Jump to content

Recommended Posts

My anitvirus which is a McAfee bundle from ATT, shuts down. Says Real time scanning is off. I click on it to turn it back on, then i try to do a system scan. I get an error saying there is something wrong, to go back to the home page and try again. This doesnt help. I try to scan again and it gives me the same error. Then a few mins later, i get the warning that my real time scanning is off again.

Link to post
Share on other sites

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

Scan with TDSS-Killer

Please read and follow these instructions carefully. We do not want it to fix anything yet (if found), we need to see a report first.

Download TDSSKiller.zip and extract to your desktop

  • Execute TDSSKiller.exe by doubleclicking on it.
  • Press Start Scan
  • If Malicious objects are found, do NOT select Copy to quarantine. Change the action to Skip, and save the log.
  • Once complete, a log will be produced at the root drive which is typically C:\ ,for example, C:\TDSSKiller.<version_date_time>log.txt



Please post the contents of that log in your next reply.

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Mike (administrator) on TRON33 on 17-03-2014 09:56:37
Running from C:\Documents and Settings\Mike\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files\MR APP\MRAPP.Event.Service.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
(Xfire Inc.) C:\Program Files\Xfire\Xfire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Apache Software Foundation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Apache Software Foundation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files\MR APP\MRAPP.Transfer.Service.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
() C:\WINDOWS\system32\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16005120 2006-02-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-01-28] (McAfee, Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15677728 2013-06-21] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [223008 2013-06-21] (NVIDIA Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-01-28] (McAfee, Inc.)
HKU\S-1-5-21-1960408961-606747145-725345543-1003\...\Run: [Google Update] - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-04-04] (Google Inc.)
Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\Xfire.lnk
ShortcutTarget: Xfire.lnk -> C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {F6DEA26D-6B54-4791-9B02-ACE45D39F09C} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {4EA46B1B-D008-4CB3-8769-40A8C130D9CC} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll (Yahoo! Inc.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {26CF0ECA-50B9-411D-BA37-86BD6AD53382} http://www.starstable.com/plugin/PXStudioRuntimeAX.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\6alscx3p.default-1391569677500
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\Documents and Settings\All Users\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2012-07-03]

Chrome:
=======
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (YouTube) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-04]
CHR Extension: (Google Search) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-04]
CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-04-06]
CHR Extension: (Ads Removal) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-13]
CHR Extension: (Amazing Coupons) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-02-28]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-01-24]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]
CHR Extension: (Gmail) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-04]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2012-07-03]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 EventService; C:\Program Files\MR APP\MRAPP.Event.Service.exe [31744 2013-12-17] (Digital Market Research Apps Pty Ltd)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [143360 2006-03-30] ()
R2 ForcewareWebInterface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [20543 2006-02-07] (Apache Software Foundation)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-01-28] (McAfee, Inc.)
U2 mcbootdelaystartsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [644088 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [175480 2014-01-27] (McAfee, Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [131131 2006-03-30] (NVIDIA Corporation)
R2 nSvcLog; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [65599 2006-03-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76888 2012-05-18] ()
R2 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [281872 2014-03-17] ()
R2 TransferService; C:\Program Files\MR APP\MRAPP.Transfer.Service.exe [31232 2013-12-17] (Digital Market Research Apps Pty Ltd)

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2013-12-24] (Advanced Micro Devices)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [61400 2014-01-27] (McAfee, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R2 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [134568 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [236480 2014-01-27] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [66408 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [366248 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [573840 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [330248 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81264 2014-01-21] (McAfee, Inc.)
S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [85544 2014-01-27] (McAfee, Inc.)
R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [85544 2014-01-27] (McAfee, Inc.)
R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [92216 2014-01-27] (McAfee, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [100736 2006-04-24] (NVIDIA Corporation)
S0 nvatabus; C:\WINDOWS\system32\Drivers\nvatabus.sys [99840 2006-03-16] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2013-10-29] (NVIDIA Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-24] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2013-10-29] (NVIDIA Corporation)
S1 NVTCP; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [109568 2006-03-22] (NVIDIA Corporation)
R3 PnkBstrK; C:\WINDOWS\system32\drivers\PnkBstrK.sys [139280 2014-03-17] ()
S4 IntelIde; No ImagePath
U2 mfewfpk;
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-17 09:31 - 2014-03-17 09:56 - 00017172 _____ () C:\Documents and Settings\Mike\Desktop\FRST.txt
2014-03-17 09:31 - 2014-03-17 09:56 - 00000000 ____D () C:\FRST
2014-03-17 09:31 - 2014-03-17 09:31 - 01145856 _____ (Farbar) C:\Documents and Settings\Mike\Desktop\FRST.exe
2014-03-17 07:59 - 2014-03-17 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-03-14 09:59 - 2014-03-14 09:59 - 00011201 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-14 09:36 - 2014-03-14 09:59 - 00009734 _____ () C:\WINDOWS\KB2930275.log
2014-03-14 09:36 - 2014-03-14 09:59 - 00008512 _____ () C:\WINDOWS\KB2929961.log
2014-03-10 10:27 - 2014-03-10 10:27 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
2014-03-06 08:40 - 2014-03-11 18:29 - 00000806 _____ () C:\WINDOWS\wmsetup.log

==================== One Month Modified Files and Folders =======

2014-03-17 09:56 - 2014-03-17 09:31 - 00017172 _____ () C:\Documents and Settings\Mike\Desktop\FRST.txt
2014-03-17 09:56 - 2014-03-17 09:31 - 00000000 ____D () C:\FRST
2014-03-17 09:56 - 2012-04-04 22:02 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003UA.job
2014-03-17 09:52 - 2012-04-04 21:23 - 01733895 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-17 09:31 - 2014-03-17 09:31 - 01145856 _____ (Farbar) C:\Documents and Settings\Mike\Desktop\FRST.exe
2014-03-17 09:30 - 2013-02-26 08:50 - 00013776 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-03-17 09:29 - 2012-04-09 19:26 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 08:31 - 2012-04-05 09:06 - 00139280 _____ () C:\WINDOWS\system32\Drivers\PnkBstrK.sys
2014-03-17 08:30 - 2012-04-06 10:22 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.xtr
2014-03-17 08:30 - 2012-04-05 09:06 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.exe
2014-03-17 08:03 - 2012-04-05 01:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
2014-03-17 07:59 - 2014-03-17 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-03-17 07:58 - 2012-04-04 22:41 - 00000716 _____ () C:\WINDOWS\system32\nmp.log
2014-03-17 07:58 - 2005-08-31 08:59 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-17 07:56 - 2014-01-22 17:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-17 07:56 - 2014-01-22 17:23 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-17 07:55 - 2012-04-09 19:26 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 07:55 - 2012-04-05 00:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$
2014-03-17 07:55 - 2012-04-04 21:42 - 00000000 ____D () C:\WINDOWS\system32\Lang
2014-03-17 07:55 - 2012-04-04 21:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-17 07:54 - 2014-01-22 17:22 - 00032560 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-17 07:54 - 2012-04-04 21:28 - 00000178 ___SH () C:\Documents and Settings\Mike\ntuser.ini
2014-03-17 07:12 - 2012-07-03 13:28 - 00000000 ____D () C:\Program Files\McAfee
2014-03-17 07:06 - 2012-07-03 13:28 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-03-17 07:05 - 2013-02-28 23:04 - 00507014 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-606747145-725345543-1003-0.dat
2014-03-17 07:05 - 2013-02-28 23:04 - 00160782 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-03-17 07:03 - 2014-02-02 09:09 - 00115756 _____ () C:\WINDOWS\setupapi.log
2014-03-16 09:06 - 2012-04-05 09:06 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.ex0
2014-03-15 15:45 - 2012-08-23 17:42 - 00000000 ____D () C:\Documents and Settings\Mike\Desktop\Wizard101
2014-03-15 11:56 - 2012-04-04 22:02 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003Core.job
2014-03-14 15:28 - 2013-08-20 15:40 - 00000116 _____ () C:\Documents and Settings\Mike\Desktop\Survey passcode.txt
2014-03-14 15:08 - 2012-04-04 14:18 - 00152384 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-14 09:59 - 2014-03-14 09:59 - 00011201 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-14 09:59 - 2014-03-14 09:36 - 00009734 _____ () C:\WINDOWS\KB2930275.log
2014-03-14 09:59 - 2014-03-14 09:36 - 00008512 _____ () C:\WINDOWS\KB2929961.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00040098 _____ () C:\WINDOWS\iis6.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00037100 _____ () C:\WINDOWS\FaxSetup.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00017736 _____ () C:\WINDOWS\ocgen.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00016927 _____ () C:\WINDOWS\tsoc.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00012366 _____ () C:\WINDOWS\comsetup.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00011320 _____ () C:\WINDOWS\msmqinst.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00007488 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00006498 _____ () C:\WINDOWS\netfxocm.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00006354 _____ () C:\WINDOWS\updspapi.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00002550 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00002052 _____ () C:\WINDOWS\ocmsn.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00001866 _____ () C:\WINDOWS\tabletoc.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00001854 _____ () C:\WINDOWS\msgsocm.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-14 09:59 - 2012-04-05 00:34 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-11 18:29 - 2014-03-06 08:40 - 00000806 _____ () C:\WINDOWS\wmsetup.log
2014-03-11 18:07 - 2012-04-12 05:40 - 00000000 ____D () C:\Program Files\Xfire
2014-03-10 10:27 - 2014-03-10 10:27 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
2014-03-10 10:27 - 2013-04-16 19:08 - 00001868 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-03-10 10:27 - 2013-04-16 19:08 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2014-03-09 06:46 - 2012-04-04 14:19 - 00634032 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-08 08:45 - 2012-04-28 06:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2014-03-07 07:29 - 2012-12-17 09:19 - 00001024 ____H () C:\WINDOWS\system32\config\ELAM.LOG
2014-02-24 16:24 - 2005-08-31 08:57 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-24 16:24 - 2005-08-31 08:57 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-24 04:46 - 2012-04-05 00:34 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-24 04:46 - 2012-04-04 21:22 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-24 04:45 - 2012-06-13 07:52 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-24 04:45 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-24 04:45 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-24 04:45 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-24 04:45 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-24 04:45 - 2005-08-31 08:58 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-24 04:45 - 2005-08-31 08:58 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-24 04:45 - 2005-08-31 08:57 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-24 04:45 - 2005-08-31 08:57 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-24 03:54 - 2005-08-31 08:57 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-23 00:45 - 2012-04-26 12:58 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-02-21 18:04 - 2012-04-04 21:28 - 00000000 ____D () C:\Documents and Settings\Mike
2014-02-17 10:52 - 2012-04-14 08:52 - 00000000 ____D () C:\Documents and Settings\Mike\Application Data\Xfire

