R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions) R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions) S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-05-18] (HP) S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-05-18] (HP) S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-05-18] (HP) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-06] (Malwarebytes Corporation) R1 MOBKFilter; C:\WINDOWS\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.) S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation) R0x01000000 papycpu2; C:\WINDOWS\System32\DRIVERS\papycpu2.sys [1984 2003-01-17] () R0x01000000 papyjoy; C:\WINDOWS\System32\DRIVERS\papyjoy.sys [1856 2003-01-17] () R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [187992 2001-04-13] (Roland) R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1156648 2006-03-20] (SigmaTel, Inc.) R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.) S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.) S3 WmHidLo; C:\WINDOWS\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.) R3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.) R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.) R2 zumbus; C:\WINDOWS\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation) S4 IntelIde; No ImagePath U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) U1 WS2IFSL; ========================== Drivers MD5 ======================= C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17 C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5 C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557 C:\WINDOWS\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9 C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys 548CCBD8B48FDF7E2435AD6017920A7F C:\WINDOWS\System32\DRIVERS\athuw.sys 3BC98A53C0ABE3FEB3B2B9B3BD9E7AA5 C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674 C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159 C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68 C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9 C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9 C:\WINDOWS\System32\DRIVERS\CCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025C C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32 C:\WINDOWS\System32\DRIVERS\cdrom.sys 4B0A100EAF5C49EF3CCA8C641431EACC C:\WINDOWS\system32\Drivers\cercsr6.sys 84853B3FD012251690570E9E7E43343F C:\WINDOWS\System32\DRIVERS\ssudbus.sys B575C523F537F24D66D31F8877E6BCAB C:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25 C:\WINDOWS\System32\DLA\DLABOIOM.SYS D8D58A84F3ECE3359DF95FD2E459B330 C:\WINDOWS\System32\Drivers\DLACDBHM.SYS EC6AE8BC9F773382D2EED49E4DFDAE2A C:\WINDOWS\System32\DLA\DLADResN.SYS 27C78078BD9C4F2DE2AD3EB04BFE101B C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 7F2D93E560B763EF5D11422D78DA8ED0 C:\WINDOWS\System32\DLA\DLAOPIOM.SYS F643637DE6AAC57E38D197AA63D9EA74 C:\WINDOWS\System32\DLA\DLAPoolM.SYS 340705474807F57A46D59D18FC2959F1 C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 0605B66052F82B6F07204DBDB61C13FF C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 6984EA763907C045CE813468882BC587 C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 12B30C449CFD36ADBED53EB6560933C6 C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41 C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45 C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8 C:\WINDOWS\System32\Drivers\DRVMCDB.SYS FD0F95981FEF9073659D8EC58E40AA3C C:\WINDOWS\System32\Drivers\DRVNDDM.SYS B4869D320428CDC5EC4D7F5E808E99B5 C:\WINDOWS\System32\DRIVERS\e1e5132.sys 00192F0C612591D585594E9467E6CA8B C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E C:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81 C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3 C:\WINDOWS\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0 C:\WINDOWS\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0 C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2 C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 573C7D0A32852B48F3058CFD8026F511 C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1 C:\WINDOWS\System32\DRIVERS\HPZid412.sys D03D10F7DED688FECF50F8FBF1EA9B8A C:\WINDOWS\System32\DRIVERS\HPZipr12.sys 89F41658929393487B6B7D13C8528CE3 C:\WINDOWS\System32\DRIVERS\HPZius12.sys ABCB05CCDBF03000354B9553820E39F8 C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys 77E4FF0B73BC0AEAAF39BF0C8104231F C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 