Jump to content

Need Help numerous: iexplore.exe's running along with dllhost.exe's


Recommended Posts

Howdy Georgi,

 

OK, the only two things I checked was device manager to see if things looked good in there. Surprise there was nothing but a blank page.  with this pop-up:  "Can't Collect Information"  "Cannot access the Windows Management Instruction Software"  "Windows Management files may be moved or missing".

 

MMC has detected an error in a Snap-in.  It is recommended that you shut down and restart MMC.

 

And this: McAfee hasn't been updating the .dat files. Even when manually telling it to "check for updates".  The engine just runs and runs with no results. So I went to the McAfee site, and ran their Virtual Tech, and it reported the following: "McAfee expected file not present:  C:\Program Files\McAfee\msk\install.rdf 

 

I did a search for: "Install.rdf "and found four that each of them had been quarantined. So this system truly was infected with some real bad apples.

 

Other than running much slower than usual, you did get rid of those dll.host & iexplore that kept cropping up in Task Manager faster than you could shake a stick at.  So that is great. 

 

OK I'll await until I hear back from you.

 

Georgi Thanks, I'm scratching my head now too... lol

 

Brownie

 

Link to post
Share on other sites

  • Replies 109
  • Created
  • Last Reply

Top Posters In This Topic

Hello Brownie,

 

OK, the only two things I checked was device manager to see if things looked good in there. Surprise there was nothing but a blank page.  with this pop-up:  "Can't Collect Information"  "Cannot access the Windows Management Instruction Software"  "Windows Management files may be moved or missing".

 

MMC has detected an error in a Snap-in.  It is recommended that you shut down and restart MMC.

 

 

Please do the following:

 

Please download Farbar Service Scanner and run it on the computer with the issue.

  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and past the results in your next reply.

 

 

Regards,

Georgi

Link to post
Share on other sites

Hi Georgi,

 

Darn, that went so quick I didn't think it had time to get any information, but it did.  Here are the results:

 

Farbar Service Scanner Version: 21-05-2014
Ran by Donny (administrator) on 29-05-2014 at 14:35:36
Running from "C:\Documents and Settings\Donny\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============
sharedaccess Service is not running. Checking service configuration:
The start type of sharedaccess service is OK.
The ImagePath of sharedaccess service is OK.
The ServiceDll of sharedaccess service is OK.

Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.

System Restore:
============
Srservice Service is not running. Checking service configuration:
The start type of Srservice service is OK.
The ImagePath of Srservice service is OK.
The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".

sr Service is not running. Checking service configuration:
The start type of sr service is set to Disabled. The default start type is Boot.
The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".

System Restore Disabled Policy:
========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=DWORD:1

Security Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) mfetdi2k(8) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

 

PS:  I made sure I  put a check in each of the boxes.

 

Thanks,

Brownie

Link to post
Share on other sites

Hello Brownie,

 

Let's try to fix the broken services.


Backup Your Registry

 


 

Now download the following files and save them to your desktop:

 

SharedAccess.reg

 

srservice.reg

 

sr.reg

 

wscsvc.reg

 

Wmi.reg

 

winmgmt.reg

Now double click on each of them one by one. An information box will pop up asking if you want to merge the information in the file into the registry, click YES.

 

  • Next please download the ESET ServicesRepair utility and save it to your Desktop.
  • Double-click ServicesRepair.exe to run the ESET ServicesRepair utility.

 

Next please download FixPolicies.exe and save to your Desktop.

You can ignore the warning about downloading this type of file.
Double-click FixPolicies.exe (this is a a self-extracting ZIP archive).
Click the "Install" button on the bottom toolbar of the box that will open.
The program will create a new Folder called FixPolicies.
Open the FixPolicies folder and double-click on Fix_Policies.cmd.
A black box will briefly appear and then close.
Restart your computer and then please post fresh log from Farbar Service Scanner.

 

 

Regards,

Georgi

Link to post
Share on other sites

Hi Georgi,

 

I'm sorry, I've been away for a couple of days, so I didn't get around to doing those last steps you posted yet. I wanted to let you know I'm back.

 

In answer to your question, yes I still need your help.

 

Of particular interest. Before I left, I figured I'd give Rougekiller another try. As soon as I clicked on run, it brought up IE which took me to their site and automatically downloaded their Latest version of Rougekiller.  I ran it to see if it would hang up. It didn't. It ran to the end. I didn't tell it to do anything other than to "Report"  and I have that report. It's a small report of it's findings.

 

Anyway, I'm asking if you'd like me to post those findings for you before we go into your last procedures you posted? And the reason for that is: It sounded to me as if getting that full scan using "Rougekiller" was indeed something you wanted to look at before going with anything else.

 

Let me know and I'll post those results, either on Pastebin or here, whichever you prefer. It's a small file.

 

Thanks again, and sorry for being away.

 

Brownie

 

 

 

  

Link to post
Share on other sites

Hello Brownie,

 

I am sorry about the delay. I had a busy day at the office.

 

I didn't tell it to do anything other than to "Report"

 

I am glad to see that the latest version of RogueKiller ran without any issues...I spoke with the developer and he said to me that the bugs were fixed. However I wanted to repair your broken services first. :)

Anyway please re-run RogueKiller again

Wait until Prescan has finished.
Click on Scan this time and post the log in your next reply.

Then proceed with the rest of the steps from my previous post. :)

 

 

Regards,

Georgi

Link to post
Share on other sites

Hey Georgi, welcome back too. lol

 

OK, I'll run Roguekiller and post the results.  I'll then get to those steps (in the order) you have written out.

 

Thanks again and welcome back. It appears that we both had a couple busy days at the office... lol

 

Brownie

Link to post
Share on other sites

Hi Georgi,

 

Here is the "Roguekiller" Report Log from the scan I just ran:

 

 

RogueKiller V9.0.1.0 [Jun  2 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Donny [Admin rights]
Mode : Scan -- Date : 06/04/2014  01:50:38

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0182971401845926mcinstcleanup -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0  -> FOUND
[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0  -> FOUND
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> FOUND

¤¤¤ Scheduled tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ HOSTS File : 1 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1       localhost

¤¤¤ Antirootkit : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST500DM002-1BC142 +++++
--- User ---
[MBR] a0165e2b47813a277956167ec94cd9ca
[bSP] a30a925bddbc7bf98c8a3183c2f5b5a2 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MB
User = LL1 ... OK
User = LL2 ... OK

============================================
RKreport_SCN_06012014_182921.log - RKreport_SCN_06042014_014305.log

 

 

Thanks again, Georgi

 

Brownie

Link to post
Share on other sites

Hi Georgi,

 

I meticulasly followed each of your steps right to the very letter. lol

Here is the last step (as in) a fresh log from: "Farbar Service Scanner" I made sure I checked each of the boxes

 

 

Farbar Service Scanner Version: 21-05-2014
Ran by Donny (administrator) on 04-06-2014 at 14:06:34
Running from "C:\Documents and Settings\Donny\Desktop"
Microsoft Windows XP Professional Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Other Services:
==============

File Check:
========
C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS\system32\netman.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\srsvc.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS\system32\qmgr.dll => MD5 is legit
C:\WINDOWS\system32\es.dll => MD5 is legit
C:\WINDOWS\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit

Extra List:
=======
Gpc(3) IPSec(5) mfetdi2k(8) NetBT(6) PSched(7) Tcpip(4)
0x080000000500000001000000020000000300000004000000080000000600000007000000
IpSec Tag value is correct.