Some content of TEMP:
====================
C:\Documents and Settings\Mike\Local Settings\temp\hcuninstaller_20140203_072758_1832.exe
C:\Documents and Settings\Mike\Local Settings\temp\ICReinstall_FirefoxSetup[1].exe
C:\Documents and Settings\Mike\Local Settings\temp\promote-upx.exe
C:\Documents and Settings\Mike\Local Settings\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Mike at 2014-03-17 09:56:56
Running from C:\Documents and Settings\Mike\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: ActiveArmor Firewall (Disabled) {EDC10449-64D1-46c7-A59A-EC20D662F26D}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
att.net Internet Mail (HKLM\...\Yahoo! Mail) (Version:  - )
Audio MP3 Editor 5.80 (HKLM\...\Audio MP3 Editor_is1) (Version:  - audio2x.com)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty® - World at War (HKLM\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.7 - Activision)
Call of Duty® - World at War (Version: 1.0 - Activision) Hidden
Call of Duty® - World at War 1.2 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.2 Patch (Version: 1.2 - Activision) Hidden
Call of Duty® - World at War 1.3 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.3 Patch (Version: 1.3 - Activision) Hidden
Call of Duty® - World at War 1.4 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.4 Patch (Version: 1.4 - Activision) Hidden
Call of Duty® - World at War 1.5 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.5 Patch (Version: 1.5 - Activision) Hidden
Call of Duty® - World at War 1.6 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.6 Patch (Version: 1.6 - Activision) Hidden
Call of Duty® - World at War 1.7 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.7 Patch (Version: 1.7 - Activision) Hidden
Canon MP Navigator EX 4.1 (HKLM\...\MP Navigator EX 4.1) (Version:  - )
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Disney's Stanley Tiger Tales (HKLM\...\{75C139EF-A37B-11D5-B232-0050DACD394D}) (Version:  - )
e-Rewards Notify (HKLM\...\{54AA8284-7213-4D3E-9186-9DB50AFF600D}) (Version: 1.1.0.181 - e-Rewards Opinion Panel)
Eye Candy 4000 (HKLM\...\Eye Candy 4000) (Version:  - )
Flvto Youtube Downloader (HKLM\...\Flvto Youtube Downloader) (Version: 0.5.0 - Hotger)
FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM\...\HandBrake) (Version: 0.9.8 - )
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 1.386 - Happy Cloud, Inc.)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
iTunes (HKLM\...\{9B486871-27EB-49A5-8832-77176E63333C}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LightScribe  1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MixPad (HKLM\...\MixPad) (Version:  - NCH Software)
Mozilla Firefox 27.0 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0 (x86 en-US)) (Version: 27.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0 - Mozilla)
Nero 7 Essentials (HKLM\...\{18039280-98B7-4C5E-AAC0-10EBC9731033}) (Version: 7.02.4457 - Nero AG)
NVIDIA Control Panel 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}) (Version: 2.03.5523 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 2.03.5523 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA PhysX (Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
Paint Shop Pro 7 ESD (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
Pirate101 (HKLM\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Pixillion Image Converter (HKLM\...\Pixillion) (Version: 2.72 - NCH Software)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
Prime World version 9.8.6 (HKLM\...\{F6F3C462-2729-4555-8A95-CC317A90F8FF}_is1) (Version: 9.8.6 - Nival)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Pyware iPAS (HKLM\...\Pyware iPAS) (Version: 1.0.0.0 - Pygraphics)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.04 - Realtek Semiconductor Corp.)
Rose Online (HKLM\...\{2C3BC4D9-2CDB-4EFB-8CB9-323D032D5FF5}) (Version: 1.0.483.1 - Gravity Interactive, Inc.)
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Shockwave (HKLM\...\Shockwave) (Version:  - )
SPORE™ (HKLM\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
The Mighty Quest For Epic Loot version 1.219367 (HKLM\...\The Mighty Quest For Epic Loot_is1) (Version: 1.219367 - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VideoPad Video Editor (HKLM\...\VideoPad) (Version:  - NCH Software)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (04/28/2006 1.3.1.0) (HKLM\...\9E140F48C9836B9B78539C08FB2B17146BDB3F65) (Version: 04/28/2006 1.3.1.0 - Advanced Micro Devices)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Xfire (remove only) (HKLM\...\Xfire) (Version:  - )
Yahoo! Login (HKLM\...\Yahoo! Login) (Version:  - )
Yahoo! Messenger Explorer Bar (HKLM\...\Yahoo! Messenger Explorer Bar) (Version:  - )

==================== Restore Points  =========================

04-02-2014 17:54:42 System Checkpoint
04-02-2014 17:54:42 System Checkpoint
04-02-2014 17:54:42 System Checkpoint
04-02-2014 17:54:43 Software Distribution Service 3.0
04-02-2014 17:54:43 System Checkpoint
04-02-2014 17:54:43 System Checkpoint
04-02-2014 17:54:44 Installed Java 7 Update 45
04-02-2014 17:54:45 System Checkpoint
04-02-2014 17:54:46 Installed %1 %2.
04-02-2014 17:54:46 Installed %1 %2.
04-02-2014 17:54:46 Installed Windows XP KB2808679.
04-02-2014 17:54:47 System Checkpoint
04-02-2014 17:54:47 System Checkpoint
04-02-2014 17:54:47 System Checkpoint
04-02-2014 17:54:48 System Checkpoint
04-02-2014 17:54:48 System Checkpoint
04-02-2014 17:54:49 System Checkpoint
04-02-2014 17:54:49 System Checkpoint
04-02-2014 17:54:49 System Checkpoint
04-02-2014 17:54:50 System Checkpoint
04-02-2014 17:54:50 System Checkpoint
04-02-2014 17:54:50 System Checkpoint
04-02-2014 17:54:51 System Checkpoint
04-02-2014 17:54:51 Software Distribution Service 3.0
04-02-2014 17:54:51 Software Distribution Service 3.0
04-02-2014 17:54:51 System Checkpoint
04-02-2014 17:54:52 System Checkpoint
04-02-2014 17:54:52 System Checkpoint
04-02-2014 17:54:53 System Checkpoint
04-02-2014 17:54:53 System Checkpoint
04-02-2014 17:54:54 Driver Booster : NVIDIA GeForce GTX 650
04-02-2014 17:54:54 System Checkpoint
04-02-2014 17:54:54 System Checkpoint
04-02-2014 17:54:55 System Checkpoint
04-02-2014 17:54:55 System Checkpoint
04-02-2014 17:54:55 System Checkpoint
04-02-2014 17:54:56 System Checkpoint
04-02-2014 17:54:56 System Checkpoint
04-02-2014 17:54:57 System Checkpoint
04-02-2014 17:54:57 System Checkpoint
04-02-2014 17:54:58 System Checkpoint
04-02-2014 17:54:58 System Checkpoint
04-02-2014 17:54:58 Software Distribution Service 3.0
04-02-2014 17:54:59 System Checkpoint
04-02-2014 17:55:00 System Checkpoint
04-02-2014 17:55:00 System Checkpoint
04-02-2014 17:55:00 System Checkpoint
04-02-2014 17:55:01 Installed Java 7 Update 51
04-02-2014 17:55:01 System Checkpoint
04-02-2014 17:55:03 System Checkpoint
04-02-2014 17:55:03 System Checkpoint
04-02-2014 17:55:04 System Checkpoint
04-02-2014 17:55:05 System Checkpoint
04-02-2014 17:55:05 System Checkpoint
04-02-2014 17:55:05 System Checkpoint
04-02-2014 17:55:05 System Checkpoint
04-02-2014 17:55:08 End of disinfection
05-02-2014 19:13:08 System Checkpoint
06-02-2014 20:39:34 System Checkpoint
08-02-2014 17:46:33 System Checkpoint
10-02-2014 02:19:46 System Checkpoint
12-02-2014 00:55:01 System Checkpoint
12-02-2014 23:39:39 Software Distribution Service 3.0
14-02-2014 00:36:45 System Checkpoint
15-02-2014 01:19:53 System Checkpoint
16-02-2014 17:03:50 System Checkpoint
18-02-2014 01:16:31 System Checkpoint
19-02-2014 01:25:00 System Checkpoint
20-02-2014 01:40:39 System Checkpoint
21-02-2014 01:53:11 System Checkpoint
24-02-2014 01:17:02 System Checkpoint
25-02-2014 17:25:31 System Checkpoint
26-02-2014 17:26:52 System Checkpoint
27-02-2014 17:45:01 System Checkpoint
28-02-2014 18:07:11 System Checkpoint
01-03-2014 21:29:23 System Checkpoint
02-03-2014 23:32:44 System Checkpoint
04-03-2014 04:45:21 System Checkpoint
05-03-2014 14:50:56 System Checkpoint
06-03-2014 17:49:05 System Checkpoint
08-03-2014 01:38:11 System Checkpoint
09-03-2014 14:11:26 System Checkpoint
10-03-2014 16:17:14 System Checkpoint
12-03-2014 14:26:51 System Checkpoint
13-03-2014 16:31:56 System Checkpoint
14-03-2014 16:59:27 Software Distribution Service 3.0
17-03-2014 13:39:47 System Checkpoint

==================== Hosts content: ==========================

2005-08-31 08:57 - 2013-03-10 07:55 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003Core.job => C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003UA.job => C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MixPadReminder.job => C:\Program Files\NCH Software\MixPad\mixpad.exe
Task: C:\WINDOWS\Tasks\PixillionSevenDays.job => C:\Program Files\NCH Software\Pixillion\pixillion.exe

==================== Loaded Modules (whitelisted) =============

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2005-08-31 08:57 - 2008-04-13 17:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2005-08-31 08:58 - 2008-04-13 17:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2006-02-07 00:13 - 2006-02-07 00:13 - 00024691 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so
2006-02-07 00:13 - 2006-02-07 00:13 - 00159744 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\SSLEAY32.dll
2006-02-07 00:13 - 2006-02-07 00:13 - 00876544 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\LIBEAY32.dll
2012-04-05 09:06 - 2012-05-18 11:04 - 00076888 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2006-03-30 14:58 - 2006-03-30 14:58 - 00143360 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
2012-04-05 09:06 - 2014-03-17 08:30 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.exe

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2014 07:03:21 AM) (Source: Application Error) (User: )
Description: Fault bucket -1068817231.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (03/17/2014 07:03:10 AM) (Source: Application Error) (User: )
Description: Faulting application McSvHost.exe, version 2.6.259.0, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
Processing media-specific event for [McSvHost.exe!ws!]

Error: (03/17/2014 07:02:30 AM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: 1

Error: (03/17/2014 06:12:34 AM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: 1

Error: (03/16/2014 09:40:44 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: 1

Error: (03/16/2014 08:43:15 AM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: 1

Error: (03/13/2014 08:28:54 AM) (Source: Application Hang) (User: )
Description: Hanging application CoDWaWmp.exe, version 1.7.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/11/2014 06:13:25 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/10/2014 10:12:30 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/06/2014 09:41:23 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23562, fault address 0x000ddc85.
Processing media-specific event for [iexplore.exe!ws!]

System errors:
=============
Error: (03/17/2014 09:21:16 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout.

Error: (03/17/2014 09:20:45 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 09:20:15 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:10:46 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:10:15 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:09:45 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:08:32 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:08:01 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:07:31 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:04:04 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 2815.48 MB
Available physical RAM: 1808.96 MB
Total Pagefile: 4702.89 MB
Available Pagefile: 3649.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:366.89 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (CODWAW) (CDROM) (Total:6.95 GB) (Free:0 GB) UDF
Drive e: (Storage) (Fixed) (Total:465.76 GB) (Free:414.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: D4920F58)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: A8EDA8ED)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

 

Having trouble downloading the TDSSKIler. Pop up blocker stops the down load. I click on allow, and a blank page opens.