60E1604729A15EF4A3B05F298427B3B1 C:\WINDOWS\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38 C:\WINDOWS\system32\Drivers\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30 C:\WINDOWS\System32\DRIVERS\igxpmp32.sys 0674CE8AE167D830B871A99C677C5C59 C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E C:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B C:\WINDOWS\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0 C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182 C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5 C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91 C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89 C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7 C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128 C:\WINDOWS\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99 C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378 C:\WINDOWS\system32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1 C:\WINDOWS\system32\drivers\mbam.sys 8683C1B450F4B3872839308D836E0F92 C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 12E71DA845D76665B56753AD149E32B3 C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys EEAEA6514BA7C9D273B5E87C4E1AAB30 C:\WINDOWS\System32\DRIVERS\mhndrv.sys 7F2F1D2815A6449D346FCCCBC569FBD6 C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6 C:\WINDOWS\System32\DRIVERS\MOBK.sys E896775837A8BCE436348DF460522394 C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1 C:\WINDOWS\System32\drivers\MODEMCSA.sys 1992E0D143B09653AB0F9C5E04B0FD65 C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04 C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685 C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD C:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0 C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027 C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1 C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136 C:\WINDOWS\System32\drivers\MSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1D C:\WINDOWS\system32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5 C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DB C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D C:\WINDOWS\System32\DRIVERS\NdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97 C:\WINDOWS\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22 C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849 C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB C:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0 C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0 C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A C:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 5950E6CC9FB3FABB61604D395DBC8550 C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57 C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9 C:\WINDOWS\System32\DRIVERS\papycpu2.sys F5CF06754AE54D9D3353FC9C59BC4E04 C:\WINDOWS\System32\DRIVERS\papyjoy.sys B09A71E8E1E127455F3A2FE83D38851F C:\WINDOWS\system32\Drivers\Parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6 C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1 C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1 C:\WINDOWS\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0 C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1 C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99 C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424 C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD C:\WINDOWS\System32\Drivers\PxHelp20.sys 7C81AE3C9B82BA2DA437ED4D31BC56CF C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6 C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242 C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332 C:\WINDOWS\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1 C:\WINDOWS\system32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7 C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5 C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys 93F66FAEA8BF047D4242AC85AADA403D C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit C:\WINDOWS\system32\Drivers\Serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7 C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562 C:\WINDOWS\System32\DRIVERS\SLIP.sys 866D538EBE33709A5C9F5C62B73B7D14 C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F C:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D C:\WINDOWS\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7 