**** End of log ****

 

PS: That was a whole lot easier and faster than it appeared to be when reading down the many steps.. A piece of cake actually..

 

Now that being done, with your permission, I'd like to "Uninstall McAfee" since it really isn't working as it should. Then after we get this done, I'll do a complete Reinstall of "McAfee"  I already learned from experience that you just can't uninstall it and then reinstall it, without going through a complete hassle over the user acct. license.  So you first have to use a TOOL from McAfee to totally rid your system of any signs of ever having had it installed. That tool then gives them what they need to know it's a legit acct., and all I have to do is download it from my acct with them, which is licensed for (5) computers under a yearly discounted fee. lol

 

Let me know if you feel that would be ok for me to do now.  I'll await your reply back before uninstalling it.  But why I'm saying that is, I believe there is a bad file (and I know it's missing an important file that was quarantined). So a clean install of that program is the only way to go. In the meantime, MBAM is doing a real fine job.

 

Of interest: There is a "Blank Document folder" that comes up on start up.  C:\Documents  It goes right off after clicking on the X, and doesn't come back up, unless I restart the machine or, boot up.

 

Thanks

Brownie

 

Thanks,

 

 

 

 

Link to post
Share on other sites

Hi Brownie,

 

Nice work. We managed to repair the damaged services. Can you check to see if the problem related to Device Manager is now fixed?

 

OK, the only two things I checked was device manager to see if things looked good in there. Surprise there was nothing but a blank page.  with this pop-up:  "Can't Collect Information"  "Cannot access the Windows Management Instruction Software"  "Windows Management files may be moved or missing".

 

 

 

Now that being done, with your permission, I'd like to "Uninstall McAfee" since it really isn't working as it should.
Let me know if you feel that would be ok for me to do now.

 

 

 

Sure, we still have some work to do, but I don't think that McAfee will interfere with the tools I am planning to have you run from now on. It's not a good idea to stay unprotected so go ahead and take care of McAfee. :)


 

Of interest: There is a "Blank Document folder" that comes up on start up.  C:\Documents  It goes right off after clicking on the X, and doesn't come back up, unless I restart the machine or, boot up.

 

Can you run a new scan with FRST and post the results in your next reply?

 

 

 

Regards,

Georgi

Link to post
Share on other sites

Hi Georgi,

 

The FRST Scan Log will be following this message:

 

PS: I first Uninstalled McAfee, Next, I Scanned it with "MBAM" and wow!  The total time for that scan with everything checked, was down to being only about 9 minutes, as compared to many hours previous to removing McAfee.  I then performed the FRST Scan.

 

Things are looking pretty good now, and yes!  We now have "Device Manager" back as well as everything else now working. My son's name is now back in "Task Manager" too. 

 

That Blank Window still comes up on "Boot or Reboot"  C:\Documents,  and there are a couple of items running in Task Manager, that are really eating up some resources.  One of the names is: "cidaemon.exe"  the 2nd is:  "cisvc.exe" and the 3rd is: "csrss.exe"  And when one of them is running it really eats up the resources. They'll each take turns running in succession with one another, bringing the computer to a halt, while you wait for it to get done. "Whatever they're doing".

 

There, you now have anything and everything that I felt you might want to know.  Hope that helps.

 

PS:  I'll have to post these logs one at a time, due to their sizes.  Next I'll wait for you to get back to me.

FRST Scan on it's way

 

Thanks again

Your friend

Brownie

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014
Ran by Donny (administrator) on DONNY-8E17D58B6 on 06-06-2014 15:08:31
Running from C:\Documents and Settings\Donny\Desktop
Platform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files\iRacing\iRacingService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [282624 2006-03-20] (SigmaTel, Inc.)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [8491008 2007-09-17] (NVIDIA Corporation)
HKLM\...\Run: [iSUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [iSUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Zune Launcher] => c:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [switchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [seagate Dashboard] => C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM\...\Run: [Memeo Instant Backup] => C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-04] (Memeo Inc.)
HKLM\...\Run: [Memeo AutoSync] => C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-04] (Memeo Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe [247968 2011-12-17] (Adobe Systems, Inc.)
HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-17] (Google Inc.)
HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [Google Update] => "C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [DellSystemDetect] => C:\Documents and Settings\Donny\Local Settings\Apps\2.0\63498J4G.OPT\9AQAPGQO.QBA\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-28] (Dell)
HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\MountPoints2: {7ce7db57-c569-11e2-8b1b-001676deffa7} - F:\VZW_Software_upgrade_assistant.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {D8CDAC95-B82F-4A59-B757-7D3B30676E1B} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
SearchScopes: HKCU - {D8CDAC95-B82F-4A59-B757-7D3B30676E1B} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -  No File
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No File
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - PasswordBox - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354481751750
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: geocomply.com/gc_browser_plugin_client_c - C:\PROGRA~1\888POK~1\bin\gc\npgc-browser-plugin-client-c.dll (GeoComply)
FF Plugin HKCU: geocomply.com/gc_browser_plugin_client_2_1_7 - C:\PROGRA~1\GEOCOM~1\GC-BRO~1\217~1.1\NPGC-B~1.DLL (GeoComply)
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-15]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome:
=======
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: http://search.yahoo.com/search?fr=mcafee&type=A211US0&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-23]
CHR Extension: (Google Drive) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-23]
CHR Extension: (PasswordBox) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdgldefdgecfggjdniencbihfhfnenke [2013-11-23]
CHR Extension: (YouTube) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-25]
CHR Extension: (Google Search) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-25]
CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-06-25]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-02-05]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-25]
CHR HKCU\...\Chrome\Extension: [bdgldefdgecfggjdniencbihfhfnenke] - C:\Documents and Settings\Donny\Local Settings\Application Data\PasswordBox\Chrome\extension [2013-04-27]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-02-05]

========================== Services (Whitelisted) =================

S2 0150511402065688mcinstcleanup; C:\Documents and Settings\Donny\Local Settings\Temp\0150511402065688mcinst.exe [836168 2014-03-13] (McAfee, Inc.)
R2 iRacingService; C:\Program Files\iRacing\iRacingService.exe [527016 2013-01-25] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-05-04] (Memeo)
R2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.)
S4 PasswordBox; C:\Program Files\PasswordBox\pbbtnService.exe [67584 2013-03-01] (PasswordBox, Inc.)
S3 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)
S4 ZuneBusEnum; c:\Program Files\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [26080 2012-10-08] (Wondershare)
S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1759584 2010-09-30] (Atheros Communications, Inc.)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions)
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions)
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions)
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions)
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions)
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions)
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions)
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions)
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions)
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-05-18] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-05-18] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-05-18] (HP)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-06] (Malwarebytes Corporation)
R1 MOBKFilter; C:\WINDOWS\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R0x01000000 papycpu2; C:\WINDOWS\System32\DRIVERS\papycpu2.sys [1984 2003-01-17] ()
R0x01000000 papyjoy; C:\WINDOWS\System32\DRIVERS\papyjoy.sys [1856 2003-01-17] ()
R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [187992 2001-04-13] (Roland)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1156648 2006-03-20] (SigmaTel, Inc.)
R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmHidLo; C:\WINDOWS\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
R3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
R2 zumbus; C:\WINDOWS\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation)
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