Link to post
Share on other sites

 

 

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Mike (administrator) on TRON33 on 17-03-2014 09:56:37
Running from C:\Documents and Settings\Mike\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

 

 

 

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

 

==================== Processes (Whitelisted) =================

 

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files\MR APP\MRAPP.Event.Service.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
(Xfire Inc.) C:\Program Files\Xfire\Xfire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Apache Software Foundation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Apache Software Foundation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files\MR APP\MRAPP.Transfer.Service.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
() C:\WINDOWS\system32\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16005120 2006-02-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-01-28] (McAfee, Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15677728 2013-06-21] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [223008 2013-06-21] (NVIDIA Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-01-28] (McAfee, Inc.)
HKU\S-1-5-21-1960408961-606747145-725345543-1003\...\Run: [Google Update] - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-04-04] (Google Inc.)
Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\Xfire.lnk
ShortcutTarget: Xfire.lnk -> C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {F6DEA26D-6B54-4791-9B02-ACE45D39F09C} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {4EA46B1B-D008-4CB3-8769-40A8C130D9CC} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll (Yahoo! Inc.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {26CF0ECA-50B9-411D-BA37-86BD6AD53382} http://www.starstable.com/plugin/PXStudioRuntimeAX.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\6alscx3p.default-1391569677500
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\Documents and Settings\All Users\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2012-07-03]

Chrome:
=======
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (YouTube) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-04]
CHR Extension: (Google Search) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-04]
CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-04-06]
CHR Extension: (Ads Removal) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-13]
CHR Extension: (Amazing Coupons) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-02-28]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-01-24]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]
CHR Extension: (Gmail) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-04]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2012-07-03]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 EventService; C:\Program Files\MR APP\MRAPP.Event.Service.exe [31744 2013-12-17] (Digital Market Research Apps Pty Ltd)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [143360 2006-03-30] ()
R2 ForcewareWebInterface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [20543 2006-02-07] (Apache Software Foundation)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-01-28] (McAfee, Inc.)
U2 mcbootdelaystartsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [644088 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [175480 2014-01-27] (McAfee, Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [131131 2006-03-30] (NVIDIA Corporation)
R2 nSvcLog; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [65599 2006-03-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76888 2012-05-18] ()
R2 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [281872 2014-03-17] ()
R2 TransferService; C:\Program Files\MR APP\MRAPP.Transfer.Service.exe [31232 2013-12-17] (Digital Market Research Apps Pty Ltd)

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2013-12-24] (Advanced Micro Devices)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [61400 2014-01-27] (McAfee, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R2 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [134568 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [236480 2014-01-27] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [66408 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [366248 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [573840 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [330248 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81264 2014-01-21] (McAfee, Inc.)
S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [85544 2014-01-27] (McAfee, Inc.)
R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [85544 2014-01-27] (McAfee, Inc.)
R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [92216 2014-01-27] (McAfee, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [100736 2006-04-24] (NVIDIA Corporation)
S0 nvatabus; C:\WINDOWS\system32\Drivers\nvatabus.sys [99840 2006-03-16] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2013-10-29] (NVIDIA Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-24] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2013-10-29] (NVIDIA Corporation)
S1 NVTCP; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [109568 2006-03-22] (NVIDIA Corporation)
R3 PnkBstrK; C:\WINDOWS\system32\drivers\PnkBstrK.sys [139280 2014-03-17] ()
S4 IntelIde; No ImagePath
U2 mfewfpk;
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-17 09:31 - 2014-03-17 09:56 - 00017172 _____ () C:\Documents and Settings\Mike\Desktop\FRST.txt
2014-03-17 09:31 - 2014-03-17 09:56 - 00000000 ____D () C:\FRST
2014-03-17 09:31 - 2014-03-17 09:31 - 01145856 _____ (Farbar) C:\Documents and Settings\Mike\Desktop\FRST.exe
2014-03-17 07:59 - 2014-03-17 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-03-14 09:59 - 2014-03-14 09:59 - 00011201 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-14 09:36 - 2014-03-14 09:59 - 00009734 _____ () C:\WINDOWS\KB2930275.log
2014-03-14 09:36 - 2014-03-14 09:59 - 00008512 _____ () C:\WINDOWS\KB2929961.log
2014-03-10 10:27 - 2014-03-10 10:27 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
2014-03-06 08:40 - 2014-03-11 18:29 - 00000806 _____ () C:\WINDOWS\wmsetup.log

==================== One Month Modified Files and Folders =======

2014-03-17 09:56 - 2014-03-17 09:31 - 00017172 _____ () C:\Documents and Settings\Mike\Desktop\FRST.txt
2014-03-17 09:56 - 2014-03-17 09:31 - 00000000 ____D () C:\FRST
2014-03-17 09:56 - 2012-04-04 22:02 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003UA.job
2014-03-17 09:52 - 2012-04-04 21:23 - 01733895 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-17 09:31 - 2014-03-17 09:31 - 01145856 _____ (Farbar) C:\Documents and Settings\Mike\Desktop\FRST.exe
2014-03-17 09:30 - 2013-02-26 08:50 - 00013776 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-03-17 09:29 - 2012-04-09 19:26 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 08:31 - 2012-04-05 09:06 - 00139280 _____ () C:\WINDOWS\system32\Drivers\PnkBstrK.sys
2014-03-17 08:30 - 2012-04-06 10:22 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.xtr
2014-03-17 08:30 - 2012-04-05 09:06 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.exe
2014-03-17 08:03 - 2012-04-05 01:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
2014-03-17 07:59 - 2014-03-17 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-03-17 07:58 - 2012-04-04 22:41 - 00000716 _____ () C:\WINDOWS\system32\nmp.log
2014-03-17 07:58 - 2005-08-31 08:59 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-17 07:56 - 2014-01-22 17:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-17 07:56 - 2014-01-22 17:23 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-17 07:55 - 2012-04-09 19:26 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 07:55 - 2012-04-05 00:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$
2014-03-17 07:55 - 2012-04-04 21:42 - 00000000 ____D () C:\WINDOWS\system32\Lang
2014-03-17 07:55 - 2012-04-04 21:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-17 07:54 - 2014-01-22 17:22 - 00032560 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-17 07:54 - 2012-04-04 21:28 - 00000178 ___SH () C:\Documents and Settings\Mike\ntuser.ini
2014-03-17 07:12 - 2012-07-03 13:28 - 00000000 ____D () C:\Program Files\McAfee
2014-03-17 07:06 - 2012-07-03 13:28 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-03-17 07:05 - 2013-02-28 23:04 - 00507014 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-606747145-725345543-1003-0.dat
2014-03-17 07:05 - 2013-02-28 23:04 - 00160782 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-03-17 07:03 - 2014-02-02 09:09 - 00115756 _____ () C:\WINDOWS\setupapi.log
2014-03-16 09:06 - 2012-04-05 09:06 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.ex0
2014-03-15 15:45 - 2012-08-23 17:42 - 00000000 ____D () C:\Documents and Settings\Mike\Desktop\Wizard101
2014-03-15 11:56 - 2012-04-04 22:02 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003Core.job
2014-03-14 15:28 - 2013-08-20 15:40 - 00000116 _____ () C:\Documents and Settings\Mike\Desktop\Survey passcode.txt
2014-03-14 15:08 - 2012-04-04 14:18 - 00152384 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-14 09:59 - 2014-03-14 09:59 - 00011201 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-14 09:59 - 2014-03-14 09:36 - 00009734 _____ () C:\WINDOWS\KB2930275.log
2014-03-14 09:59 - 2014-03-14 09:36 - 00008512 _____ () C:\WINDOWS\KB2929961.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00040098 _____ () C:\WINDOWS\iis6.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00037100 _____ () C:\WINDOWS\FaxSetup.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00017736 _____ () C:\WINDOWS\ocgen.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00016927 _____ () C:\WINDOWS\tsoc.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00012366 _____ () C:\WINDOWS\comsetup.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00011320 _____ () C:\WINDOWS\msmqinst.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00007488 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00006498 _____ () C:\WINDOWS\netfxocm.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00006354 _____ () C:\WINDOWS\updspapi.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00002550 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00002052 _____ () C:\WINDOWS\ocmsn.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00001866 _____ () C:\WINDOWS\tabletoc.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00001854 _____ () C:\WINDOWS\msgsocm.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-14 09:59 - 2012-04-05 00:34 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-11 18:29 - 2014-03-06 08:40 - 00000806 _____ () C:\WINDOWS\wmsetup.log
2014-03-11 18:07 - 2012-04-12 05:40 - 00000000 ____D () C:\Program Files\Xfire
2014-03-10 10:27 - 2014-03-10 10:27 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
2014-03-10 10:27 - 2013-04-16 19:08 - 00001868 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-03-10 10:27 - 2013-04-16 19:08 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2014-03-09 06:46 - 2012-04-04 14:19 - 00634032 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-08 08:45 - 2012-04-28 06:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2014-03-07 07:29 - 2012-12-17 09:19 - 00001024 ____H () C:\WINDOWS\system32\config\ELAM.LOG
2014-02-24 16:24 - 2005-08-31 08:57 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-24 16:24 - 2005-08-31 08:57 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-24 04:46 - 2012-04-05 00:34 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-24 04:46 - 2012-04-04 21:22 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-24 04:45 - 2012-06-13 07:52 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-24 04:45 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-24 04:45 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-24 04:45 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-24 04:45 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-24 04:45 - 2005-08-31 08:58 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-24 04:45 - 2005-08-31 08:58 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-24 04:45 - 2005-08-31 08:57 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-24 04:45 - 2005-08-31 08:57 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-24 03:54 - 2005-08-31 08:57 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-23 00:45 - 2012-04-26 12:58 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-02-21 18:04 - 2012-04-04 21:28 - 00000000 ____D () C:\Documents and Settings\Mike
2014-02-17 10:52 - 2012-04-14 08:52 - 00000000 ____D () C:\Documents and Settings\Mike\Application Data\Xfire

Some content of TEMP:
====================
C:\Documents and Settings\Mike\Local Settings\temp\hcuninstaller_20140203_072758_1832.exe
C:\Documents and Settings\Mike\Local Settings\temp\ICReinstall_FirefoxSetup[1].exe
C:\Documents and Settings\Mike\Local Settings\temp\promote-upx.exe
C:\Documents and Settings\Mike\Local Settings\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Mike at 2014-03-17 09:56:56
Running from C:\Documents and Settings\Mike\Desktop
Boot Mode: Normal
==========================================================

 