C:\WINDOWS\System32\DRIVERS\ssadbus.sys 64E44ACD8C238FCBBB78F0BA4BDC4B05 C:\WINDOWS\System32\DRIVERS\ssadmdfl.sys BB2C84A15C765DA89FD832B0E73F26CE C:\WINDOWS\System32\DRIVERS\ssadmdm.sys 6D0D132DDC6F43EDA00DCED6D8B1CA31 C:\WINDOWS\System32\drivers\sthda.sys 797FCC1D859B203958E915BB82528DA9 C:\WINDOWS\System32\DRIVERS\StreamIP.sys 77813007BA6265C4B6098187E6ED79D2 C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01 C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290 C:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397 C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61 C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9 C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31 C:\WINDOWS\System32\drivers\usbaudio.sys 65898A183FBF1D1F7759D5CCB364DCD4 C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FC C:\WINDOWS\System32\DRIVERS\usbehci.sys 4BAC8DF07F1D8434FC640E677A62204E C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C C:\WINDOWS\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00 C:\WINDOWS\System32\DRIVERS\usbscan.sys F8EDE2B6928970DCE3D5614C27D9E7F6 C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9 C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6 C:\WINDOWS\System32\Drivers\usbvideo.sys 813236B1183CFCF289E367BD5DE6E29E C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1 C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025 C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6 C:\WINDOWS\System32\Drivers\wdf01000.sys D918617B46457B9AC28027722E30F647 C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys F59ED5A43B988A18EF582BB07B2327A7 C:\WINDOWS\System32\DRIVERS\WinUSB.sys 30FC6E5448D0CBAAA95280EEEF7FEDAE C:\WINDOWS\System32\drivers\WmBEnum.sys 5D410936831F7FB58EFF941EAC3F6D3D C:\WINDOWS\System32\drivers\WmFilter.sys 7A13CFDE92956CA61A0927D766C5AD4F C:\WINDOWS\System32\drivers\WmHidLo.sys 1F596392149CAC51F7C095AF7D533934 C:\WINDOWS\System32\drivers\WmVirHid.sys 6F04646BC690F8BBFC344BE32A60796D C:\WINDOWS\System32\drivers\WmXlCore.sys 1D6CA43D562333F4DFB40BCEF2453F3A C:\WINDOWS\System32\DRIVERS\wpdusb.sys CF4DEF1BF66F06964DC0D91844239104 C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS C98B39829C2BBD34E454150633C62C78 C:\WINDOWS\System32\DRIVERS\WudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311 C:\WINDOWS\System32\DRIVERS\wudfrd.sys 28B524262BCE6DE1F7EF9F510BA3985B C:\WINDOWS\System32\DRIVERS\zumbus.sys AE279CD76B38FC079EEC3CA6D65A5926 ==================== NetSvcs (Whitelisted) =================== NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation) ==================== One Month Created Files and Folders ======== 2014-06-06 15:08 - 2014-06-06 15:11 - 00032448 _____ () C:\Documents and Settings\Donny\Desktop\FRST.txt 2014-06-06 15:08 - 2014-06-06 15:08 - 00000000 ____D () C:\Documents and Settings\Donny\Desktop\FRST-OlderVersion 2014-06-06 14:57 - 2014-06-06 14:57 - 00001068 _____ () C:\Documents and Settings\Donny\Desktop\MBAM Scan 6_6_2014.txt 2014-06-06 10:30 - 2014-06-06 10:31 - 03218352 _____ (McAfee, Inc.) C:\Documents and Settings\Donny\Desktop\MCPR.exe 2014-06-04 14:09 - 2014-06-04 14:09 - 00002233 _____ () C:\Documents and Settings\Donny\Desktop\FSS2.txt 2014-06-04 13:32 - 2008-02-28 11:50 - 00000000 ____D () C:\Documents and Settings\Donny\Desktop\FixPolicies 2014-06-04 13:30 - 2014-06-04 13:30 - 00185065 _____ () C:\Documents and Settings\Donny\Desktop\FixPolicies.exe 2014-06-04 13:06 - 2014-06-04 13:07 - 00000000 ____D () C:\Documents and Settings\All Users\Desktop\CC Support 2014-06-04 12:19 - 2014-06-04 12:19 - 04009167 _____ () C:\Documents and Settings\Donny\Desktop\ServicesRepair.exe 2014-06-04 12:18 - 2014-06-04 12:18 - 00004576 _____ () C:\Documents and Settings\Donny\Desktop\winmgmt.reg 2014-06-04 12:17 - 2014-06-04 12:17 - 00003658 _____ () C:\Documents and Settings\Donny\Desktop\wscsvc.reg 2014-06-04 12:17 - 2014-06-04 12:17 - 00003274 _____ () C:\Documents and Settings\Donny\Desktop\Wmi.reg 2014-06-04 12:16 - 2014-06-04 12:16 - 00003774 _____ () C:\Documents and Settings\Donny\Desktop\srservice.reg 2014-06-04 12:16 - 2014-06-04 12:16 - 00002824 _____ () C:\Documents and Settings\Donny\Desktop\sr.reg 2014-06-04 12:14 - 2014-06-04 12:15 - 00005848 _____ () C:\Documents and Settings\Donny\Desktop\SharedAccess.reg 2014-06-04 12:10 - 2014-06-04 12:10 - 00000000 ____D () C:\RegBackup 2014-06-04 12:08 - 2014-06-04 12:08 - 00001876 _____ () C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk 2014-06-04 12:08 - 2014-06-04 12:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com 2014-06-04 12:03 - 2014-06-04 12:03 - 00000000 ____D () C:\Program Files\Tweaking.com 2014-06-04 12:01 - 2014-06-04 12:01 - 04057608 _____ () C:\Documents and Settings\Donny\Desktop\tweaking.com_registry_backup_setup.exe 2014-06-04 01:54 - 2014-06-04 01:54 - 00001672 _____ () C:\Documents and Settings\Donny\Desktop\RKreport_SCN_06042014_015038.log 2014-06-02 15:50 - 2014-06-02 15:50 - 00000000 ____D () C:\WINDOWS\system32\cos 2014-06-01 19:14 - 2014-06-01 19:14 - 00001451 _____ () C:\Documents and Settings\Donny\Desktop\RKreport_SCN_06012014_182921.log 2014-06-01 18:19 - 2014-06-04 01:41 - 00026624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys 2014-06-01 18:19 - 2014-06-01 18:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller 2014-05-31 19:19 - 2014-06-04 14:06 - 00002233 _____ () C:\Documents and Settings\Donny\Desktop\FSS.txt 2014-05-29 14:25 - 2014-06-04 14:04 - 00410112 _____ (Farbar) C:\Documents and Settings\Donny\Desktop\FSS.exe 2014-05-28 18:20 - 2014-05-28 18:20 - 00000000 ____D () C:\Documents and Settings\Donny\Start Menu\Programs\Dell 2014-05-28 17:59 - 2014-05-28 17:59 - 00000000 ____D () C:\temp 2014-05-28 17:59 - 2014-05-28 17:59 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\PCDr 2014-05-28 15:07 - 2014-05-28 15:07 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE 2014-05-25 01:19 - 2014-05-25 03:32 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-05-25 01:00 - 2014-05-25 01:00 - 04165472 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Donny\Desktop\tdsskiller.exe 2014-05-24 11:00 - 2014-06-04 01:40 - 04673536 _____ () C:\Documents and Settings\Donny\Desktop\RogueKiller.exe 2014-05-23 10:37 - 2014-06-06 15:11 - 00000000 ____D () C:\Documents and Settings\Donny\Local Settings\Temp 2014-05-22 17:39 - 2014-05-22 17:39 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-22 17:39 - 2014-05-22 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-05-22 17:39 - 2014-05-22 17:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-22 17:39 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-05-22 17:39 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-05-22 17:33 - 2014-05-22 17:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Donny\Desktop\mbam-setup-2.0.2.1012.exe 2014-05-22 17:30 - 2014-06-06 15:08 - 01063424 _____ (Farbar) C:\Documents and Settings\Donny\Desktop\FRST.exe 2014-05-21 12:16 - 2014-05-21 12:16 - 00016419 _____ () C:\Documents and Settings\Donny\Desktop\MVTHealthCheck_Deviation.html 2014-05-21 11:56 - 2014-05-21 11:56 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\McAfee 2014-05-20 14:40 - 2014-05-20 16:47 - 00000000 ____D () C:\AdwCleaner 2014-05-17 03:52 - 2014-05-17 03:52 - 00000000 ____D () C:\Program Files\ESET 2014-05-16 14:04 - 2014-05-23 00:37 - 00000000 _____ () C:\prefs.js 2014-05-16 13:28 - 2014-06-06 15:08 - 00000000 ____D () C:\FRST 2014-05-16 13:24 - 2014-06-06 14:37 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-05-16 12:14 - 2014-05-16 12:14 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\4D27306B.sys 2014-05-15 01:06 - 2014-05-15 12:13 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\09EB3FCF.sys 2014-05-15 00:34 - 2014-05-16 12:13 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys 2014-05-12 14:12 - 2014-05-12 14:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Sun 2014-05-12 14:12 - 2014-05-12 14:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe 2014-05-12 14:08 - 2014-05-12 14:08 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache 2014-05-10 14:56 - 2014-05-10 14:56 - 00000000 ___HD () C:\WINDOWS\PIF 2014-05-08 12:36 - 2014-05-08 12:36 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Apple Computer 2014-05-07 16:05 - 2014-05-08 18:29 - 00000664 _____ () C:\Documents and Settings\Donny\Local Settings\Application Data\d3d9caps.dat ==================== One Month Modified Files and Folders ======= 2014-06-06 15:11 - 2014-06-06 15:08 - 00032448 _____ () C:\Documents and Settings\Donny\Desktop\FRST.txt 2014-06-06 15:11 - 2014-05-23 10:37 - 00000000 ____D () C:\Documents and Settings\Donny\Local Settings\Temp 2014-06-06 15:08 - 2014-06-06 15:08 - 00000000 ____D () C:\Documents and Settings\Donny\Desktop\FRST-OlderVersion 2014-06-06 15:08 - 2014-05-22 17:30 - 01063424 _____ (Farbar) C:\Documents and Settings\Donny\Desktop\FRST.exe 2014-06-06 15:08 - 2014-05-16 13:28 - 00000000 ____D () C:\FRST 2014-06-06 14:57 - 2014-06-06 14:57 - 00001068 _____ () C:\Documents and Settings\Donny\Desktop\MBAM Scan 6_6_2014.txt 2014-06-06 14:40 - 2011-12-17 16:10 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-06-06 14:40 - 2011-12-17 16:10 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-06-06 14:37 - 2014-05-16 13:24 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-06-06 14:32 - 2011-12-12 01:56 - 00000000 ____D () C:\WINDOWS\Registration 2014-06-06 14:31 - 2011-12-12 01:58 - 01772707 _____ () C:\WINDOWS\WindowsUpdate.log 2014-06-06 14:30 - 2011-12-11 20:47 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-06-06 14:30 - 2011-12-11 20:47 - 00000048 _____ () C:\WINDOWS\wiaservc.log 2014-06-06 14:29 - 2014-03-21 22:50 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job 2014-06-06 14:29 - 2011-12-12 02:02 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-06-06 10:51 - 2011-12-12 02:02 - 00032656 _____ () C:\WINDOWS\SchedLgU.Txt 2014-06-06 10:31 - 2014-06-06 10:30 - 03218352 _____ (McAfee, Inc.) C:\Documents and Settings\Donny\Desktop\MCPR.exe 2014-06-06 09:55 - 2004-08-10 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-06-04 14:09 - 2014-06-04 14:09 - 00002233 _____ () C:\Documents and Settings\Donny\Desktop\FSS2.txt 2014-06-04 14:06 - 2014-05-31 19:19 - 00002233 _____ () C:\Documents and Settings\Donny\Desktop\FSS.txt 2014-06-04 14:04 - 2014-05-29 14:25 - 00410112 _____ (Farbar) C:\Documents and Settings\Donny\Desktop\FSS.exe 2014-06-04 13:30 - 2014-06-04 13:30 - 00185065 _____ () C:\Documents and Settings\Donny\Desktop\FixPolicies.exe 2014-06-04 13:07 - 2014-06-04 13:06 - 00000000 ____D () C:\Documents and Settings\All Users\Desktop\CC Support 2014-06-04 12:19 - 2014-06-04 12:19 - 04009167 _____ () C:\Documents and Settings\Donny\Desktop\ServicesRepair.exe 2014-06-04 12:18 - 2014-06-04 12:18 - 00004576 _____ () C:\Documents and Settings\Donny\Desktop\winmgmt.reg 2014-06-04 12:17 - 2014-06-04 12:17 - 00003658 _____ () C:\Documents and Settings\Donny\Desktop\wscsvc.reg 2014-06-04 12:17 - 2014-06-04 12:17 - 00003274 _____ () C:\Documents and Settings\Donny\Desktop\Wmi.reg 2014-06-04 12:16 - 2014-06-04 12:16 - 00003774 _____ () C:\Documents and Settings\Donny\Desktop\srservice.reg 2014-06-04 12:16 - 2014-06-04 12:16 - 00002824 _____ () C:\Documents and Settings\Donny\Desktop\sr.reg 2014-06-04 12:15 - 2014-06-04 12:14 - 00005848 _____ () C:\Documents and Settings\Donny\Desktop\SharedAccess.reg 2014-06-04 12:11 - 2013-09-19 23:09 - 00496222 _____ () C:\WINDOWS\setupapi.log 2014-06-04 12:11 - 2011-12-11 20:39 - 00000000 ____D () C:\WINDOWS\repair 2014-06-04 12:10 - 2014-06-04 12:10 - 00000000 ____D () C:\RegBackup 2014-06-04 12:08 - 2014-06-04 12:08 - 00001876 _____ () C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk 2014-06-04 12:08 - 2014-06-04 12:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com 2014-06-04 12:03 - 2014-06-04 12:03 - 00000000 ____D () C:\Program Files\Tweaking.com 2014-06-04 12:01 - 2014-06-04 12:01 - 04057608 _____ () C:\Documents and Settings\Donny\Desktop\tweaking.com_registry_backup_setup.exe 2014-06-04 02:00 - 2011-12-24 03:45 - 00000342 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-DONNY-8E17D58B6-Donny.job 2014-06-04 01:54 - 2014-06-04 01:54 - 00001672 _____ () C:\Documents and Settings\Donny\Desktop\RKreport_SCN_06042014_015038.log 2014-06-04 01:41 - 2014-06-01 18:19 - 00026624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys 2014-06-04 01:40 - 2014-05-24 11:00 - 04673536 _____ () C:\Documents and Settings\Donny\Desktop\RogueKiller.exe 2014-06-03 05:50 - 2012-12-02 18:30 - 01703936 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt 2014-06-03 03:45 - 2011-12-12 02:02 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp 2014-06-02 18:54 - 2011-12-28 19:15 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job 2014-06-02 16:24 - 2014-05-06 20:12 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat 2014-06-02 15:50 - 2014-06-02 15:50 - 00000000 ____D () C:\WINDOWS\system32\cos 2014-06-01 19:14 - 2014-06-01 19:14 - 00001451 _____ () C:\Documents and Settings\Donny\Desktop\RKreport_SCN_06012014_182921.log 2014-06-01 18:19 - 2014-06-01 18:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller 2014-05-31 19:23 - 2011-12-11 20:44 - 00313446 _____ () C:\WINDOWS\setupact.log 2014-05-30 09:48 - 2011-12-12 02:02 - 00000000 __SHD () C:\Documents and Settings\LocalService 2014-05-30 00:03 - 2011-12-12 01:57 - 00000000 ____D () C:\WINDOWS\system32\Restore 2014-05-28 19:19 - 2013-12-06 13:00 - 00000000 ____D () C:\Documents and Settings\Donny\My Documents\888PokerNJ 2014-05-28 18:20 - 2014-05-28 18:20 - 00000000 ____D () C:\Documents and Settings\Donny\Start Menu\Programs\Dell 2014-05-28 18:20 - 2012-06-25 13:49 - 00000000 ____D () C:\Documents and Settings\Donny\Local Settings\Application Data\Deployment 2014-05-28 17:59 - 2014-05-28 17:59 - 00000000 ____D () C:\temp 2014-05-28 17:59 - 2014-05-28 17:59 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\PCDr 2014-05-28 16:21 - 2011-12-12 16:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories 2014-05-28 15:30 - 2011-12-12 02:05 - 00000178 ___SH () C:\Documents and Settings\Donny\ntuser.ini 2014-05-28 15:22 - 2014-05-06 15:01 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini 2014-05-28 15:19 - 2014-05-06 19:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp 2014-05-28 15:07 - 2014-05-28 15:07 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE 2014-05-28 15:07 - 2014-05-06 15:01 - 00000000 ____D () C:\Documents and Settings\Administrator 2014-05-26 11:07 - 2011-12-15 02:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960859_0$ 2014-05-25 03:32 - 2014-05-25 01:19 - 00000000 ____D () C:\TDSSKiller_Quarantine 2014-05-25 01:00 - 2014-05-25 01:00 - 04165472 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Donny\Desktop\tdsskiller.exe 2014-05-24 15:02 - 2011-12-12 02:02 - 00000178 ___SH () C:\Documents and Settings\NetworkService\ntuser.ini 2014-05-24 15:01 - 2011-12-12 02:02 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini 2014-05-24 10:57 - 2013-11-23 13:43 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk 2014-05-23 00:37 - 2014-05-16 14:04 - 00000000 _____ () C:\prefs.js 2014-05-22 17:39 - 2014-05-22 17:39 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk 2014-05-22 17:39 - 2014-05-22 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-05-22 17:39 - 2014-05-22 17:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware 2014-05-22 17:33 - 2014-05-22 17:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Donny\Desktop\mbam-setup-2.0.2.1012.exe 2014-05-21 12:16 - 2014-05-21 12:16 - 00016419 _____ () C:\Documents and Settings\Donny\Desktop\MVTHealthCheck_Deviation.html 2014-05-21 11:56 - 2014-05-21 11:56 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\McAfee 2014-05-20 16:47 - 2014-05-20 14:40 - 00000000 ____D () C:\AdwCleaner 2014-05-17 03:52 - 2014-05-17 03:52 - 00000000 ____D () C:\Program Files\ESET 2014-05-16 12:14 - 2014-05-16 12:14 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\4D27306B.sys 2014-05-16 12:13 - 2014-05-15 00:34 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys 2014-05-16 12:10 - 2014-03-20 21:16 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\Malwarebytes 2014-05-15 19:55 - 2013-07-14 11:33 - 00000144 ___RH () C:\Documents and Settings\Donny\Desktop\Stinger.opt 2014-05-15 19:55 - 2013-07-14 09:00 - 00000000 ____D () C:\Program Files\stinger 2014-05-15 19:51 - 2013-07-14 09:03 - 00000000 ____D () C:\Stinger_Quarantine 2014-05-15 19:31 - 2011-12-15 12:17 - 00000000 ____D () C:\Program Files\Microsoft Works 2014-05-15 12:50 - 2011-12-15 13:08 - 00000000 ____D () C:\Program Files\Java 2014-05-15 12:13 - 2014-05-15 01:06 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\09EB3FCF.sys 2014-05-15 01:14 - 2012-12-25 13:13 - 00000000 ____D () C:\WINDOWS\pss 2014-05-15 01:14 - 2011-12-11 20:43 - 00000209 ___SH () C:\boot.ini 2014-05-15 01:14 - 2004-08-10 07:00 - 00000542 _____ () C:\WINDOWS\win.ini 2014-05-15 01:14 - 2004-08-10 07:00 - 00000227 _____ () C:\WINDOWS\system.ini 2014-05-15 00:30 - 2014-03-20 21:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes 2014-05-12 14:12 - 2014-05-12 14:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Sun 2014-05-12 14:12 - 2014-05-12 14:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe 2014-05-12 14:08 - 2014-05-12 14:08 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache 2014-05-12 07:26 - 2014-05-22 17:39 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-05-12 07:25 - 2014-05-22 17:39 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-05-10 14:56 - 2014-05-10 14:56 - 00000000 ___HD () C:\WINDOWS\PIF 2014-05-09 22:39 - 2011-12-11 20:39 - 00000000 ____D () C:\WINDOWS\Help 2014-05-08 18:29 - 2014-05-07 16:05 - 00000664 _____ () C:\Documents and Settings\Donny\Local Settings\Application Data\d3d9caps.dat 2014-05-08 17:18 - 2011-12-12 02:02 - 00000000 __SHD () C:\Documents and Settings\NetworkService 2014-05-08 17:05 - 2014-03-21 22:50 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job 2014-05-08 12:36 - 2014-05-08 12:36 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Apple Computer 2014-05-07 17:44 - 2011-12-15 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980232$ 2014-05-07 04:21 - 2011-12-15 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978601$ Some content of TEMP: ==================== C:\Documents and Settings\Donny\Local Settings\Temp\0150511402065688mcinst.exe C:\Documents and Settings\Donny\Local Settings\Temp\ntdll_dump.dll C:\Documents and Settings\Donny\Local Settings\Temp\{E878B0AB-1064-44D0-95DB-53EC005C2346}.