Brownie Posted May 27, 2014 Author ID:834940 Share Posted May 27, 2014 Howdy Georgi, OK, the only two things I checked was device manager to see if things looked good in there. Surprise there was nothing but a blank page. with this pop-up: "Can't Collect Information" "Cannot access the Windows Management Instruction Software" "Windows Management files may be moved or missing". MMC has detected an error in a Snap-in. It is recommended that you shut down and restart MMC. And this: McAfee hasn't been updating the .dat files. Even when manually telling it to "check for updates". The engine just runs and runs with no results. So I went to the McAfee site, and ran their Virtual Tech, and it reported the following: "McAfee expected file not present: C:\Program Files\McAfee\msk\install.rdf I did a search for: "Install.rdf "and found four that each of them had been quarantined. So this system truly was infected with some real bad apples. Other than running much slower than usual, you did get rid of those dll.host & iexplore that kept cropping up in Task Manager faster than you could shake a stick at. So that is great. OK I'll await until I hear back from you. Georgi Thanks, I'm scratching my head now too... lol Brownie Link to post Share on other sites More sharing options...
B-boy/StyLe/ Posted May 28, 2014 ID:835356 Share Posted May 28, 2014 Hello Brownie, OK, the only two things I checked was device manager to see if things looked good in there. Surprise there was nothing but a blank page. with this pop-up: "Can't Collect Information" "Cannot access the Windows Management Instruction Software" "Windows Management files may be moved or missing". MMC has detected an error in a Snap-in. It is recommended that you shut down and restart MMC. Please do the following: Please download Farbar Service Scanner and run it on the computer with the issue.Make sure that all options are checked.Press "Scan".It will create a log (FSS.txt) in the same directory the tool is run.Please copy and past the results in your next reply. Regards,Georgi Link to post Share on other sites More sharing options...
Brownie Posted May 29, 2014 Author ID:835695 Share Posted May 29, 2014 Hi Georgi, Darn, that went so quick I didn't think it had time to get any information, but it did. Here are the results: Farbar Service Scanner Version: 21-05-2014Ran by Donny (administrator) on 29-05-2014 at 14:35:36Running from "C:\Documents and Settings\Donny\Desktop"Microsoft Windows XP Professional Service Pack 3 (X86)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible.Windows Firewall:=============sharedaccess Service is not running. Checking service configuration:The start type of sharedaccess service is OK.The ImagePath of sharedaccess service is OK.The ServiceDll of sharedaccess service is OK.Firewall Disabled Policy:=================="HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\\EnableFirewall" registry value does not exist.System Restore:============Srservice Service is not running. Checking service configuration:The start type of Srservice service is OK.The ImagePath of Srservice service is OK.The ServiceDll of Srservice: "C:\WINDOWS\system32\srsvc.dll".sr Service is not running. Checking service configuration:The start type of sr service is set to Disabled. The default start type is Boot.The ImagePath of sr: "\SystemRoot\system32\DRIVERS\sr.sys".System Restore Disabled Policy:========================[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]"DisableSR"=DWORD:1Security Center:============wscsvc Service is not running. Checking service configuration:The start type of wscsvc service is OK.The ImagePath of wscsvc service is OK.The ServiceDll of wscsvc service is OK.Windows Update:============Windows Autoupdate Disabled Policy:============================Other Services:==============File Check:========C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legitC:\WINDOWS\system32\Drivers\afd.sys => MD5 is legitC:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legitC:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legitC:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legitC:\WINDOWS\system32\dnsrslvr.dll => MD5 is legitC:\WINDOWS\system32\ipnathlp.dll => MD5 is legitC:\WINDOWS\system32\netman.dll => MD5 is legitC:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legitC:\WINDOWS\system32\srsvc.dll => MD5 is legitC:\WINDOWS\system32\Drivers\sr.sys => MD5 is legitC:\WINDOWS\system32\wscsvc.dll => MD5 is legitC:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legitC:\WINDOWS\system32\wuauserv.dll => MD5 is legitC:\WINDOWS\system32\qmgr.dll => MD5 is legitC:\WINDOWS\system32\es.dll => MD5 is legitC:\WINDOWS\system32\cryptsvc.dll => MD5 is legitC:\WINDOWS\system32\svchost.exe => MD5 is legitC:\WINDOWS\system32\rpcss.dll => MD5 is legitC:\WINDOWS\system32\services.exe => MD5 is legitExtra List:=======Gpc(3) IPSec(5) mfetdi2k(8) NetBT(6) PSched(7) Tcpip(4)0x080000000500000001000000020000000300000004000000080000000600000007000000IpSec Tag value is correct.**** End of log **** PS: I made sure I put a check in each of the boxes. Thanks,Brownie Link to post Share on other sites More sharing options...