==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: ActiveArmor Firewall (Disabled) {EDC10449-64D1-46c7-A59A-EC20D662F26D}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
att.net Internet Mail (HKLM\...\Yahoo! Mail) (Version:  - )
Audio MP3 Editor 5.80 (HKLM\...\Audio MP3 Editor_is1) (Version:  - audio2x.com)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty® - World at War (HKLM\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.7 - Activision)
Call of Duty® - World at War (Version: 1.0 - Activision) Hidden
Call of Duty® - World at War 1.2 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.2 Patch (Version: 1.2 - Activision) Hidden
Call of Duty® - World at War 1.3 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.3 Patch (Version: 1.3 - Activision) Hidden
Call of Duty® - World at War 1.4 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.4 Patch (Version: 1.4 - Activision) Hidden
Call of Duty® - World at War 1.5 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.5 Patch (Version: 1.5 - Activision) Hidden
Call of Duty® - World at War 1.6 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.6 Patch (Version: 1.6 - Activision) Hidden
Call of Duty® - World at War 1.7 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.7 Patch (Version: 1.7 - Activision) Hidden
Canon MP Navigator EX 4.1 (HKLM\...\MP Navigator EX 4.1) (Version:  - )
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Disney's Stanley Tiger Tales (HKLM\...\{75C139EF-A37B-11D5-B232-0050DACD394D}) (Version:  - )
e-Rewards Notify (HKLM\...\{54AA8284-7213-4D3E-9186-9DB50AFF600D}) (Version: 1.1.0.181 - e-Rewards Opinion Panel)
Eye Candy 4000 (HKLM\...\Eye Candy 4000) (Version:  - )
Flvto Youtube Downloader (HKLM\...\Flvto Youtube Downloader) (Version: 0.5.0 - Hotger)
FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM\...\HandBrake) (Version: 0.9.8 - )
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 1.386 - Happy Cloud, Inc.)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
iTunes (HKLM\...\{9B486871-27EB-49A5-8832-77176E63333C}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LightScribe  1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MixPad (HKLM\...\MixPad) (Version:  - NCH Software)
Mozilla Firefox 27.0 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0 (x86 en-US)) (Version: 27.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0 - Mozilla)
Nero 7 Essentials (HKLM\...\{18039280-98B7-4C5E-AAC0-10EBC9731033}) (Version: 7.02.4457 - Nero AG)
NVIDIA Control Panel 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}) (Version: 2.03.5523 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 2.03.5523 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA PhysX (Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
Paint Shop Pro 7 ESD (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
Pirate101 (HKLM\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Pixillion Image Converter (HKLM\...\Pixillion) (Version: 2.72 - NCH Software)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
Prime World version 9.8.6 (HKLM\...\{F6F3C462-2729-4555-8A95-CC317A90F8FF}_is1) (Version: 9.8.6 - Nival)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Pyware iPAS (HKLM\...\Pyware iPAS) (Version: 1.0.0.0 - Pygraphics)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.04 - Realtek Semiconductor Corp.)
Rose Online (HKLM\...\{2C3BC4D9-2CDB-4EFB-8CB9-323D032D5FF5}) (Version: 1.0.483.1 - Gravity Interactive, Inc.)
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Shockwave (HKLM\...\Shockwave) (Version:  - )
SPORE™ (HKLM\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
The Mighty Quest For Epic Loot version 1.219367 (HKLM\...\The Mighty Quest For Epic Loot_is1) (Version: 1.219367 - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VideoPad Video Editor (HKLM\...\VideoPad) (Version:  - NCH Software)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (04/28/2006 1.3.1.0) (HKLM\...\9E140F48C9836B9B78539C08FB2B17146BDB3F65) (Version: 04/28/2006 1.3.1.0 - Advanced Micro Devices)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Xfire (remove only) (HKLM\...\Xfire) (Version:  - )
Yahoo! Login (HKLM\...\Yahoo! Login) (Version:  - )
Yahoo! Messenger Explorer Bar (HKLM\...\Yahoo! Messenger Explorer Bar) (Version:  - )

==================== Restore Points  =========================

04-02-2014 17:54:42 System Checkpoint
04-02-2014 17:54:42 System Checkpoint
04-02-2014 17:54:42 System Checkpoint
04-02-2014 17:54:43 Software Distribution Service 3.0
04-02-2014 17:54:43 System Checkpoint
04-02-2014 17:54:43 System Checkpoint
04-02-2014 17:54:44 Installed Java 7 Update 45
04-02-2014 17:54:45 System Checkpoint
04-02-2014 17:54:46 Installed %1 %2.
04-02-2014 17:54:46 Installed %1 %2.
04-02-2014 17:54:46 Installed Windows XP KB2808679.
04-02-2014 17:54:47 System Checkpoint
04-02-2014 17:54:47 System Checkpoint
04-02-2014 17:54:47 System Checkpoint
04-02-2014 17:54:48 System Checkpoint
04-02-2014 17:54:48 System Checkpoint
04-02-2014 17:54:49 System Checkpoint
04-02-2014 17:54:49 System Checkpoint
04-02-2014 17:54:49 System Checkpoint
04-02-2014 17:54:50 System Checkpoint
04-02-2014 17:54:50 System Checkpoint
04-02-2014 17:54:50 System Checkpoint
04-02-2014 17:54:51 System Checkpoint
04-02-2014 17:54:51 Software Distribution Service 3.0
04-02-2014 17:54:51 Software Distribution Service 3.0
04-02-2014 17:54:51 System Checkpoint
04-02-2014 17:54:52 System Checkpoint
04-02-2014 17:54:52 System Checkpoint
04-02-2014 17:54:53 System Checkpoint
04-02-2014 17:54:53 System Checkpoint
04-02-2014 17:54:54 Driver Booster : NVIDIA GeForce GTX 650
04-02-2014 17:54:54 System Checkpoint
04-02-2014 17:54:54 System Checkpoint
04-02-2014 17:54:55 System Checkpoint
04-02-2014 17:54:55 System Checkpoint
04-02-2014 17:54:55 System Checkpoint
04-02-2014 17:54:56 System Checkpoint
04-02-2014 17:54:56 System Checkpoint
04-02-2014 17:54:57 System Checkpoint
04-02-2014 17:54:57 System Checkpoint
04-02-2014 17:54:58 System Checkpoint
04-02-2014 17:54:58 System Checkpoint
04-02-2014 17:54:58 Software Distribution Service 3.0
04-02-2014 17:54:59 System Checkpoint
04-02-2014 17:55:00 System Checkpoint
04-02-2014 17:55:00 System Checkpoint
04-02-2014 17:55:00 System Checkpoint
04-02-2014 17:55:01 Installed Java 7 Update 51
04-02-2014 17:55:01 System Checkpoint
04-02-2014 17:55:03 System Checkpoint
04-02-2014 17:55:03 System Checkpoint
04-02-2014 17:55:04 System Checkpoint
04-02-2014 17:55:05 System Checkpoint
04-02-2014 17:55:05 System Checkpoint
04-02-2014 17:55:05 System Checkpoint
04-02-2014 17:55:05 System Checkpoint
04-02-2014 17:55:08 End of disinfection
05-02-2014 19:13:08 System Checkpoint
06-02-2014 20:39:34 System Checkpoint
08-02-2014 17:46:33 System Checkpoint
10-02-2014 02:19:46 System Checkpoint
12-02-2014 00:55:01 System Checkpoint
12-02-2014 23:39:39 Software Distribution Service 3.0
14-02-2014 00:36:45 System Checkpoint
15-02-2014 01:19:53 System Checkpoint
16-02-2014 17:03:50 System Checkpoint
18-02-2014 01:16:31 System Checkpoint
19-02-2014 01:25:00 System Checkpoint
20-02-2014 01:40:39 System Checkpoint
21-02-2014 01:53:11 System Checkpoint
24-02-2014 01:17:02 System Checkpoint
25-02-2014 17:25:31 System Checkpoint
26-02-2014 17:26:52 System Checkpoint
27-02-2014 17:45:01 System Checkpoint
28-02-2014 18:07:11 System Checkpoint
01-03-2014 21:29:23 System Checkpoint
02-03-2014 23:32:44 System Checkpoint
04-03-2014 04:45:21 System Checkpoint
05-03-2014 14:50:56 System Checkpoint
06-03-2014 17:49:05 System Checkpoint
08-03-2014 01:38:11 System Checkpoint
09-03-2014 14:11:26 System Checkpoint
10-03-2014 16:17:14 System Checkpoint
12-03-2014 14:26:51 System Checkpoint
13-03-2014 16:31:56 System Checkpoint
14-03-2014 16:59:27 Software Distribution Service 3.0
17-03-2014 13:39:47 System Checkpoint

==================== Hosts content: ==========================

2005-08-31 08:57 - 2013-03-10 07:55 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003Core.job => C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003UA.job => C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MixPadReminder.job => C:\Program Files\NCH Software\MixPad\mixpad.exe
Task: C:\WINDOWS\Tasks\PixillionSevenDays.job => C:\Program Files\NCH Software\Pixillion\pixillion.exe

==================== Loaded Modules (whitelisted) =============

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2005-08-31 08:57 - 2008-04-13 17:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2005-08-31 08:58 - 2008-04-13 17:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2006-02-07 00:13 - 2006-02-07 00:13 - 00024691 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so
2006-02-07 00:13 - 2006-02-07 00:13 - 00159744 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\SSLEAY32.dll
2006-02-07 00:13 - 2006-02-07 00:13 - 00876544 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\LIBEAY32.dll
2012-04-05 09:06 - 2012-05-18 11:04 - 00076888 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2006-03-30 14:58 - 2006-03-30 14:58 - 00143360 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
2012-04-05 09:06 - 2014-03-17 08:30 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.exe

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2014 07:03:21 AM) (Source: Application Error) (User: )
Description: Fault bucket -1068817231.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (03/17/2014 07:03:10 AM) (Source: Application Error) (User: )
Description: Faulting application McSvHost.exe, version 2.6.259.0, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
Processing media-specific event for [McSvHost.exe!ws!]

Error: (03/17/2014 07:02:30 AM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: 1

Error: (03/17/2014 06:12:34 AM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: 1

Error: (03/16/2014 09:40:44 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: 1

Error: (03/16/2014 08:43:15 AM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: 1

Error: (03/13/2014 08:28:54 AM) (Source: Application Hang) (User: )
Description: Hanging application CoDWaWmp.exe, version 1.7.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/11/2014 06:13:25 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/10/2014 10:12:30 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/06/2014 09:41:23 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23562, fault address 0x000ddc85.
Processing media-specific event for [iexplore.exe!ws!]

System errors:
=============
Error: (03/17/2014 09:21:16 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout.

Error: (03/17/2014 09:20:45 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 09:20:15 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:10:46 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:10:15 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:09:45 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:08:32 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:08:01 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:07:31 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:04:04 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 2815.48 MB
Available physical RAM: 1808.96 MB
Total Pagefile: 4702.89 MB
Available Pagefile: 3649.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:366.89 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (CODWAW) (CDROM) (Total:6.95 GB) (Free:0 GB) UDF
Drive e: (Storage) (Fixed) (Total:465.76 GB) (Free:414.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: D4920F58)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: A8EDA8ED)

Partition: GPT Partition Type.

==================== End Of Log ============================

 

 

I have disabled pop up blocker, but it still doesnt allow me to download the TDSSkiller.

Link to post
Share on other sites

Skip TDSS-Killer, do the following instead:

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.


Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

 

Also, please attach the created text files to your reply or open them with notepad (not MS WORD or similar).

I cannot read them like that above.

Link to post
Share on other sites

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-03-18 15:46:19
-----------------------------
15:46:19.109    OS Version: Windows 5.1.2600 Service Pack 3
15:46:19.125    Number of processors: 2 586 0x4302
15:46:19.125    ComputerName: TRON33  UserName: Mike
15:46:21.218    Initialize success
15:51:10.671    AVAST engine defs: 14031802
16:00:29.796    Disk 0  \Device\Harddisk0\DR0 -> \Device\00000073
16:00:29.796    Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3
16:00:29.796    Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000074
16:00:29.796    Disk 1 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3
16:00:29.937    Disk 1 MBR read successfully
16:00:29.937    Disk 1 MBR scan
16:00:29.968    Disk 1 Windows XP default MBR code
16:00:29.968    Disk 1 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476929 MB offset 63
16:00:29.968    Disk 1 scanning sectors +976752000
16:00:30.000    Disk 1 scanning C:\WINDOWS\system32\drivers
16:00:41.515    Service scanning
16:01:04.609    Modules scanning
16:01:12.109    Disk 1 trace - called modules:
16:01:12.140    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys
16:01:12.140    1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8aea0ab8]
16:01:12.140    3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000076[0x8af01b70]
16:01:12.140    5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\00000074[0x8ae9e030]
16:01:16.015    AVAST engine scan C:\WINDOWS
16:01:27.625    AVAST engine scan C:\WINDOWS\system32
16:05:21.687    AVAST engine scan C:\WINDOWS\system32\drivers
16:05:53.031    AVAST engine scan C:\Documents and Settings\Mike
16:19:27.859    Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Mike\Desktop\MBR.dat"
16:19:27.859    The log file has been saved successfully to "C:\Documents and Settings\Mike\Desktop\aswMBR.txt"

 

Link to post
Share on other sites

I do open them in notepad. I dont see what the problem you are having trying to read them. I can attach them if you want.

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by Mike (administrator) on TRON33 on 17-03-2014 09:56:37
Running from C:\Documents and Settings\Mike\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files\MR APP\MRAPP.Event.Service.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe
(Xfire Inc.) C:\Program Files\Xfire\Xfire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Apache Software Foundation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(Apache Software Foundation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\WINDOWS\system32\PnkBstrA.exe
(Digital Market Research Apps Pty Ltd) C:\Program Files\MR APP\MRAPP.Transfer.Service.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
() C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
() C:\WINDOWS\system32\PnkBstrB.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16005120 2006-02-27] (Realtek Semiconductor Corp.)
HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-01-28] (McAfee, Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15677728 2013-06-21] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [223008 2013-06-21] (NVIDIA Corporation)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-01-28] (McAfee, Inc.)
HKU\S-1-5-21-1960408961-606747145-725345543-1003\...\Run: [Google Update] - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-04-04] (Google Inc.)
Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\Xfire.lnk
ShortcutTarget: Xfire.lnk -> C:\Program Files\Xfire\Xfire.exe (Xfire Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497}
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {F6DEA26D-6B54-4791-9B02-ACE45D39F09C} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {4EA46B1B-D008-4CB3-8769-40A8C130D9CC} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll (Yahoo! Inc.)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} -  No File
DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {26CF0ECA-50B9-411D-BA37-86BD6AD53382} http://www.starstable.com/plugin/PXStudioRuntimeAX.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\6alscx3p.default-1391569677500
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\Documents and Settings\All Users\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2012-07-03]

Chrome:
=======
CHR DefaultSearchKeyword: bing.com
CHR DefaultSearchProvider: Bing
CHR DefaultSearchURL: http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (YouTube) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-04]
CHR Extension: (Google Search) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-04]
CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-04-06]
CHR Extension: (Ads Removal) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-13]
CHR Extension: (Amazing Coupons) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-02-28]
CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-01-24]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01]
CHR Extension: (Gmail) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-04]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2012-07-03]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

========================== Services (Whitelisted) =================

R2 EventService; C:\Program Files\MR APP\MRAPP.Event.Service.exe [31744 2013-12-17] (Digital Market Research Apps Pty Ltd)
R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [143360 2006-03-30] ()
R2 ForcewareWebInterface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [20543 2006-02-07] (Apache Software Foundation)
R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-01-28] (McAfee, Inc.)
U2 mcbootdelaystartsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S2 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [644088 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-01-27] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [175480 2014-01-27] (McAfee, Inc.)
R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [131131 2006-03-30] (NVIDIA Corporation)
R2 nSvcLog; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [65599 2006-03-30] (NVIDIA Corporation)
R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76888 2012-05-18] ()
R2 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [281872 2014-03-17] ()
R2 TransferService; C:\Program Files\MR APP\MRAPP.Transfer.Service.exe [31232 2013-12-17] (Digital Market Research Apps Pty Ltd)

==================== Drivers (Whitelisted) ====================

R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2013-12-24] (Advanced Micro Devices)
S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [61400 2014-01-27] (McAfee, Inc.)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
R2 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [134568 2014-01-27] (McAfee, Inc.)
R2 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [236480 2014-01-27] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [66408 2014-01-27] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [366248 2014-01-27] (McAfee, Inc.)
R2 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [573840 2014-01-27] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [330248 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81264 2014-01-21] (McAfee, Inc.)
S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [85544 2014-01-27] (McAfee, Inc.)
R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [85544 2014-01-27] (McAfee, Inc.)
R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [92216 2014-01-27] (McAfee, Inc.)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA))
R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [100736 2006-04-24] (NVIDIA Corporation)
S0 nvatabus; C:\WINDOWS\system32\Drivers\nvatabus.sys [99840 2006-03-16] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2013-10-29] (NVIDIA Corporation)
R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-24] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2013-10-29] (NVIDIA Corporation)
S1 NVTCP; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [109568 2006-03-22] (NVIDIA Corporation)
R3 PnkBstrK; C:\WINDOWS\system32\drivers\PnkBstrK.sys [139280 2014-03-17] ()
S4 IntelIde; No ImagePath
U2 mfewfpk;
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-03-17 09:31 - 2014-03-17 09:56 - 00017172 _____ () C:\Documents and Settings\Mike\Desktop\FRST.txt
2014-03-17 09:31 - 2014-03-17 09:56 - 00000000 ____D () C:\FRST
2014-03-17 09:31 - 2014-03-17 09:31 - 01145856 _____ (Farbar) C:\Documents and Settings\Mike\Desktop\FRST.exe
2014-03-17 07:59 - 2014-03-17 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-03-14 09:59 - 2014-03-14 09:59 - 00011201 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-14 09:36 - 2014-03-14 09:59 - 00009734 _____ () C:\WINDOWS\KB2930275.log
2014-03-14 09:36 - 2014-03-14 09:59 - 00008512 _____ () C:\WINDOWS\KB2929961.log
2014-03-10 10:27 - 2014-03-10 10:27 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
2014-03-06 08:40 - 2014-03-11 18:29 - 00000806 _____ () C:\WINDOWS\wmsetup.log

==================== One Month Modified Files and Folders =======

2014-03-17 09:56 - 2014-03-17 09:31 - 00017172 _____ () C:\Documents and Settings\Mike\Desktop\FRST.txt
2014-03-17 09:56 - 2014-03-17 09:31 - 00000000 ____D () C:\FRST
2014-03-17 09:56 - 2012-04-04 22:02 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003UA.job
2014-03-17 09:52 - 2012-04-04 21:23 - 01733895 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-17 09:31 - 2014-03-17 09:31 - 01145856 _____ (Farbar) C:\Documents and Settings\Mike\Desktop\FRST.exe
2014-03-17 09:30 - 2013-02-26 08:50 - 00013776 _____ () C:\WINDOWS\system32\nvAppTimestamps
2014-03-17 09:29 - 2012-04-09 19:26 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 08:31 - 2012-04-05 09:06 - 00139280 _____ () C:\WINDOWS\system32\Drivers\PnkBstrK.sys
2014-03-17 08:30 - 2012-04-06 10:22 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.xtr
2014-03-17 08:30 - 2012-04-05 09:06 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.exe
2014-03-17 08:03 - 2012-04-05 01:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
2014-03-17 07:59 - 2014-03-17 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-03-17 07:58 - 2012-04-04 22:41 - 00000716 _____ () C:\WINDOWS\system32\nmp.log
2014-03-17 07:58 - 2005-08-31 08:59 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-17 07:56 - 2014-01-22 17:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-03-17 07:56 - 2014-01-22 17:23 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-17 07:55 - 2012-04-09 19:26 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 07:55 - 2012-04-05 00:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$
2014-03-17 07:55 - 2012-04-04 21:42 - 00000000 ____D () C:\WINDOWS\system32\Lang
2014-03-17 07:55 - 2012-04-04 21:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-17 07:54 - 2014-01-22 17:22 - 00032560 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-17 07:54 - 2012-04-04 21:28 - 00000178 ___SH () C:\Documents and Settings\Mike\ntuser.ini
2014-03-17 07:12 - 2012-07-03 13:28 - 00000000 ____D () C:\Program Files\McAfee
2014-03-17 07:06 - 2012-07-03 13:28 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-03-17 07:05 - 2013-02-28 23:04 - 00507014 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-606747145-725345543-1003-0.dat
2014-03-17 07:05 - 2013-02-28 23:04 - 00160782 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2014-03-17 07:03 - 2014-02-02 09:09 - 00115756 _____ () C:\WINDOWS\setupapi.log
2014-03-16 09:06 - 2012-04-05 09:06 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.ex0
2014-03-15 15:45 - 2012-08-23 17:42 - 00000000 ____D () C:\Documents and Settings\Mike\Desktop\Wizard101
2014-03-15 11:56 - 2012-04-04 22:02 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003Core.job
2014-03-14 15:28 - 2013-08-20 15:40 - 00000116 _____ () C:\Documents and Settings\Mike\Desktop\Survey passcode.txt
2014-03-14 15:08 - 2012-04-04 14:18 - 00152384 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-14 09:59 - 2014-03-14 09:59 - 00011201 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-14 09:59 - 2014-03-14 09:36 - 00009734 _____ () C:\WINDOWS\KB2930275.log
2014-03-14 09:59 - 2014-03-14 09:36 - 00008512 _____ () C:\WINDOWS\KB2929961.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00040098 _____ () C:\WINDOWS\iis6.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00037100 _____ () C:\WINDOWS\FaxSetup.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00017736 _____ () C:\WINDOWS\ocgen.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00016927 _____ () C:\WINDOWS\tsoc.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00012366 _____ () C:\WINDOWS\comsetup.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00011320 _____ () C:\WINDOWS\msmqinst.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00007488 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00006498 _____ () C:\WINDOWS\netfxocm.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00006354 _____ () C:\WINDOWS\updspapi.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00002550 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00002052 _____ () C:\WINDOWS\ocmsn.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00001866 _____ () C:\WINDOWS\tabletoc.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00001854 _____ () C:\WINDOWS\msgsocm.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-14 09:59 - 2014-02-12 16:42 - 00001374 _____ () C:\WINDOWS\imsins.BAK
2014-03-14 09:59 - 2012-04-05 00:34 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-11 18:29 - 2014-03-06 08:40 - 00000806 _____ () C:\WINDOWS\wmsetup.log
2014-03-11 18:07 - 2012-04-12 05:40 - 00000000 ____D () C:\Program Files\Xfire
2014-03-10 10:27 - 2014-03-10 10:27 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
2014-03-10 10:27 - 2013-04-16 19:08 - 00001868 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
2014-03-10 10:27 - 2013-04-16 19:08 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor
2014-03-09 06:46 - 2012-04-04 14:19 - 00634032 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-08 08:45 - 2012-04-28 06:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM
2014-03-07 07:29 - 2012-12-17 09:19 - 00001024 ____H () C:\WINDOWS\system32\config\ELAM.LOG
2014-02-24 16:24 - 2005-08-31 08:57 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-24 16:24 - 2005-08-31 08:57 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe
2014-02-24 04:46 - 2012-04-05 00:34 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll
2014-02-24 04:46 - 2012-04-04 21:22 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll
2014-02-24 04:46 - 2005-08-31 08:58 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-02-24 04:45 - 2012-06-13 07:52 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll
2014-02-24 04:45 - 2012-04-05 00:34 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2014-02-24 04:45 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-24 04:45 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-24 04:45 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-24 04:45 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll
2014-02-24 04:45 - 2005-08-31 08:58 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll
2014-02-24 04:45 - 2005-08-31 08:58 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-24 04:45 - 2005-08-31 08:57 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl
2014-02-24 04:45 - 2005-08-31 08:57 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll
2014-02-24 04:45 - 2005-08-31 08:57 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll
2014-02-24 03:54 - 2005-08-31 08:57 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-02-23 00:45 - 2012-04-26 12:58 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-02-21 18:04 - 2012-04-04 21:28 - 00000000 ____D () C:\Documents and Settings\Mike
2014-02-17 10:52 - 2012-04-14 08:52 - 00000000 ____D () C:\Documents and Settings\Mike\Application Data\Xfire