========================== Drivers MD5 =======================

C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17
C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\WINDOWS\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys 548CCBD8B48FDF7E2435AD6017920A7F
C:\WINDOWS\System32\DRIVERS\athuw.sys 3BC98A53C0ABE3FEB3B2B9B3BD9E7AA5
C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\WINDOWS\System32\DRIVERS\CCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025C
C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\WINDOWS\System32\DRIVERS\cdrom.sys 4B0A100EAF5C49EF3CCA8C641431EACC
C:\WINDOWS\system32\Drivers\cercsr6.sys 84853B3FD012251690570E9E7E43343F
C:\WINDOWS\System32\DRIVERS\ssudbus.sys B575C523F537F24D66D31F8877E6BCAB
C:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\WINDOWS\System32\DLA\DLABOIOM.SYS D8D58A84F3ECE3359DF95FD2E459B330
C:\WINDOWS\System32\Drivers\DLACDBHM.SYS EC6AE8BC9F773382D2EED49E4DFDAE2A
C:\WINDOWS\System32\DLA\DLADResN.SYS 27C78078BD9C4F2DE2AD3EB04BFE101B
C:\WINDOWS\System32\DLA\DLAIFS_M.SYS 7F2D93E560B763EF5D11422D78DA8ED0
C:\WINDOWS\System32\DLA\DLAOPIOM.SYS F643637DE6AAC57E38D197AA63D9EA74
C:\WINDOWS\System32\DLA\DLAPoolM.SYS 340705474807F57A46D59D18FC2959F1
C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 0605B66052F82B6F07204DBDB61C13FF
C:\WINDOWS\System32\DLA\DLAUDFAM.SYS 6984EA763907C045CE813468882BC587
C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 12B30C449CFD36ADBED53EB6560933C6
C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41
C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F
C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\WINDOWS\System32\Drivers\DRVMCDB.SYS FD0F95981FEF9073659D8EC58E40AA3C
C:\WINDOWS\System32\Drivers\DRVNDDM.SYS B4869D320428CDC5EC4D7F5E808E99B5
C:\WINDOWS\System32\DRIVERS\e1e5132.sys 00192F0C612591D585594E9467E6CA8B
C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3
C:\WINDOWS\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\WINDOWS\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 573C7D0A32852B48F3058CFD8026F511
C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\WINDOWS\System32\DRIVERS\HPZid412.sys D03D10F7DED688FECF50F8FBF1EA9B8A
C:\WINDOWS\System32\DRIVERS\HPZipr12.sys 89F41658929393487B6B7D13C8528CE3
C:\WINDOWS\System32\DRIVERS\HPZius12.sys ABCB05CCDBF03000354B9553820E39F8
C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys 77E4FF0B73BC0AEAAF39BF0C8104231F
C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 60E1604729A15EF4A3B05F298427B3B1
C:\WINDOWS\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38
C:\WINDOWS\system32\Drivers\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30
C:\WINDOWS\System32\DRIVERS\igxpmp32.sys 0674CE8AE167D830B871A99C677C5C59
C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B
C:\WINDOWS\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7
C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128
C:\WINDOWS\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99
C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\WINDOWS\system32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1
C:\WINDOWS\system32\drivers\mbam.sys 8683C1B450F4B3872839308D836E0F92
C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 12E71DA845D76665B56753AD149E32B3
C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys EEAEA6514BA7C9D273B5E87C4E1AAB30
C:\WINDOWS\System32\DRIVERS\mhndrv.sys 7F2F1D2815A6449D346FCCCBC569FBD6
C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\WINDOWS\System32\DRIVERS\MOBK.sys E896775837A8BCE436348DF460522394
C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1
C:\WINDOWS\System32\drivers\MODEMCSA.sys 1992E0D143B09653AB0F9C5E04B0FD65
C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04
C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685
C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0
C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\WINDOWS\System32\drivers\MSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1D
C:\WINDOWS\system32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5
C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DB
C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\System32\DRIVERS\NdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22
C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0
C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 5950E6CC9FB3FABB61604D395DBC8550
C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\WINDOWS\System32\DRIVERS\papycpu2.sys F5CF06754AE54D9D3353FC9C59BC4E04
C:\WINDOWS\System32\DRIVERS\papyjoy.sys B09A71E8E1E127455F3A2FE83D38851F
C:\WINDOWS\system32\Drivers\Parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C
C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1
C:\WINDOWS\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0
C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1
C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\WINDOWS\System32\Drivers\PxHelp20.sys 7C81AE3C9B82BA2DA437ED4D31BC56CF
C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\WINDOWS\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1
C:\WINDOWS\system32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7
C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5
C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys 93F66FAEA8BF047D4242AC85AADA403D
C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\WINDOWS\system32\Drivers\Serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7
C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\WINDOWS\System32\DRIVERS\SLIP.sys 866D538EBE33709A5C9F5C62B73B7D14
C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D
C:\WINDOWS\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7
C:\WINDOWS\System32\DRIVERS\ssadbus.sys 64E44ACD8C238FCBBB78F0BA4BDC4B05
C:\WINDOWS\System32\DRIVERS\ssadmdfl.sys BB2C84A15C765DA89FD832B0E73F26CE
C:\WINDOWS\System32\DRIVERS\ssadmdm.sys 6D0D132DDC6F43EDA00DCED6D8B1CA31
C:\WINDOWS\System32\drivers\sthda.sys 797FCC1D859B203958E915BB82528DA9
C:\WINDOWS\System32\DRIVERS\StreamIP.sys 77813007BA6265C4B6098187E6ED79D2
C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\WINDOWS\System32\drivers\usbaudio.sys 65898A183FBF1D1F7759D5CCB364DCD4
C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FC
C:\WINDOWS\System32\DRIVERS\usbehci.sys 4BAC8DF07F1D8434FC640E677A62204E
C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00
C:\WINDOWS\System32\DRIVERS\usbscan.sys F8EDE2B6928970DCE3D5614C27D9E7F6
C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9
C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6
C:\WINDOWS\System32\Drivers\usbvideo.sys 813236B1183CFCF289E367BD5DE6E29E
C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025
C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\WINDOWS\System32\Drivers\wdf01000.sys D918617B46457B9AC28027722E30F647
C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F
C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys F59ED5A43B988A18EF582BB07B2327A7
C:\WINDOWS\System32\DRIVERS\WinUSB.sys 30FC6E5448D0CBAAA95280EEEF7FEDAE
C:\WINDOWS\System32\drivers\WmBEnum.sys 5D410936831F7FB58EFF941EAC3F6D3D
C:\WINDOWS\System32\drivers\WmFilter.sys 7A13CFDE92956CA61A0927D766C5AD4F
C:\WINDOWS\System32\drivers\WmHidLo.sys 1F596392149CAC51F7C095AF7D533934
C:\WINDOWS\System32\drivers\WmVirHid.sys 6F04646BC690F8BBFC344BE32A60796D
C:\WINDOWS\System32\drivers\WmXlCore.sys 1D6CA43D562333F4DFB40BCEF2453F3A
C:\WINDOWS\System32\DRIVERS\wpdusb.sys CF4DEF1BF66F06964DC0D91844239104
C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS C98B39829C2BBD34E454150633C62C78
C:\WINDOWS\System32\DRIVERS\WudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311
C:\WINDOWS\System32\DRIVERS\wudfrd.sys 28B524262BCE6DE1F7EF9F510BA3985B
C:\WINDOWS\System32\DRIVERS\zumbus.sys AE279CD76B38FC079EEC3CA6D65A5926