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================

Hi Georgi, The FRST Scan Log will be following this message: PS: I first Uninstalled McAfee, Next, I Scanned it with "MBAM" and wow! The total time for that scan with everything checked, was down to being only about 9 minutes, as compared to many hours previous to removing McAfee. I then performed the FRST Scan. Things are looking pretty good now, and yes! We now have "Device Manager" back as well as everything else now working. My son's name is now back in "Task Manager" too. That Blank Window still comes up on "Boot or Reboot" C:\Documents, and there are a couple of items running in Task Manager, that are really eating up some resources. One of the names is: "cidaemon.exe" the 2nd is: "cisvc.exe" and the 3rd is: "csrss.exe" And when one of them is running it really eats up the resources. They'll each take turns running in succession with one another, bringing the computer to a halt, while you wait for it to get done. "Whatever they're doing". There, you now have anything and everything that I felt you might want to know. Hope that helps. PS: I'll have to post these logs one at a time, due to their sizes. Next I'll wait for you to get back to me. FRST Scan on it's way Thanks again Your friend Brownie

Hi Georgi, I meticulasly followed each of your steps right to the very letter. lol Here is the last step (as in) a fresh log from: "Farbar Service Scanner" I made sure I checked each of the boxes Farbar Service Scanner Version: 21-05-2014 Ran by Donny (administrator) on 04-06-2014 at 14:06:34 Running from "C:\Documents and Settings\Donny\Desktop" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall"=DWORD:0 System Restore: ============ System Restore Disabled Policy: ======================== Security Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Other Services: ============== File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(3) IPSec(5) mfetdi2k(8) NetBT(6) PSched(7) Tcpip(4) 0x080000000500000001000000020000000300000004000000080000000600000007000000 IpSec Tag value is correct. **** End of log **** PS: That was a whole lot easier and faster than it appeared to be when reading down the many steps.. A piece of cake actually.. Now that being done, with your permission, I'd like to "Uninstall McAfee" since it really isn't working as it should. Then after we get this done, I'll do a complete Reinstall of "McAfee" I already learned from experience that you just can't uninstall it and then reinstall it, without going through a complete hassle over the user acct. license. So you first have to use a TOOL from McAfee to totally rid your system of any signs of ever having had it installed. That tool then gives them what they need to know it's a legit acct., and all I have to do is download it from my acct with them, which is licensed for (5) computers under a yearly discounted fee. lol Let me know if you feel that would be ok for me to do now. I'll await your reply back before uninstalling it. But why I'm saying that is, I believe there is a bad file (and I know it's missing an important file that was quarantined). So a clean install of that program is the only way to go. In the meantime, MBAM is doing a real fine job. Of interest: There is a "Blank Document folder" that comes up on start up. C:\Documents It goes right off after clicking on the X, and doesn't come back up, unless I restart the machine or, boot up. Thanks Brownie Thanks,