B-boy/StyLe/ Posted May 30, 2014 ID:835857 Share Posted May 30, 2014 Hello Brownie, Let's try to fix the broken services.Backup Your Registry Please download and install Tweaking.com-Registry BackupOpen Tweaking.com-Registry Backup and click on Backup Now.Close the application. Now download the following files and save them to your desktop: SharedAccess.reg srservice.reg sr.reg wscsvc.reg Wmi.reg winmgmt.regNow double click on each of them one by one. An information box will pop up asking if you want to merge the information in the file into the registry, click YES. Next please download the ESET ServicesRepair utility and save it to your Desktop.Double-click ServicesRepair.exe to run the ESET ServicesRepair utility. Next please download FixPolicies.exe and save to your Desktop.You can ignore the warning about downloading this type of file.Double-click FixPolicies.exe (this is a a self-extracting ZIP archive).Click the "Install" button on the bottom toolbar of the box that will open.The program will create a new Folder called FixPolicies.Open the FixPolicies folder and double-click on Fix_Policies.cmd.A black box will briefly appear and then close.Restart your computer and then please post fresh log from Farbar Service Scanner. Regards,Georgi Link to post Share on other sites More sharing options...
B-boy/StyLe/ Posted June 1, 2014 ID:836554 Share Posted June 1, 2014 Hello, Do you still need assistance? Regards,Georgi Link to post Share on other sites More sharing options...
Brownie Posted June 2, 2014 Author ID:836810 Share Posted June 2, 2014 Hi Georgi, I'm sorry, I've been away for a couple of days, so I didn't get around to doing those last steps you posted yet. I wanted to let you know I'm back. In answer to your question, yes I still need your help. Of particular interest. Before I left, I figured I'd give Rougekiller another try. As soon as I clicked on run, it brought up IE which took me to their site and automatically downloaded their Latest version of Rougekiller. I ran it to see if it would hang up. It didn't. It ran to the end. I didn't tell it to do anything other than to "Report" and I have that report. It's a small report of it's findings. Anyway, I'm asking if you'd like me to post those findings for you before we go into your last procedures you posted? And the reason for that is: It sounded to me as if getting that full scan using "Rougekiller" was indeed something you wanted to look at before going with anything else. Let me know and I'll post those results, either on Pastebin or here, whichever you prefer. It's a small file. Thanks again, and sorry for being away. Brownie Link to post Share on other sites More sharing options...
Brownie Posted June 2, 2014 Author ID:837012 Share Posted June 2, 2014 Hi Georgi, Here is the link to the "Roguekiller report" on pastebin: http://pastebin.com/JHbw7DD4 Let me know if you get it ok. Thanks again, Brownie Link to post Share on other sites More sharing options...
B-boy/StyLe/ Posted June 3, 2014 ID:837273 Share Posted June 3, 2014 Hello Brownie, I am sorry about the delay. I had a busy day at the office. I didn't tell it to do anything other than to "Report" I am glad to see that the latest version of RogueKiller ran without any issues...I spoke with the developer and he said to me that the bugs were fixed. However I wanted to repair your broken services first. Anyway please re-run RogueKiller againWait until Prescan has finished.Click on Scan this time and post the log in your next reply.Then proceed with the rest of the steps from my previous post. Regards,Georgi Link to post Share on other sites More sharing options...