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2014-06-06 15:08 - 2014-06-06 15:11 - 00032448 _____ () C:\Documents and Settings\Donny\Desktop\FRST.txt
2014-06-06 15:08 - 2014-06-06 15:08 - 00000000 ____D () C:\Documents and Settings\Donny\Desktop\FRST-OlderVersion
2014-06-06 14:57 - 2014-06-06 14:57 - 00001068 _____ () C:\Documents and Settings\Donny\Desktop\MBAM Scan 6_6_2014.txt
2014-06-06 10:30 - 2014-06-06 10:31 - 03218352 _____ (McAfee, Inc.) C:\Documents and Settings\Donny\Desktop\MCPR.exe
2014-06-04 14:09 - 2014-06-04 14:09 - 00002233 _____ () C:\Documents and Settings\Donny\Desktop\FSS2.txt
2014-06-04 13:32 - 2008-02-28 11:50 - 00000000 ____D () C:\Documents and Settings\Donny\Desktop\FixPolicies
2014-06-04 13:30 - 2014-06-04 13:30 - 00185065 _____ () C:\Documents and Settings\Donny\Desktop\FixPolicies.exe
2014-06-04 13:06 - 2014-06-04 13:07 - 00000000 ____D () C:\Documents and Settings\All Users\Desktop\CC Support
2014-06-04 12:19 - 2014-06-04 12:19 - 04009167 _____ () C:\Documents and Settings\Donny\Desktop\ServicesRepair.exe
2014-06-04 12:18 - 2014-06-04 12:18 - 00004576 _____ () C:\Documents and Settings\Donny\Desktop\winmgmt.reg
2014-06-04 12:17 - 2014-06-04 12:17 - 00003658 _____ () C:\Documents and Settings\Donny\Desktop\wscsvc.reg
2014-06-04 12:17 - 2014-06-04 12:17 - 00003274 _____ () C:\Documents and Settings\Donny\Desktop\Wmi.reg
2014-06-04 12:16 - 2014-06-04 12:16 - 00003774 _____ () C:\Documents and Settings\Donny\Desktop\srservice.reg
2014-06-04 12:16 - 2014-06-04 12:16 - 00002824 _____ () C:\Documents and Settings\Donny\Desktop\sr.reg
2014-06-04 12:14 - 2014-06-04 12:15 - 00005848 _____ () C:\Documents and Settings\Donny\Desktop\SharedAccess.reg
2014-06-04 12:10 - 2014-06-04 12:10 - 00000000 ____D () C:\RegBackup
2014-06-04 12:08 - 2014-06-04 12:08 - 00001876 _____ () C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
2014-06-04 12:08 - 2014-06-04 12:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-06-04 12:03 - 2014-06-04 12:03 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-06-04 12:01 - 2014-06-04 12:01 - 04057608 _____ () C:\Documents and Settings\Donny\Desktop\tweaking.com_registry_backup_setup.exe
2014-06-04 01:54 - 2014-06-04 01:54 - 00001672 _____ () C:\Documents and Settings\Donny\Desktop\RKreport_SCN_06042014_015038.log
2014-06-02 15:50 - 2014-06-02 15:50 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-06-01 19:14 - 2014-06-01 19:14 - 00001451 _____ () C:\Documents and Settings\Donny\Desktop\RKreport_SCN_06012014_182921.log
2014-06-01 18:19 - 2014-06-04 01:41 - 00026624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-06-01 18:19 - 2014-06-01 18:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-05-31 19:19 - 2014-06-04 14:06 - 00002233 _____ () C:\Documents and Settings\Donny\Desktop\FSS.txt
2014-05-29 14:25 - 2014-06-04 14:04 - 00410112 _____ (Farbar) C:\Documents and Settings\Donny\Desktop\FSS.exe
2014-05-28 18:20 - 2014-05-28 18:20 - 00000000 ____D () C:\Documents and Settings\Donny\Start Menu\Programs\Dell
2014-05-28 17:59 - 2014-05-28 17:59 - 00000000 ____D () C:\temp
2014-05-28 17:59 - 2014-05-28 17:59 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\PCDr
2014-05-28 15:07 - 2014-05-28 15:07 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2014-05-25 01:19 - 2014-05-25 03:32 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-25 01:00 - 2014-05-25 01:00 - 04165472 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Donny\Desktop\tdsskiller.exe
2014-05-24 11:00 - 2014-06-04 01:40 - 04673536 _____ () C:\Documents and Settings\Donny\Desktop\RogueKiller.exe
2014-05-23 10:37 - 2014-06-06 15:11 - 00000000 ____D () C:\Documents and Settings\Donny\Local Settings\Temp
2014-05-22 17:39 - 2014-05-22 17:39 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-22 17:39 - 2014-05-22 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-22 17:39 - 2014-05-22 17:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-22 17:39 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-22 17:39 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-22 17:33 - 2014-05-22 17:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Donny\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-22 17:30 - 2014-06-06 15:08 - 01063424 _____ (Farbar) C:\Documents and Settings\Donny\Desktop\FRST.exe
2014-05-21 12:16 - 2014-05-21 12:16 - 00016419 _____ () C:\Documents and Settings\Donny\Desktop\MVTHealthCheck_Deviation.html
2014-05-21 11:56 - 2014-05-21 11:56 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\McAfee
2014-05-20 14:40 - 2014-05-20 16:47 - 00000000 ____D () C:\AdwCleaner
2014-05-17 03:52 - 2014-05-17 03:52 - 00000000 ____D () C:\Program Files\ESET
2014-05-16 14:04 - 2014-05-23 00:37 - 00000000 _____ () C:\prefs.js
2014-05-16 13:28 - 2014-06-06 15:08 - 00000000 ____D () C:\FRST
2014-05-16 13:24 - 2014-06-06 14:37 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 12:14 - 2014-05-16 12:14 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\4D27306B.sys
2014-05-15 01:06 - 2014-05-15 12:13 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\09EB3FCF.sys
2014-05-15 00:34 - 2014-05-16 12:13 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-05-12 14:12 - 2014-05-12 14:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Sun
2014-05-12 14:12 - 2014-05-12 14:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-05-12 14:08 - 2014-05-12 14:08 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-05-10 14:56 - 2014-05-10 14:56 - 00000000 ___HD () C:\WINDOWS\PIF
2014-05-08 12:36 - 2014-05-08 12:36 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2014-05-07 16:05 - 2014-05-08 18:29 - 00000664 _____ () C:\Documents and Settings\Donny\Local Settings\Application Data\d3d9caps.dat