Some content of TEMP:
====================
C:\Documents and Settings\Mike\Local Settings\temp\hcuninstaller_20140203_072758_1832.exe
C:\Documents and Settings\Mike\Local Settings\temp\ICReinstall_FirefoxSetup[1].exe
C:\Documents and Settings\Mike\Local Settings\temp\promote-upx.exe
C:\Documents and Settings\Mike\Local Settings\temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Addition txt:

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by Mike at 2014-03-17 09:56:56
Running from C:\Documents and Settings\Mike\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
FW: ActiveArmor Firewall (Disabled) {EDC10449-64D1-46c7-A59A-EC20D662F26D}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
att.net Internet Mail (HKLM\...\Yahoo! Mail) (Version:  - )
Audio MP3 Editor 5.80 (HKLM\...\Audio MP3 Editor_is1) (Version:  - audio2x.com)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty® - World at War (HKLM\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.7 - Activision)
Call of Duty® - World at War (Version: 1.0 - Activision) Hidden
Call of Duty® - World at War 1.2 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.2 Patch (Version: 1.2 - Activision) Hidden
Call of Duty® - World at War 1.3 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.3 Patch (Version: 1.3 - Activision) Hidden
Call of Duty® - World at War 1.4 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.4 Patch (Version: 1.4 - Activision) Hidden
Call of Duty® - World at War 1.5 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.5 Patch (Version: 1.5 - Activision) Hidden
Call of Duty® - World at War 1.6 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.6 Patch (Version: 1.6 - Activision) Hidden
Call of Duty® - World at War 1.7 Patch (Version:  - ) Hidden
Call of Duty® - World at War 1.7 Patch (Version: 1.7 - Activision) Hidden
Canon MP Navigator EX 4.1 (HKLM\...\MP Navigator EX 4.1) (Version:  - )
Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
Disney's Stanley Tiger Tales (HKLM\...\{75C139EF-A37B-11D5-B232-0050DACD394D}) (Version:  - )
e-Rewards Notify (HKLM\...\{54AA8284-7213-4D3E-9186-9DB50AFF600D}) (Version: 1.1.0.181 - e-Rewards Opinion Panel)
Eye Candy 4000 (HKLM\...\Eye Candy 4000) (Version:  - )
Flvto Youtube Downloader (HKLM\...\Flvto Youtube Downloader) (Version: 0.5.0 - Hotger)
FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time)
Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden
HandBrake 0.9.8 (HKLM\...\HandBrake) (Version: 0.9.8 - )
Happy Cloud Client (HKCU\...\HappyCloud) (Version: 1.386 - Happy Cloud, Inc.)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
iTunes (HKLM\...\{9B486871-27EB-49A5-8832-77176E63333C}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LightScribe  1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee SecurityCenter (HKLM\...\MSC) (Version: 12.8.934 - McAfee, Inc.)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Software Update for Web Folders  (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
MixPad (HKLM\...\MixPad) (Version:  - NCH Software)
Mozilla Firefox 27.0 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0 (x86 en-US)) (Version: 27.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0 - Mozilla)
Nero 7 Essentials (HKLM\...\{18039280-98B7-4C5E-AAC0-10EBC9731033}) (Version: 7.02.4457 - Nero AG)
NVIDIA Control Panel 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}) (Version: 2.03.5523 - NVIDIA Corporation)
NVIDIA ForceWare Network Access Manager (Version: 2.03.5523 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden
NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation)
NVIDIA PhysX (Version: 9.13.0604 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
Paint Shop Pro 7 ESD (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc)
Pirate101 (HKLM\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Pixillion Image Converter (HKLM\...\Pixillion) (Version: 2.72 - NCH Software)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
Prime World version 9.8.6 (HKLM\...\{F6F3C462-2729-4555-8A95-CC317A90F8FF}_is1) (Version: 9.8.6 - Nival)
PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.)
Pyware iPAS (HKLM\...\Pyware iPAS) (Version: 1.0.0.0 - Pygraphics)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.04 - Realtek Semiconductor Corp.)
Rose Online (HKLM\...\{2C3BC4D9-2CDB-4EFB-8CB9-323D032D5FF5}) (Version: 1.0.483.1 - Gravity Interactive, Inc.)
SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Shockwave (HKLM\...\Shockwave) (Version:  - )
SPORE™ (HKLM\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
The Mighty Quest For Epic Loot version 1.219367 (HKLM\...\The Mighty Quest For Epic Loot_is1) (Version: 1.219367 - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VideoPad Video Editor (HKLM\...\VideoPad) (Version:  - NCH Software)
WavePad Sound Editor (HKLM\...\WavePad) (Version:  - NCH Software)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation)
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (04/28/2006 1.3.1.0) (HKLM\...\9E140F48C9836B9B78539C08FB2B17146BDB3F65) (Version: 04/28/2006 1.3.1.0 - Advanced Micro Devices)
Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.)
Xfire (remove only) (HKLM\...\Xfire) (Version:  - )
Yahoo! Login (HKLM\...\Yahoo! Login) (Version:  - )
Yahoo! Messenger Explorer Bar (HKLM\...\Yahoo! Messenger Explorer Bar) (Version:  - )

==================== Restore Points  =========================

04-02-2014 17:54:42 System Checkpoint
04-02-2014 17:54:42 System Checkpoint
04-02-2014 17:54:42 System Checkpoint
04-02-2014 17:54:43 Software Distribution Service 3.0
04-02-2014 17:54:43 System Checkpoint
04-02-2014 17:54:43 System Checkpoint
04-02-2014 17:54:44 Installed Java 7 Update 45
04-02-2014 17:54:45 System Checkpoint
04-02-2014 17:54:46 Installed %1 %2.
04-02-2014 17:54:46 Installed %1 %2.
04-02-2014 17:54:46 Installed Windows XP KB2808679.
04-02-2014 17:54:47 System Checkpoint
04-02-2014 17:54:47 System Checkpoint
04-02-2014 17:54:47 System Checkpoint
04-02-2014 17:54:48 System Checkpoint
04-02-2014 17:54:48 System Checkpoint
04-02-2014 17:54:49 System Checkpoint
04-02-2014 17:54:49 System Checkpoint
04-02-2014 17:54:49 System Checkpoint
04-02-2014 17:54:50 System Checkpoint
04-02-2014 17:54:50 System Checkpoint
04-02-2014 17:54:50 System Checkpoint
04-02-2014 17:54:51 System Checkpoint
04-02-2014 17:54:51 Software Distribution Service 3.0
04-02-2014 17:54:51 Software Distribution Service 3.0
04-02-2014 17:54:51 System Checkpoint
04-02-2014 17:54:52 System Checkpoint
04-02-2014 17:54:52 System Checkpoint
04-02-2014 17:54:53 System Checkpoint
04-02-2014 17:54:53 System Checkpoint
04-02-2014 17:54:54 Driver Booster : NVIDIA GeForce GTX 650
04-02-2014 17:54:54 System Checkpoint
04-02-2014 17:54:54 System Checkpoint
04-02-2014 17:54:55 System Checkpoint
04-02-2014 17:54:55 System Checkpoint
04-02-2014 17:54:55 System Checkpoint
04-02-2014 17:54:56 System Checkpoint
04-02-2014 17:54:56 System Checkpoint
04-02-2014 17:54:57 System Checkpoint
04-02-2014 17:54:57 System Checkpoint
04-02-2014 17:54:58 System Checkpoint
04-02-2014 17:54:58 System Checkpoint
04-02-2014 17:54:58 Software Distribution Service 3.0
04-02-2014 17:54:59 System Checkpoint
04-02-2014 17:55:00 System Checkpoint
04-02-2014 17:55:00 System Checkpoint
04-02-2014 17:55:00 System Checkpoint
04-02-2014 17:55:01 Installed Java 7 Update 51
04-02-2014 17:55:01 System Checkpoint
04-02-2014 17:55:03 System Checkpoint
04-02-2014 17:55:03 System Checkpoint
04-02-2014 17:55:04 System Checkpoint
04-02-2014 17:55:05 System Checkpoint
04-02-2014 17:55:05 System Checkpoint
04-02-2014 17:55:05 System Checkpoint
04-02-2014 17:55:05 System Checkpoint
04-02-2014 17:55:08 End of disinfection
05-02-2014 19:13:08 System Checkpoint
06-02-2014 20:39:34 System Checkpoint
08-02-2014 17:46:33 System Checkpoint
10-02-2014 02:19:46 System Checkpoint
12-02-2014 00:55:01 System Checkpoint
12-02-2014 23:39:39 Software Distribution Service 3.0
14-02-2014 00:36:45 System Checkpoint
15-02-2014 01:19:53 System Checkpoint
16-02-2014 17:03:50 System Checkpoint
18-02-2014 01:16:31 System Checkpoint
19-02-2014 01:25:00 System Checkpoint
20-02-2014 01:40:39 System Checkpoint
21-02-2014 01:53:11 System Checkpoint
24-02-2014 01:17:02 System Checkpoint
25-02-2014 17:25:31 System Checkpoint
26-02-2014 17:26:52 System Checkpoint
27-02-2014 17:45:01 System Checkpoint
28-02-2014 18:07:11 System Checkpoint
01-03-2014 21:29:23 System Checkpoint
02-03-2014 23:32:44 System Checkpoint
04-03-2014 04:45:21 System Checkpoint
05-03-2014 14:50:56 System Checkpoint
06-03-2014 17:49:05 System Checkpoint
08-03-2014 01:38:11 System Checkpoint
09-03-2014 14:11:26 System Checkpoint
10-03-2014 16:17:14 System Checkpoint
12-03-2014 14:26:51 System Checkpoint
13-03-2014 16:31:56 System Checkpoint
14-03-2014 16:59:27 Software Distribution Service 3.0
17-03-2014 13:39:47 System Checkpoint