Brownie Posted June 4, 2014 Author ID:837425 Share Posted June 4, 2014 Hey Georgi, welcome back too. lol OK, I'll run Roguekiller and post the results. I'll then get to those steps (in the order) you have written out. Thanks again and welcome back. It appears that we both had a couple busy days at the office... lol Brownie Link to post Share on other sites More sharing options...
Brownie Posted June 4, 2014 Author ID:837437 Share Posted June 4, 2014 Hi Georgi, Here is the "Roguekiller" Report Log from the scan I just ran: RogueKiller V9.0.1.0 [Jun 2 2014] by Adlice Softwaremail : http://www.adlice.com/contact/Feedback : http://forum.adlice.comWebsite : http://www.adlice.com/softwares/roguekiller/Blog : http://www.adlice.comOperating System : Windows XP (5.1.2600 Service Pack 3) 32 bits versionStarted in : Normal modeUser : Donny [Admin rights]Mode : Scan -- Date : 06/04/2014 01:50:38¤¤¤ Bad processes : 0 ¤¤¤¤¤¤ Registry Entries : 4 ¤¤¤[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\0182971401845926mcinstcleanup -> FOUND[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableTaskMgr : 0 -> FOUND[PUM.Policies] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System | DisableRegistryTools : 0 -> FOUND[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> FOUND¤¤¤ Scheduled tasks : 0 ¤¤¤¤¤¤ Files : 0 ¤¤¤¤¤¤ HOSTS File : 1 ¤¤¤[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 localhost¤¤¤ Antirootkit : 0 ¤¤¤¤¤¤ Web browsers : 0 ¤¤¤¤¤¤ MBR Check : ¤¤¤+++++ PhysicalDrive0: ST500DM002-1BC142 +++++--- User ---[MBR] a0165e2b47813a277956167ec94cd9ca[bSP] a30a925bddbc7bf98c8a3183c2f5b5a2 : Windows XP MBR CodePartition table:0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476929 MBUser = LL1 ... OKUser = LL2 ... OK============================================RKreport_SCN_06012014_182921.log - RKreport_SCN_06042014_014305.log Thanks again, Georgi Brownie Link to post Share on other sites More sharing options...
B-boy/StyLe/ Posted June 4, 2014 ID:837444 Share Posted June 4, 2014 Hello Brownie, Ok, that confirms that the bugs are fixed in the latest version of RK. Good to know and the log look good so we have an improvement. Please proceed with the rest of the steps. Regards,Georgi Link to post Share on other sites More sharing options...
Brownie Posted June 4, 2014 Author ID:837659 Share Posted June 4, 2014 Hi Georgi, I meticulasly followed each of your steps right to the very letter. lolHere is the last step (as in) a fresh log from: "Farbar Service Scanner" I made sure I checked each of the boxes Farbar Service Scanner Version: 21-05-2014Ran by Donny (administrator) on 04-06-2014 at 14:06:34Running from "C:\Documents and Settings\Donny\Desktop"Microsoft Windows XP Professional Service Pack 3 (X86)Boot Mode: Normal****************************************************************Internet Services:============Connection Status:==============Localhost is accessible.LAN connected.Google IP is accessible.Google.com is accessible.Yahoo.com is accessible.Windows Firewall:=============Firewall Disabled Policy:==================[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall"=DWORD:0System Restore:============System Restore Disabled Policy:========================Security Center:============Windows Update:============Windows Autoupdate Disabled Policy:============================Other Services:==============File Check:========C:\WINDOWS\system32\dhcpcsvc.dll => MD5 is legitC:\WINDOWS\system32\Drivers\afd.sys => MD5 is legitC:\WINDOWS\system32\Drivers\netbt.sys => MD5 is legitC:\WINDOWS\system32\Drivers\tcpip.sys => MD5 is