==================== One Month Modified Files and Folders =======

2014-06-06 15:11 - 2014-06-06 15:08 - 00032448 _____ () C:\Documents and Settings\Donny\Desktop\FRST.txt
2014-06-06 15:11 - 2014-05-23 10:37 - 00000000 ____D () C:\Documents and Settings\Donny\Local Settings\Temp
2014-06-06 15:08 - 2014-06-06 15:08 - 00000000 ____D () C:\Documents and Settings\Donny\Desktop\FRST-OlderVersion
2014-06-06 15:08 - 2014-05-22 17:30 - 01063424 _____ (Farbar) C:\Documents and Settings\Donny\Desktop\FRST.exe
2014-06-06 15:08 - 2014-05-16 13:28 - 00000000 ____D () C:\FRST
2014-06-06 14:57 - 2014-06-06 14:57 - 00001068 _____ () C:\Documents and Settings\Donny\Desktop\MBAM Scan 6_6_2014.txt
2014-06-06 14:40 - 2011-12-17 16:10 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-06 14:40 - 2011-12-17 16:10 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-06 14:37 - 2014-05-16 13:24 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-06-06 14:32 - 2011-12-12 01:56 - 00000000 ____D () C:\WINDOWS\Registration
2014-06-06 14:31 - 2011-12-12 01:58 - 01772707 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-06 14:30 - 2011-12-11 20:47 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-06-06 14:30 - 2011-12-11 20:47 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-06-06 14:29 - 2014-03-21 22:50 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-06-06 14:29 - 2011-12-12 02:02 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-06 10:51 - 2011-12-12 02:02 - 00032656 _____ () C:\WINDOWS\SchedLgU.Txt
2014-06-06 10:31 - 2014-06-06 10:30 - 03218352 _____ (McAfee, Inc.) C:\Documents and Settings\Donny\Desktop\MCPR.exe
2014-06-06 09:55 - 2004-08-10 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-06-04 14:09 - 2014-06-04 14:09 - 00002233 _____ () C:\Documents and Settings\Donny\Desktop\FSS2.txt
2014-06-04 14:06 - 2014-05-31 19:19 - 00002233 _____ () C:\Documents and Settings\Donny\Desktop\FSS.txt
2014-06-04 14:04 - 2014-05-29 14:25 - 00410112 _____ (Farbar) C:\Documents and Settings\Donny\Desktop\FSS.exe
2014-06-04 13:30 - 2014-06-04 13:30 - 00185065 _____ () C:\Documents and Settings\Donny\Desktop\FixPolicies.exe
2014-06-04 13:07 - 2014-06-04 13:06 - 00000000 ____D () C:\Documents and Settings\All Users\Desktop\CC Support
2014-06-04 12:19 - 2014-06-04 12:19 - 04009167 _____ () C:\Documents and Settings\Donny\Desktop\ServicesRepair.exe
2014-06-04 12:18 - 2014-06-04 12:18 - 00004576 _____ () C:\Documents and Settings\Donny\Desktop\winmgmt.reg
2014-06-04 12:17 - 2014-06-04 12:17 - 00003658 _____ () C:\Documents and Settings\Donny\Desktop\wscsvc.reg
2014-06-04 12:17 - 2014-06-04 12:17 - 00003274 _____ () C:\Documents and Settings\Donny\Desktop\Wmi.reg
2014-06-04 12:16 - 2014-06-04 12:16 - 00003774 _____ () C:\Documents and Settings\Donny\Desktop\srservice.reg
2014-06-04 12:16 - 2014-06-04 12:16 - 00002824 _____ () C:\Documents and Settings\Donny\Desktop\sr.reg
2014-06-04 12:15 - 2014-06-04 12:14 - 00005848 _____ () C:\Documents and Settings\Donny\Desktop\SharedAccess.reg
2014-06-04 12:11 - 2013-09-19 23:09 - 00496222 _____ () C:\WINDOWS\setupapi.log
2014-06-04 12:11 - 2011-12-11 20:39 - 00000000 ____D () C:\WINDOWS\repair
2014-06-04 12:10 - 2014-06-04 12:10 - 00000000 ____D () C:\RegBackup
2014-06-04 12:08 - 2014-06-04 12:08 - 00001876 _____ () C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk
2014-06-04 12:08 - 2014-06-04 12:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com
2014-06-04 12:03 - 2014-06-04 12:03 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-06-04 12:01 - 2014-06-04 12:01 - 04057608 _____ () C:\Documents and Settings\Donny\Desktop\tweaking.com_registry_backup_setup.exe
2014-06-04 02:00 - 2011-12-24 03:45 - 00000342 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-DONNY-8E17D58B6-Donny.job
2014-06-04 01:54 - 2014-06-04 01:54 - 00001672 _____ () C:\Documents and Settings\Donny\Desktop\RKreport_SCN_06042014_015038.log
2014-06-04 01:41 - 2014-06-01 18:19 - 00026624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
2014-06-04 01:40 - 2014-05-24 11:00 - 04673536 _____ () C:\Documents and Settings\Donny\Desktop\RogueKiller.exe
2014-06-03 05:50 - 2012-12-02 18:30 - 01703936 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-06-03 03:45 - 2011-12-12 02:02 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp
2014-06-02 18:54 - 2011-12-28 19:15 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-06-02 16:24 - 2014-05-06 20:12 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-06-02 15:50 - 2014-06-02 15:50 - 00000000 ____D () C:\WINDOWS\system32\cos
2014-06-01 19:14 - 2014-06-01 19:14 - 00001451 _____ () C:\Documents and Settings\Donny\Desktop\RKreport_SCN_06012014_182921.log
2014-06-01 18:19 - 2014-06-01 18:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller
2014-05-31 19:23 - 2011-12-11 20:44 - 00313446 _____ () C:\WINDOWS\setupact.log
2014-05-30 09:48 - 2011-12-12 02:02 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-05-30 00:03 - 2011-12-12 01:57 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-05-28 19:19 - 2013-12-06 13:00 - 00000000 ____D () C:\Documents and Settings\Donny\My Documents\888PokerNJ
2014-05-28 18:20 - 2014-05-28 18:20 - 00000000 ____D () C:\Documents and Settings\Donny\Start Menu\Programs\Dell
2014-05-28 18:20 - 2012-06-25 13:49 - 00000000 ____D () C:\Documents and Settings\Donny\Local Settings\Application Data\Deployment
2014-05-28 17:59 - 2014-05-28 17:59 - 00000000 ____D () C:\temp
2014-05-28 17:59 - 2014-05-28 17:59 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\PCDr
2014-05-28 16:21 - 2011-12-12 16:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories
2014-05-28 15:30 - 2011-12-12 02:05 - 00000178 ___SH () C:\Documents and Settings\Donny\ntuser.ini
2014-05-28 15:22 - 2014-05-06 15:01 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-05-28 15:19 - 2014-05-06 19:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2014-05-28 15:07 - 2014-05-28 15:07 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2014-05-28 15:07 - 2014-05-06 15:01 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-05-26 11:07 - 2011-12-15 02:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960859_0$
2014-05-25 03:32 - 2014-05-25 01:19 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-05-25 01:00 - 2014-05-25 01:00 - 04165472 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Donny\Desktop\tdsskiller.exe
2014-05-24 15:02 - 2011-12-12 02:02 - 00000178 ___SH () C:\Documents and Settings\NetworkService\ntuser.ini
2014-05-24 15:01 - 2011-12-12 02:02 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
2014-05-24 10:57 - 2013-11-23 13:43 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-05-23 00:37 - 2014-05-16 14:04 - 00000000 _____ () C:\prefs.js
2014-05-22 17:39 - 2014-05-22 17:39 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-22 17:39 - 2014-05-22 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-22 17:39 - 2014-05-22 17:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-22 17:33 - 2014-05-22 17:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Donny\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-21 12:16 - 2014-05-21 12:16 - 00016419 _____ () C:\Documents and Settings\Donny\Desktop\MVTHealthCheck_Deviation.html
2014-05-21 11:56 - 2014-05-21 11:56 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\McAfee
2014-05-20 16:47 - 2014-05-20 14:40 - 00000000 ____D () C:\AdwCleaner
2014-05-17 03:52 - 2014-05-17 03:52 - 00000000 ____D () C:\Program Files\ESET
2014-05-16 12:14 - 2014-05-16 12:14 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\4D27306B.sys
2014-05-16 12:13 - 2014-05-15 00:34 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-05-16 12:10 - 2014-03-20 21:16 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\Malwarebytes
2014-05-15 19:55 - 2013-07-14 11:33 - 00000144 ___RH () C:\Documents and Settings\Donny\Desktop\Stinger.opt
2014-05-15 19:55 - 2013-07-14 09:00 - 00000000 ____D () C:\Program Files\stinger
2014-05-15 19:51 - 2013-07-14 09:03 - 00000000 ____D () C:\Stinger_Quarantine
2014-05-15 19:31 - 2011-12-15 12:17 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-05-15 12:50 - 2011-12-15 13:08 - 00000000 ____D () C:\Program Files\Java
2014-05-15 12:13 - 2014-05-15 01:06 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\09EB3FCF.sys
2014-05-15 01:14 - 2012-12-25 13:13 - 00000000 ____D () C:\WINDOWS\pss
2014-05-15 01:14 - 2011-12-11 20:43 - 00000209 ___SH () C:\boot.ini
2014-05-15 01:14 - 2004-08-10 07:00 - 00000542 _____ () C:\WINDOWS\win.ini
2014-05-15 01:14 - 2004-08-10 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-05-15 00:30 - 2014-03-20 21:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-12 14:12 - 2014-05-12 14:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Sun
2014-05-12 14:12 - 2014-05-12 14:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-05-12 14:08 - 2014-05-12 14:08 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-05-12 07:26 - 2014-05-22 17:39 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-22 17:39 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-10 14:56 - 2014-05-10 14:56 - 00000000 ___HD () C:\WINDOWS\PIF
2014-05-09 22:39 - 2011-12-11 20:39 - 00000000 ____D () C:\WINDOWS\Help
2014-05-08 18:29 - 2014-05-07 16:05 - 00000664 _____ () C:\Documents and Settings\Donny\Local Settings\Application Data\d3d9caps.dat
2014-05-08 17:18 - 2011-12-12 02:02 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-05-08 17:05 - 2014-03-21 22:50 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-08 12:36 - 2014-05-08 12:36 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2014-05-07 17:44 - 2011-12-15 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980232$
2014-05-07 04:21 - 2011-12-15 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978601$