==================== Hosts content: ==========================

2005-08-31 08:57 - 2013-03-10 07:55 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003Core.job => C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003UA.job => C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MixPadReminder.job => C:\Program Files\NCH Software\MixPad\mixpad.exe
Task: C:\WINDOWS\Tasks\PixillionSevenDays.job => C:\Program Files\NCH Software\Pixillion\pixillion.exe

==================== Loaded Modules (whitelisted) =============

2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2005-08-31 08:57 - 2008-04-13 17:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2005-08-31 08:58 - 2008-04-13 17:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2006-02-07 00:13 - 2006-02-07 00:13 - 00024691 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so
2006-02-07 00:13 - 2006-02-07 00:13 - 00159744 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\SSLEAY32.dll
2006-02-07 00:13 - 2006-02-07 00:13 - 00876544 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\LIBEAY32.dll
2012-04-05 09:06 - 2012-05-18 11:04 - 00076888 _____ () C:\WINDOWS\system32\PnkBstrA.exe
2006-03-30 14:58 - 2006-03-30 14:58 - 00143360 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
2012-04-05 09:06 - 2014-03-17 08:30 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.exe

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime
MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (03/17/2014 07:03:21 AM) (Source: Application Error) (User: )
Description: Fault bucket -1068817231.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (03/17/2014 07:03:10 AM) (Source: Application Error) (User: )
Description: Faulting application McSvHost.exe, version 2.6.259.0, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd.
Processing media-specific event for [McSvHost.exe!ws!]

Error: (03/17/2014 07:02:30 AM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: 1

Error: (03/17/2014 06:12:34 AM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: 1

Error: (03/16/2014 09:40:44 PM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: 1

Error: (03/16/2014 08:43:15 AM) (Source: McLogEvent) (User: NT AUTHORITY)
Description: 1

Error: (03/13/2014 08:28:54 AM) (Source: Application Hang) (User: )
Description: Hanging application CoDWaWmp.exe, version 1.7.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/11/2014 06:13:25 PM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/10/2014 10:12:30 AM) (Source: Application Hang) (User: )
Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/06/2014 09:41:23 PM) (Source: Application Error) (User: )
Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23562, fault address 0x000ddc85.
Processing media-specific event for [iexplore.exe!ws!]

System errors:
=============
Error: (03/17/2014 09:21:16 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout.

Error: (03/17/2014 09:20:45 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 09:20:15 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:10:46 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:10:15 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:09:45 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:08:32 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:08:01 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:07:31 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout.

Error: (03/17/2014 08:04:04 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout.

Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 35%
Total physical RAM: 2815.48 MB
Available physical RAM: 1808.96 MB
Total Pagefile: 4702.89 MB
Available Pagefile: 3649.65 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.62 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:366.89 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (CODWAW) (CDROM) (Total:6.95 GB) (Free:0 GB) UDF
Drive e: (Storage) (Fixed) (Total:465.76 GB) (Free:414.69 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 466 GB) (Disk ID: D4920F58)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: A8EDA8ED)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

I don´t know what you´ve changed but now they appear fine. :)

 

 

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.


**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Link to post
Share on other sites

I didnt do anything, i just copy pasted from the notepad.

 

Here is combofix:

 

ComboFix 14-03-19.01 - Mike 03/19/2014  20:26:50.1.2 - x86
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2815.1928 [GMT -7:00]
Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: ActiveArmor Firewall *Enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}
FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
.
.
(((((((((((((((((((((((((   Files Created from 2014-02-20 to 2014-03-20  )))))))))))))))))))))))))))))))
.
.
2014-03-17 16:31 . 2014-03-17 16:57 -------- d-----w- C:\FRST
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-19 23:31 . 2012-04-05 16:06 139280 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2014-03-19 23:31 . 2012-04-06 17:22 281872 ----a-w- c:\windows\system32\PnkBstrB.xtr
2014-03-19 23:31 . 2012-04-05 16:06 281872 ----a-w- c:\windows\system32\PnkBstrB.exe
2014-03-19 17:21 . 2012-04-05 16:06 281872 ----a-w- c:\windows\system32\PnkBstrB.ex0
2014-02-24 11:46 . 2005-08-31 15:58 920064 ----a-w- c:\windows\system32\wininet.dll
2014-02-24 11:45 . 2005-08-31 15:58 43520 ------w- c:\windows\system32\licmgr10.dll
2014-02-24 11:45 . 2005-08-31 15:57 1469440 ------w- c:\windows\system32\inetcpl.cpl
2014-02-24 11:45 . 2005-08-31 15:57 18944 ----a-w- c:\windows\system32\corpol.dll
2014-02-24 10:54 . 2005-08-31 15:57 385024 ------w- c:\windows\system32\html.iec
2014-02-07 02:01 . 2005-08-31 15:58 1879040 ----a-w- c:\windows\system32\win32k.sys
2014-02-05 18:01 . 2012-04-05 07:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-05 18:01 . 2012-04-05 07:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-05 08:55 . 2005-08-31 15:58 562688 ----a-w- c:\windows\system32\qedit.dll
2014-01-27 16:18 . 2012-07-03 20:28 61400 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-01-27 16:11 . 2012-07-03 20:22 175480 ----a-w- c:\windows\system32\mfevtps.exe
2014-01-27 16:11 . 2012-07-03 20:28 92216 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2014-01-27 16:06 . 2012-02-22 20:29 573840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-01-27 16:05 . 2012-12-17 16:18 85544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2014-01-27 16:04 . 2012-07-03 20:28 366248 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-01-27 16:04 . 2012-07-03 20:28 66408 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2014-01-27 16:03 . 2014-01-27 16:03 236480 ----a-w- c:\windows\system32\drivers\SETB6.tmp
2014-01-27 16:03 . 2012-07-03 20:28 236480 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-01-27 16:02 . 2012-02-22 20:29 134568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-01-21 10:49 . 2014-01-21 10:49 10632 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2014-01-21 10:49 . 2014-01-21 10:49 81264 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2014-01-21 10:48 . 2014-01-21 10:48 330248 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
2014-01-04 03:13 . 2005-08-31 15:58 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-12-24 14:47 . 2012-04-05 04:39 36864 ----a-w- c:\windows\system32\drivers\AmdK8.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-02-27 16005120]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 517392]
"Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-06-21 15677728]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2013-06-21 223008]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 517392]
.
c:\documents and settings\Mike\Start Menu\Programs\Startup\
Xfire.lnk - c:\program files\Xfire\Xfire.exe [2013-3-20 3560832]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2013-04-22 04:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2010-07-26 02:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2012-04-05 05:02 116648 ----atw- c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2013-08-16 16:07 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2006-01-12 22:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2004-11-03 03:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2013-07-02 17:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2012-04-10 02:26 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"=
"c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"=
"c:\\Program Files\\Xfire\\Xfire.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=
"c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\Platform\\McSvcHost\\McSvHost.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management
.
R?2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [3/17/2014 7:02 AM 281560]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/3/2012 1:28 PM 92216]
R2 EventService;MR APP Event Service;c:\program files\MR APP\MRAPP.Event.Service.exe [12/17/2013 12:50 PM 31744]
R2 HomeNetSvc;McAfee Home Network;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [3/17/2014 7:02 AM 281560]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/3/2012 1:28 PM 167784]
R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [3/17/2014 7:02 AM 145568]
R2 mcpltsvc;McAfee Platform Services;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [3/17/2014 7:02 AM 281560]
R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\Mcafee\AMCore\mcshield.exe [3/16/2014 8:43 AM 644088]
R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/3/2012 1:28 PM 169800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [7/3/2012 1:22 PM 175480]
R2 TransferService;MR APP Transfer Service;c:\program files\MR APP\MRAPP.Transfer.Service.exe [12/17/2013 12:49 PM 31232]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/3/2012 1:28 PM 366248]
R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [1/21/2014 3:48 AM 330248]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/17/2012 9:18 AM 85544]
S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [10/29/2013 8:59 AM 2151200]
S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/3/2012 1:28 PM 167784]
S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/3/2012 1:28 PM 167784]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/3/2012 1:28 PM 61400]
S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [9/17/2013 5:04 PM 23456]
S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [12/11/2012 9:48 AM 147912]
S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [1/21/2014 3:49 AM 81264]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/17/2012 9:18 AM 85544]
.
Contents of the 'Scheduled Tasks' folder
.
2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 02:26]
.
2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 02:26]
.
2014-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003Core.job
- c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-05 05:02]
.
2014-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003UA.job
- c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-05 05:02]
.
.
------- Supplementary Scan -------
.


mSearch Bar = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html
uInternet Settings,ProxyOverride = <-loopback>;;view.truste.com
uSearchURL,(Default) = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: $talisma_url$
Trusted Zone: starstable.com
Trusted Zone: xfire.com\secure
TCP: DhcpNameServer = 192.168.1.254

FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\6alscx3p.default-1391569677500\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-MixPad - c:\program files\NCH Software\MixPad\mixpad.exe
AddRemove-Pixillion - c:\program files\NCH Software\Pixillion\pixillion.exe
AddRemove-VideoPad - c:\program files\NCH Software\VideoPad\videopad.exe
AddRemove-WavePad - c:\program files\NCH Software\WavePad\wavepad.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2014-03-19 20:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ... 
.
scanning hidden autostart entries ...
.
scanning hidden files ... 
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1960408961-606747145-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:14,ad,1d,81,4e,fa,fb,29,33,f8,04,a5,24,7e,3b,11,bf,e0,54,98,5c,
   5f,94,87,89,cb,34,04,08,4f,78,cf,5b,c3,d9,ea,ca,43,87,d4,19,c8,50,7f,d8,0d,\
"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3000)
c:\windows\system32\WININET.dll
c:\progra~1\mcafee\SITEAD~1\saHook.dll
c:\program files\Xfire\xfire_toucan_46139.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2014-03-19  20:50:08
ComboFix-quarantined-files.txt  2014-03-20 03:49
.
Pre-Run: 392,686,731,264 bytes free
Post-Run: 394,054,025,216 bytes free
.
- - End Of File - - 14ACF2F1C1E9F97CBBD3B061BC900C0B
8F558EB6672622401DA993E1E865C861
 

Link to post
Share on other sites

No malware to see.

 

 

System File Check

For Windows XP:

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.


For Windows Vista/7:

  • Press the Windows key to open the start menu.
  • Don´t highlight anything, just write cmd.
  • The start menu will offer you an entry named cmd.
  • Right click it and select "run as administrator"




Within the opening window, write the following:

sfc /scannow
(See the blank within).