legitC:\WINDOWS\system32\Drivers\ipsec.sys => MD5 is legitC:\WINDOWS\system32\dnsrslvr.dll => MD5 is legitC:\WINDOWS\system32\ipnathlp.dll => MD5 is legitC:\WINDOWS\system32\netman.dll => MD5 is legitC:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legitC:\WINDOWS\system32\srsvc.dll => MD5 is legitC:\WINDOWS\system32\Drivers\sr.sys => MD5 is legitC:\WINDOWS\system32\wscsvc.dll => MD5 is legitC:\WINDOWS\system32\wbem\WMIsvc.dll => MD5 is legitC:\WINDOWS\system32\wuauserv.dll => MD5 is legitC:\WINDOWS\system32\qmgr.dll => MD5 is legitC:\WINDOWS\system32\es.dll => MD5 is legitC:\WINDOWS\system32\cryptsvc.dll => MD5 is legitC:\WINDOWS\system32\svchost.exe => MD5 is legitC:\WINDOWS\system32\rpcss.dll => MD5 is legitC:\WINDOWS\system32\services.exe => MD5 is legitExtra List:=======Gpc(3) IPSec(5) mfetdi2k(8) NetBT(6) PSched(7) Tcpip(4)0x080000000500000001000000020000000300000004000000080000000600000007000000IpSec Tag value is correct.**** End of log **** PS: That was a whole lot easier and faster than it appeared to be when reading down the many steps.. A piece of cake actually.. Now that being done, with your permission, I'd like to "Uninstall McAfee" since it really isn't working as it should. Then after we get this done, I'll do a complete Reinstall of "McAfee" I already learned from experience that you just can't uninstall it and then reinstall it, without going through a complete hassle over the user acct. license. So you first have to use a TOOL from McAfee to totally rid your system of any signs of ever having had it installed. That tool then gives them what they need to know it's a legit acct., and all I have to do is download it from my acct with them, which is licensed for (5) computers under a yearly discounted fee. lol Let me know if you feel that would be ok for me to do now. I'll await your reply back before uninstalling it. But why I'm saying that is, I believe there is a bad file (and I know it's missing an important file that was quarantined). So a clean install of that program is the only way to go. In the meantime, MBAM is doing a real fine job. Of interest: There is a "Blank Document folder" that comes up on start up. C:\Documents It goes right off after clicking on the X, and doesn't come back up, unless I restart the machine or, boot up. ThanksBrownie Thanks, Link to post Share on other sites More sharing options...
B-boy/StyLe/ Posted June 6, 2014 ID:838510 Share Posted June 6, 2014 Hi Brownie, Nice work. We managed to repair the damaged services. Can you check to see if the problem related to Device Manager is now fixed? OK, the only two things I checked was device manager to see if things looked good in there. Surprise there was nothing but a blank page. with this pop-up: "Can't Collect Information" "Cannot access the Windows Management Instruction Software" "Windows Management files may be moved or missing". Now that being done, with your permission, I'd like to "Uninstall McAfee" since it really isn't working as it should.Let me know if you feel that would be ok for me to do now. Sure, we still have some work to do, but I don't think that McAfee will interfere with the tools I am planning to have you run from now on. It's not a good idea to stay unprotected so go ahead and take care of McAfee. Of interest: There is a "Blank Document folder" that comes up on start up. C:\Documents It goes right off after clicking on the X, and doesn't come back up, unless I restart the machine or, boot up. Can you run a new scan with FRST and post the results in your next reply? Regards,Georgi Link to post Share on other sites More sharing options...