Some content of TEMP:
====================
C:\Documents and Settings\Donny\Local Settings\Temp\0150511402065688mcinst.exe
C:\Documents and Settings\Donny\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\Donny\Local Settings\Temp\{E878B0AB-1064-44D0-95DB-53EC005C2346}.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

Link to post
Share on other sites

Here is: "Additional txt":

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-06-2014
Ran by Donny at 2014-06-06 15:12:13
Running from C:\Documents and Settings\Donny\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4500_G510gm_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
888pokerNJ (HKLM\...\888pokerNJ) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM\...\{3EB745BA-194F-4475-9164-B20BB2172395}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8153ED9A-C94A-426E-9880-5E6775C08B62}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BorgataPoker (HKLM\...\BorgataPoker) (Version:  - theBorgata)
BovadaPoker (HKLM\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
ESPNMotion (HKLM\...\ESPNMotion) (Version: 2.1.6.0011 - ESPN Internet Ventures)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Free YouTube to MP3 Converter version 3.12.33.424 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.33.424 - DVDVideoSoft Ltd.)
FrostWire 5.3.8 (HKLM\...\FrostWire 5) (Version: 5.3.8.0 - FrostWire Team)
GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version:  - )
GeoComply Browser Plugin (HKLM\...\{31575B33-1F39-46C6-970F-3E2C45EF9DA8}) (Version: 2.1.7.1 - GeoComply)
Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
InfraRecorder (HKLM\...\InfraRecorder) (Version:  - Christian Kindahl)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections (HKLM\...\{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}) (Version:  - Dell)
iRacing.com Race Simulation (HKLM\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0383 - iRacing.com Motorsport Simulations)
iTunes (HKLM\...\{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}) (Version: 10.5.2.11 - Apple Inc.)
Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
MAGIX Music Maker 17 Premium Download Version (HKLM\...\MAGIX_MSI_mm17dlx) (Version: 17.0.2.6 - MAGIX AG)
MAGIX Music Maker 17 Premium Download Version (Version: 17.0.2.6 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM\...\{4881B1D9-55E6-4F61-A76E-5836F12D3536}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM\...\{FEE404D1-832A-48CA-8E2D-18830DE449CB}) (Version: 7.0.1.27 - MAGIX AG)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Online Backup (Version:  - McAfee, Inc.) Hidden
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
Memeo AutoSync (HKLM\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version:  - Memeo Inc.)
Memeo Instant Backup (HKLM\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version:  - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}) (Version: 6.00.3883.15 - Microsoft Corporation)
NASCAR® Racing 2003 Season (HKLM\...\{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}) (Version:  - Sierra Entertainment)
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
nj.partypoker (HKLM\...\partypokerNJ) (Version:  - partyNJ)
NJ.WSOP.com (HKLM\...\NJ.WSOP.com) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
PasswordBox (HKLM\...\PasswordBox) (Version: 1.21.3.2423 - PasswordBox, Inc.)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PG Music DirectX Plugins 1.3.4.1 (HKLM\...\PG Music DirectX Plugins_is1) (Version:  - PG Music Inc.)
Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PS3 Media Server (HKLM\...\PS3 Media Server) (Version: 1.90.0 - PS3 Media Server)
RealDrums Bonus Set (HKLM\...\bb_is1) (Version:  - PG Music Inc.)
Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
Roxio MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.6 - Roxio)
Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4803.0 - SigmaTel)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SuperNZB v4.0.6 (HKLM\...\SuperNZB_is1) (Version:  - )
TempoPerfect Metronome Software (HKLM\...\TempoPerfect) (Version:  - NCH Software)
Tenorshare Photo Recovery  (HKLM\...\Tenorshare Photo Recovery) (Version:  - Tenorshare, Inc.)
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Tweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Media Player 10 (KB913800) (Version:  - Microsoft Corporation) Hidden
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM\...\{3AC82D10-23DD-48F7-9E4A-FBD3792F2655}) (Version: 2.14.0307 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM\...\{B7C5C35E-E750-4D09-BD2E-381D10124CBB}) (Version: 2.14.0305 - Samsung Electronics Co., Ltd.)
Video Download Capture V4.3.5 (HKLM\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.3.5 - Apowersoft)
Virtual Sound Canvas DXi (HKLM\...\{745877DC-8FFE-4E4C-ABBC-589B887A47D1}) (Version:  - )
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0 - Microsoft Corporation) Hidden
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Connect (Version:  - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Media Player Packages (HKCU\...\Windows Media Player Packages) (Version:  - ) <==== ATTENTION
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