Hi Georgi, Here is the "Roguekiller" Report Log from the scan I just ran: RogueKiller V9.0.1.0 [Jun 2 2014] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : Donny [Admin rights] Mode : Scan -- Date : 06/04/2014 01:50:38 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 4 ¤¤¤ [suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0182971401845926mcinstcleanup -> FOUND [PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND [PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND [PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND ¤¤¤ Scheduled tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ HOSTS File : 1 ¤¤¤ [C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: ST500DM002-1BC142 +++++ --- User --- [MBR] a0165e2b47813a277956167ec94cd9ca [bSP] a30a925bddbc7bf98c8a3183c2f5b5a2 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB User = LL1 ... OK User = LL2 ... OK ============================================ RKreport_SCN_06012014_182921.log - RKreport_SCN_06042014_014305.log Thanks again, Georgi Brownie

Hey Georgi, welcome back too. lol OK, I'll run Roguekiller and post the results. I'll then get to those steps (in the order) you have written out. Thanks again and welcome back. It appears that we both had a couple busy days at the office... lol Brownie

Hi Georgi, Here is the link to the "Roguekiller report" on pastebin: http://pastebin.com/JHbw7DD4 Let me know if you get it ok. Thanks again, Brownie

Hi Georgi, I'm sorry, I've been away for a couple of days, so I didn't get around to doing those last steps you posted yet. I wanted to let you know I'm back. In answer to your question, yes I still need your help. Of particular interest. Before I left, I figured I'd give Rougekiller another try. As soon as I clicked on run, it brought up IE which took me to their site and automatically downloaded their Latest version of Rougekiller. I ran it to see if it would hang up. It didn't. It ran to the end. I didn't tell it to do anything other than to "Report" and I have that report. It's a small report of it's findings. Anyway, I'm asking if you'd like me to post those findings for you before we go into your last procedures you posted? And the reason for that is: It sounded to me as if getting that full scan using "Rougekiller" was indeed something you wanted to look at before going with anything else. Let me know and I'll post those results, either on Pastebin or here, whichever you prefer. It's a small file. Thanks again, and sorry for being away. Brownie

Hi Georgi, Darn, that went so quick I didn't think it had time to get any information, but it did. Here are the results: Farbar Service Scanner Version: 21-05-2014 Ran by Donny (administrator) on 29-05-2014 at 14:35:36 Running from "C:\Documents and Settings\Donny\Desktop" Microsoft Windows XP Professional Service Pack 3 (X86) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= sharedaccess Service is not running. Checking service configuration: The start type of sharedaccess service is OK. The ImagePath of sharedaccess service is OK. The ServiceDll of sharedaccess service is OK. Firewall Disabled Policy: ================== "HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist. System Restore: ============ Srservice Service is not running. Checking service configuration: The start type of Srservice service is OK. The ImagePath of Srservice service is OK. The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll". sr Service is not running. Checking service configuration: The start type of sr service is set to Disabled. The default start type is Boot. The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys". System Restore Disabled Policy: ======================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR"=DWORD:1 Security Center: ============ wscsvc Service is not running. Checking service configuration: The start type of wscsvc service is OK. The ImagePath of wscsvc service is OK. The ServiceDll of wscsvc service is OK. Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Other Services: ============== File Check: ======== C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit C:\WINDOWS\system32\netman.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\srsvc.dll => MD5 is legit C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit C:\WINDOWS\system32\wscsvc.dll => MD5 is legit C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit C:\WINDOWS\system32\wuauserv.dll => MD5 is legit C:\WINDOWS\system32\qmgr.dll => MD5 is legit C:\WINDOWS\system32\es.dll => MD5 is legit C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit Extra List: ======= Gpc(3) IPSec(5) mfetdi2k(8) NetBT(6) PSched(7) Tcpip(4) 0x080000000500000001000000020000000300000004000000080000000600000007000000 IpSec Tag value is correct. **** End of log **** PS: I made sure I put a check in each of the boxes. Thanks, Brownie