  • Hit enter. Your system will be checked for damaged system files.
  • Tell me the result of that scan in here (as the tool produces no log).
 
 
 
Use the Windows Error Checking utility (Check Disk), with the options to fix file system errors and scan the disk surface for errors, attempt recovery of data and repair the disk:

  • Click the StartBtn.gif button
  • Click My Computer.
  • Right-click on the drive that you wish to check > Properties > Tools tab
  • In the "Error checking" section, click on Check now.
  • Place a checkmark in both boxes > Start.
  • If the disk you have chosen is the Windows system disk:
  • A message will notify you that a restart is necessary ask "Do you want to check for hard disk errors the next time you start your computer?".
  • Click Schedule disk check > OK and close all windows.
  • Re-start the computer. The disk will be checked when the system boots.
  • This will take some time to run and at times may appear stalled but just let it run.
  • When the disk check is complete, the system will re-start automatically and load Windows.



A log of the disk check is recorded only if the scheduled re-start is used, and only for drives on the same HDD as the Operating System.
To open Event Viewer and view the log:

  • Click the StartBtn.gif button
  • Click Run.
  • Type "eventvwr" without the quotes and press the key.
  • The Event Viewer window will open.
  • In the left pane, expand "Event Viewer (local)" then click on Application.
  • In the right pane, at the top, click on the column heading Source to sort the list alphabetically.
  • Look in the Source column for "Winlogon", with an entry corresponding to the date and time of the disk check.
  • Click on that Winlogon entry to select it.
  • In the box below "Description", Copy all of the contents.
  • Paste the contents into your next reply.

Link to post
Share on other sites

For this part:

 

System File Check

For Windows XP:


 

  • Press the Windows- and the R-key simultanously.
  • Within the text box that jus opened, write cmd and hit Enter.

Can i Click Start then Run and type in CMD? I use an older keyboard and it doesnt have the Window Key.
 

Link to post
Share on other sites

For the scannow, there was nothing after it was done, it just stopped.

 

 

Event Type: Information
Event Source: Winlogon
Event Category: None
Event ID: 1001
Date:  3/20/2014
Time:  10:21:32 PM
User:  N/A
Computer: TRON33
Description:
Checking file system on C:
The type of the file system is NTFS.

A disk check has been scheduled.
Windows will now check the disk.                        
Cleaning up minor inconsistencies on the drive.
Cleaning up 146 unused index entries from index $SII of file 0x9.
Cleaning up 146 unused index entries from index $SDH of file 0x9.
Cleaning up 146 unused security descriptors.
CHKDSK is verifying file data (stage 4 of 5)...
File data verification completed.
CHKDSK is verifying free space (stage 5 of 5)...
Free space verification is complete.

 488375968 KB total disk space.
 104475408 KB in 257060 files.
     91488 KB in 10444 indexes.
         0 KB in bad sectors.
    359204 KB in use by the system.
     65536 KB occupied by the log file.
 383449868 KB available on disk.

      4096 bytes in each allocation unit.
 122093992 total allocation units on disk.
  95862467 allocation units available on disk.

Internal Info:
50 38 04 00 fb 14 04 00 15 64 06 00 00 00 00 00  P8.......d......
e8 0a 00 00 04 00 00 00 bd 08 00 00 00 00 00 00  ................
58 55 1f 15 00 00 00 00 68 a1 16 8f 00 00 00 00  XU......h.......
d2 db 69 1f 00 00 00 00 ea f9 e9 39 07 00 00 00  ..i........9....
4c fc 99 14 1d 00 00 00 6e 74 48 19 25 00 00 00  L.......ntH.%...
99 9e 36 00 00 00 00 00 a8 39 07 00 24 ec 03 00  ..6......9..$...
00 00 00 00 00 40 ac e8 18 00 00 00 cc 28 00 00  .....@.......(..

Windows has finished checking your disk.
Please wait while your computer restarts.

For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

Link to post
Share on other sites

Windows Repair (all-in-one)

Please download Windows Repair (all in one) from here.

Install the program then run it.

Go to step 2 and allow it to run Disk check.

Capture3.gif

Once that is done then go to step 3 and allow it to run SFC by clicking Do it

Capture.gif


On the Start Repairs tab, click Start.
Within the opening window, hit unselect all.
Check only the following:



  • Reset Registry Permissions
  • Reset File Permissions
  • Register System Files
  • Repair Windows Firewall
  • Repair Windows Updates



then click on Start

DON'T use the computer while each scan is in progress.

Restart may be needed to finish the repair procedure.

Let me know how that worked out for you.

Link to post
Share on other sites

I think by shutting down all the way, then turning the machine back on, allowed the antivirus to update. It did shut off, but it was during the update then it installed the new files. After it was complete, the pc restarted, and the antivirus stayed on. This morning when turning on my machine, it found a trojan with the name Artemis! and it quarentined it.

Link to post
Share on other sites

Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

Malware:

 

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.23.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Mike :: TRON33 [administrator]

Protection: Enabled

3/22/2014 7:22:36 PM
mbam-log-2014-03-22 (19-22-36).txt

Scan type: Full scan (C:\|E:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 485706
Time elapsed: 6 hour(s), 4 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 2
HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.
HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

 

 

 

 

 

 

 

 

ESET

 

C:\Documents and Settings\Mike\My Documents\wpsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\Program Files\Flvto Converter\FlvtoConverterSetupV0.3.2.exe Win32/InstallMonetizer.AN potentially unwanted application
C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP222\A0182069.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP222\A0182070.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP222\A0182072.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP222\A0182074.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP222\A0182075.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP222\A0182076.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application
C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP222\A0182077.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP222\A0182078.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application
C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP226\A0185477.exe Win32/InstallCore.IY potentially unwanted application
C:\WINDOWS\system32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application
 

Link to post
Share on other sites

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    C:\Documents and Settings\Mike\My Documents\wpsetup.exeC:\Program Files\Flvto Converter\FlvtoConverterSetupV0.3.2.exeC:\WINDOWS\system32\Adobe\Shockwave 12\gt.exe
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

 

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also




Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.





SecurityCheck

Reboot your system before starting!

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.

Link to post
Share on other sites

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by Mike at 2014-03-24 09:01:58 Run:1
Running from C:\Documents and Settings\Mike\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Documents and Settings\Mike\My Documents\wpsetup.exe
C:\Program Files\Flvto Converter\FlvtoConverterSetupV0.3.2.exe
C:\WINDOWS\system32\Adobe\Shockwave 12\gt.exe
*****************

C:\Documents and Settings\Mike\My Documents\wpsetup.exe => Moved successfully.
C:\Program Files\Flvto Converter\FlvtoConverterSetupV0.3.2.exe => Moved successfully.
C:\WINDOWS\system32\Adobe\Shockwave 12\gt.exe => Moved successfully.

==== End of Fixlog ====

 

Adwarecleaner:

 

# AdwCleaner v3.022 - Report created 24/03/2014 at 09:06:50
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : Mike - TRON33
# Running from : C:\Documents and Settings\Mike\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

-\\ Mozilla Firefox v27.0 (en-US)

[ File : C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\6alscx3p.default-1391569677500\prefs.js ]

-\\ Google Chrome v

[ File : C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [1114 octets] - [24/03/2014 09:05:48]
AdwCleaner[s0].txt - [1042 octets] - [24/03/2014 09:06:50]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1102 octets] ##########

 

 

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Microsoft Windows XP x86
Ran by Mike on Mon 03/24/2014 at  9:16:17.73
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 03/24/2014 at  9:36:29.57
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

Secuirty Check did not run. Said, unsupported operating system, aborting.

Link to post
Share on other sites

 Results of screen317's Security Check version 0.99.81 
 Windows XP Service Pack 3 x86  
 Internet Explorer 8 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
McAfee Anti-Virus and Anti-Spyware  
 Antivirus up to date! 
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.75.0.1300 
 CCleaner    
 Java 7 Update 51 
 Adobe Flash Player  12.0.0.44 
 Adobe Reader XI 
 Mozilla Firefox (27.0)
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbamgui.exe 
 Malwarebytes' Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
 

Link to post
Share on other sites

Your system is clean now! :)

 

 

Uninstall our tools using delfix

Please follow these steps in order:

  1. In the case we used Defogger to turn off your CD emulation software. You can start it again and use the Enable button.
  2. In the case we used Combofix. Deactivate your antivirus software once more, then rename the combofix.exe to uninstall.exe and run it one last time. You shall be noted that Combofix has been removed.
  3. In any case please download delfix to your desktop.
    • Close all other programms and start delfix.
    • Please check all the boxes and run the tool.
    • delfix will now delete all found traces of our removal process

[*] If there is still something left please delete it manualy.

 

 

 

Defrag your hard drive
 
Your hard drive is heavily fragmented. This may result in performance losses. If it is NOT an SSD drive, use a tool like Auslogic DiskDefrag to defrag the drive.

 

 

 

Recommendations: How to protect yourself

  • System Updates
    Please ensure to have automatic updates activated in your control panel.
    For further information and a tutorial, see this Microsoft Support article.
  • Protection
    What you need is one (not more) virus scanner with background protection. Additionally I recommend a special malware scanner to run on demand weekly.
    Personally I am using avast! Antivirus Free Edition and Malwarebytes Anti-Malware. They offer good protection for free.
    • To keep your browser free of advertising, you may install the Adblock Plus browser extension.
      It will filter unwanted advertising out of the website´s content.
    • To protect yourself from accidentally visiting malicious web sites, install the Web of Trust (WOT) browser extension.
      It will display a green (safe), yellow (unknown) or red (potentially dangerous) icon for a visited website within your browser.
      In addition, before accessing a dangerous classified web site, a warning screen is displayed.


    [*]Up to date Software
    Keep your Windows and your third party software up to date. The easiest way to get infected is an outdated windows, followed by: browser(s) (including add-ons and plug-ins), Adobe Flash Player and Adobe Reader, Java Runtime Environment, your antivirus program and so on. These links may help you to check:

    [*]Backup
    Hardware issues, malware, fire, lightning strike: There is a long list of different ways to loose all your data. Back up your files regularly. Use the windows internal backup function or a third party tool and save your data onto an external hard drive, cloud storage, optical media like CDs or DVDs or (if available) a professional network backup system. [*]Behaviour
    The commonest error when using a computer is "error 80" - what means that the error is located about 80cm in front of the monitor. This is a common joke between IT support technicians but it shows that all the safety mechanisms won´t help if you aren´t careful enough.

    • While surfing the internet, don´t click on anything you don´t know. In the worst case, it infects your system with malware.
    • Watch your step in social networks! Many cyber criminals use them to spread malware, mine personal pata (to be sold to advertising companies, for example) or simply do damage to other users. Even if a received hyperlink within a message seems to be coming from one of your friends, have a closer look. In addition, don´t click everything.
    • When installing software, have a look to each of the setup windows and uncheck any additional toolbars or free programs that may be offered additionally. Most of today´s setup procedures contain potentially unwanted programs so keep them off your system.
    • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
      They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.



Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.