30-05-2014 04:04:01 System Checkpoint

==================== Hosts content: ==========================

2004-08-10 07:00 - 2004-08-10 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-DONNY-8E17D58B6-Donny.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2004-08-10 07:00 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll
2004-08-10 07:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll
2004-08-10 07:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll
2004-08-10 07:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2010-04-13 21:11 - 2010-04-13 21:11 - 00077624 _____ () C:\Program Files\McAfee Online Backup\librs2.dll

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00512310.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\34865341.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00512310.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\34865341.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^Donny^Start Menu^Programs^Startup^Verizon Wireless Software Utility Application for Android – Samsung.lnk => C:\WINDOWS\pss\Verizon Wireless Software Utility Application for Android – Samsung.lnkStartup

==================== Faulty Device Manager Devices =============

Name: Standard floppy disk controller
Description: Standard floppy disk controller
Class Guid: {4D36E969-E325-11CE-BFC1-08002BE10318}
Manufacturer: (Standard floppy disk controllers)
Service: fdc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (06/06/2014 10:01:08 AM) (Source: VSS) (EventID: 12302) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers.  Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.

Error: (06/04/2014 01:51:13 PM) (Source: VSS) (EventID: 12302) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers.  Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.

Error: (06/04/2014 11:12:13 AM) (Source: VSS) (EventID: 12302) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers.  Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.

Error: (06/04/2014 01:27:20 AM) (Source: VSS) (EventID: 12302) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers.  Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.

Error: (06/03/2014 11:50:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application McSvHost.exe, version 3.8.703.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [McSvHost.exe!ws!]

Error: (06/03/2014 07:15:58 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (06/03/2014 07:15:58 PM) (Source: crypt32) (EventID: 8) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (06/02/2014 02:44:47 PM) (Source: VSS) (EventID: 12302) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers.  Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.

Error: (06/01/2014 07:07:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application DellSystemDetect.exe, version 5.7.0.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/31/2014 06:45:50 PM) (Source: VSS) (EventID: 12302) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers.  Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.

System errors:
=============
Error: (06/06/2014 02:37:45 PM) (Source: DCOM) (EventID: 10005) (User: DONNY-8E17D58B6)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/06/2014 02:32:45 PM) (Source: DCOM) (EventID: 10005) (User: DONNY-8E17D58B6)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/06/2014 02:32:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Application Installer Cleanup (0150511402065688) service terminated unexpectedly.  It has done this 1 time(s).

Error: (06/06/2014 02:32:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Timeout (120000 milliseconds) waiting for a transaction response from the MBAMService service.

Error: (06/06/2014 02:29:51 PM) (Source: DCOM) (EventID: 10005) (User: DONNY-8E17D58B6)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/06/2014 02:29:51 PM) (Source: DCOM) (EventID: 10005) (User: DONNY-8E17D58B6)
Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""
in order to run the server:
{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error: (06/06/2014 02:29:33 PM) (Source: 0) (EventID: 1) (User: )
Description: 0xC0000034_filelst.cfgHarddiskVolume1

Error: (06/06/2014 10:51:19 AM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_MFEHIDK\0000 disappeared from the system without first being prepared for removal.

Error: (06/06/2014 10:51:19 AM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_MFEBOPK\0000 disappeared from the system without first being prepared for removal.

Error: (06/06/2014 10:51:19 AM) (Source: PlugPlayManager) (EventID: 11) (User: )
Description: The device Root\LEGACY_MFEAVFK\0000 disappeared from the system without first being prepared for removal.

Microsoft Office Sessions:
=========================
Error: (06/06/2014 10:01:08 AM) (Source: VSS) (EventID: 12302) (User: )
Description:

Error: (06/04/2014 01:51:13 PM) (Source: VSS) (EventID: 12302) (User: )
Description:

Error: (06/04/2014 11:12:13 AM) (Source: VSS) (EventID: 12302) (User: )
Description:

Error: (06/04/2014 01:27:20 AM) (Source: VSS) (EventID: 12302) (User: )
Description:

Error: (06/03/2014 11:50:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: McSvHost.exe3.8.703.0unknown0.0.0.000000000

Error: (06/03/2014 07:15:58 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (06/03/2014 07:15:58 PM) (Source: crypt32) (EventID: 8) (User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (06/02/2014 02:44:47 PM) (Source: VSS) (EventID: 12302) (User: )
Description:

Error: (06/01/2014 07:07:57 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: DellSystemDetect.exe5.7.0.6hungapp0.0.0.000000000

Error: (05/31/2014 06:45:50 PM) (Source: VSS) (EventID: 12302) (User: )
Description:

==================== Memory info ===========================

Percentage of memory in use: 24%
Total physical RAM: 3069.86 MB
Available physical RAM: 2324.14 MB
Total Pagefile: 4433.58 MB
Available Pagefile: 3833.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.3 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:50.83 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 47314730)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

PS: It also produced another scan called: "Shortcuts" If you need it too, just let me know..

 

I'll wait for your next reply back.

 

Thanks, we're getting there.  lol

Your friend,

Brownie

Link to post
Share on other sites

Hello Brownie,

 

PS: I first Uninstalled McAfee, Next, I Scanned it with "MBAM" and wow!  The total time for that scan with everything checked, was down to being only about 9 minutes, as compared to many hours previous to removing McAfee.  I then performed the FRST Scan.

Yeah, MBAM is faster than the most antivirus programs but however keep in mind that MBAM is not an antivirus program and also when used in "Threat Scan" mode MBAM don't have to scan every file on the computer and that help it do its job faster. :)

 

Things are looking pretty good now, and yes!  We now have "Device Manager" back as well as everything else now working. My son's name is now back in "Task Manager" too.

That's great! Good to know that! :)

 

That Blank Window still comes up on "Boot or Reboot"  C:\Documents,  and there are a couple of items running in Task Manager, that are really eating up some resources.  One of the names is: "cidaemon.exe"  the 2nd is:  "cisvc.exe" and the 3rd is: "csrss.exe"  And when one of them is running it really eats up the resources. They'll each take turns running in succession with one another, bringing the computer to a halt, while you wait for it to get done. "Whatever they're doing".

We may need to use a different approach to catch this because I don't see any suspicious startup entries in the latest FRST log that may cause this but I have something in mind that may help resolving the issue.

As for the processes - they are legit. They are a part of the Indexing service in Windows XP. Try to get rid of them this way:

Go to => Start => Control Panel => Add or Remove Programs => Add/Remove Windows Components button on left hand side scroll down to and uncheck "Indexing Service" => click on the Next button and then on Finish. Close Add or Remove Programs.

Next go to => Start => Run => type in services.msc and hit OK => scroll down to and double click Indexing Service => Click the Stop button and from the dropdown menu in the Startup type field, select Disabled => click the Apply button and then select OK. After you restart your machine they should be gone.

You can also improve your computer performance by following the steps below:

Use Disk Cleanup to delete files you no longer need and reclaim storage space on your computer.

Open Disk Cleanup by clicking the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Cleanup.

If the Disk Cleanup: Drive Selection dialog box appears, select the hard disk drive that you want to clean up, and then click OK.

Click the Disk Cleanup tab, and then select the check boxes for the files you want to delete.

When you finish selecting the files you want to delete, click OK, and then click Delete files to confirm the operation. Disk Cleanup proceeds to remove all unnecessary files from your computer.



You can use Disk Defragmenter to rearrange files and unused space on your hard disk so that programs run faster

Please Open Disk Defragmenter by clicking the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Defragmenter

Select the drive you want to Defragment (the drive where Windows is installed).

Click Defragment Now.



Use MSConfig to disable any processes that you do not want running in the background of the computer.

Please type msconfig in the start menu, then hit enter.

Go to the startup tab and then uncheck any programs that you don't need to load with Windows like these:

NvCplDaemon
ISUSScheduler
ISUSPM Startup
ehTray
DLA
Zune Launcher
SwitchBoard
AdobeCS5ServiceManager
AdobeAAMUpdater-1.0
Adobe ARM
FlashPlayerUpdate
WMPNSCFG
AdobeBridge
swg
MSMSGS

Click the "Apply" button and click "OK" to close the MSCONFIG window.

Restart your computer to save the changes you made to the Startup.

You might have a popup window when you log on. This is typical. Just click ok. You can also make the popup window not come up anymore by checking the box there.

The programs you removed will no longer automatically launch once Windows starts up. You can always revert the changes at a later stage if some of your applications require them...

 

Also I guess that disabling the ISUSScheduler and ISUSPM startup entries will resolve the issue with the blank folder on reboot. Let me know! :)

Also It's a good idea to install the drivers for the chipset: (the SM Bus Controller) driver is missing!
 

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Let me know if you need assistance in finding the correct driver(s) for your computer.
 

Also I noticed an error that prevents VSS to do its job. Volume Shadow Copy is imporant to backup.

 

Error: (06/06/2014 10:01:08 AM) (Source: VSS) (EventID: 12302) (User: )
Description: Volume Shadow Copy Service error: An internal inconsistency was detected in trying
to contact shadow copy service writers.  Please check to see that the Event Service
and Volume Shadow Copy Service are operating properly.

 

Check this out

So please click Start Menu > Run => type in CMD and hit OK

Copy/paste the following text at the command prompt and press enter after each line:

vssadmin list writers >>c:\report1.txt

vssadmin list providers >>c:\report2.txt

vssadmin list shadows >>c:\report3.txt

fltmc >>c:\report4.txt

and attach the logs c:\report1.txt, report2.txt, report3.txt and report4.txt to your next reply.

 

 

 

Regards,

Georgi

Link to post
Share on other sites

Hi Georgi,

 

I'll follow the list you sent and let you know how it goes.  I'm familiar with most all of it, so I have a good grip on that, so it ought to go smooth.

 

Of (I think) great importance for you to know:  I knew that system had to have some powerful infections in it, since before I came on here to get help, I'd checked over all the things I could and the one thing I noticed was the fact that most everything had been "Disabled" when I ran: "Services.msc"

 

Concerning the "Disabled Floppy Drive" this is why that's reported as being Disabled... McAfee sent an Update out to folks a couple of months back, that had bugs in it.  After the computers started up they would keep accessing the A: drive/s, making them chatter like heck over and over constantly. I had already solved that problem in our computers, via way of "Device Manager" and then "Disabling the Floppy Drives" even before anyone knew what the real problem was.  So until we get word from McAfee the Disabled Reports for that (the Floppy Drive) are correct.

 

Also the Re-Installation of McAfee went smooth and it's now working fine, right alongside of MBAM in Real Time too.

 

I wanted to let you know about that.

 

OK, I'll get that list of work done and give you the results.

 

Thanks again so very much

 

Your friend,

Brownie

Link to post
Share on other sites

Hi Georgi,

 

Sorry, I had a couple of bad days (old age I guess) but I'm now back and going to get that report to you ASAP.. Thanks for asking.  I was like the red headed step child for a while there. lol

 

One thing you can bet on, is the fact I won't be leaving you until we've completed the task.  Then I'll be using paypal.  In the meantime, I do want to really thank you for sticking with me on this.

 

Thanks my friend,

Brownie

Link to post
Share on other sites

Hi Georgi,

 

My full Apologies for my delay,

 

I'm currently (now) down to the last step before doing the CMD reports. 

 

I Disabled those start up items you listed in msconfig, but that C:\Documents "folder" is still alive and well.. :)

 

Although it still comes up during (both) Cold Boot as well as on Restarts, it gives no other (seeable) problem. If I click on the X to close it, it drops down onto the Task Bar, and then if I "Right Click" on it and click on "Close" it then closes.

 

I went to C:\  and the folder is in there. It's empty. Under the "Properties" General Tab, it's showing Size is 0 bytes, Size on disk 0 bytes, and is marked (as the other folders in there are)  "Read Only" (and again as the other folders in there are) under Advanced:  the box is checked: "For fast searching, allow indexing service to index this folder"

 

Ok I'm on to installing the drivers for the Chipset.

 

Thanks again so very much for understanding my situation, it's much appreciated.

 

Brownie

Link to post
Share on other sites

Hello Brownie,

 

No problems. I received your PM and I understand the situation.

Can you let me know what is the name and the full filepath of this mysterious folder?

 

  • Please download AutoRuns and save it to your desktop.
  • Right click on the downloaded file and choose Extract All Files.
  • Once extracted, open the program named Autoruns.
  • Click on Options and then Hide Microsoft and Windows Entries.
  • Press F5 to refresh the startup list.
  • Next go to File -> Save and choose the file type to Text File (.arn).
  • Please zip the file and upload it here => http://zippyshare.com/ and then post the link to the archive in your next reply.

 

 

Regards,

Georgi

Link to post
Share on other sites

Hi Georgi,

 

Success in the installing the driver. Since it's a Dell computer, and my son found his original CD's that came with it, there was one with all the drivers. Number 2 on the list was just what we needed. It loaded the file on the desktop and from there it was automatic installation. Granted that driver may be out of date (possibly) but it's working fine. So I'm assured it's the correct one for that mother board's "Chip Set".  Thought you'd like to know.

 

Before I do this other step for that Window, I'm thinking you'd want me to first complete this last step for posting the (4) CMD Txt results.  Hope I'm right.

 

PS: I'll download AutoRuns and follow your steps to the letter.

 

The path to that window is: C:\

 

Hope that's what you wanted. when it comes up, in the top bar it's shows: C:\Windows   And it's definitely residing in C:\ 

 

 

Thanks,

Brownie

 

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.