Brownie Posted June 6, 2014 Author ID:838676 Share Posted June 6, 2014 Hi Georgi, The FRST Scan Log will be following this message: PS: I first Uninstalled McAfee, Next, I Scanned it with "MBAM" and wow! The total time for that scan with everything checked, was down to being only about 9 minutes, as compared to many hours previous to removing McAfee. I then performed the FRST Scan. Things are looking pretty good now, and yes! We now have "Device Manager" back as well as everything else now working. My son's name is now back in "Task Manager" too. That Blank Window still comes up on "Boot or Reboot" C:\Documents, and there are a couple of items running in Task Manager, that are really eating up some resources. One of the names is: "cidaemon.exe" the 2nd is: "cisvc.exe" and the 3rd is: "csrss.exe" And when one of them is running it really eats up the resources. They'll each take turns running in succession with one another, bringing the computer to a halt, while you wait for it to get done. "Whatever they're doing". There, you now have anything and everything that I felt you might want to know. Hope that helps. PS: I'll have to post these logs one at a time, due to their sizes. Next I'll wait for you to get back to me. FRST Scan on it's way Thanks againYour friendBrownie Link to post Share on other sites More sharing options...
Brownie Posted June 6, 2014 Author ID:838677 Share Posted June 6, 2014 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:06-06-2014Ran by Donny (administrator) on DONNY-8E17D58B6 on 06-06-2014 15:08:31Running from C:\Documents and Settings\Donny\DesktopPlatform: Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: NormalThe only official download link for FRST:Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe(SigmaTel, Inc.) C:\WINDOWS\stsystra.exe(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\WINDOWS\system32\cisvc.exe(Microsoft Corporation) C:\WINDOWS\ehome\ehrecvr.exe(Microsoft Corporation) C:\WINDOWS\ehome\ehSched.exe(iRacing.com Motorsport Simulations, LLCBedford, MA 01730) C:\Program Files\iRacing\iRacingService.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe(Microsoft Corporation) C:\WINDOWS\ehome\ehmsas.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe(Microsoft Corporation) C:\WINDOWS\system32\cidaemon.exe==================== Registry (Whitelisted) ==================HKLM\...\Run: [sigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [282624 2006-03-20] (SigmaTel, Inc.)HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [8491008 2007-09-17] (NVIDIA Corporation)HKLM\...\Run: [iSUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)HKLM\...\Run: [iSUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)HKLM\...\Run: [Zune Launcher] => c:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)HKLM\...\Run: [switchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM\...\Run: [start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)HKLM\...\Run: [seagate Dashboard] => C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()HKLM\...\Run: [Memeo Instant Backup] => C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-04] (Memeo Inc.)HKLM\...\Run: [Memeo AutoSync] => C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-04] (Memeo Inc.)HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.)HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)HKLM\...\Policies\Explorer: [NoCDBurning] 0HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe [247968 2011-12-17] (Adobe Systems, Inc.)HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [AdobeBridge] => [X]HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-17] (Google Inc.)HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [Google Update] => "C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /cHKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [DellSystemDetect] => C:\Documents and Settings\Donny\Local Settings\Apps\2.0\63498J4G.OPT\9AQAPGQO.QBA\dell..tion_0f612f649c4a10af_0005.0007_59de4fd2458fcaec\DellSystemDetect.exe [254976 2014-05-28] (Dell)HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\MountPoints2: {7ce7db57-c569-11e2-8b1b-001676deffa7} - F:\VZW_Software_upgrade_assistant.exeStartup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnkShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)==================== Internet (Whitelisted) ====================HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankHKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchHKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankURLSearchHook: HKCU - (No Name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No FileSearchScopes: HKLM - DefaultScope value is missing.SearchScopes: HKCU - DefaultScope {D8CDAC95-B82F-4A59-B757-7D3B30676E1B} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}SearchScopes: HKCU - {D8CDAC95-B82F-4A59-B757-7D3B30676E1B} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No FileBHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No FileBHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No FileBHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)Toolbar: HKLM - PasswordBox - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354481751750DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cabHandler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No FileHandler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No FileHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76FireFox:========FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Plugin: geocomply.com/gc_browser_plugin_client_c - C:\PROGRA~1\888POK~1\bin\gc\npgc-browser-plugin-client-c.dll (GeoComply)FF Plugin HKCU: geocomply.com/gc_browser_plugin_client_2_1_7 - C:\PROGRA~1\GEOCOM~1\GC-BRO~1\217~1.1\NPGC-B~1.DLL (GeoComply)FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-15]FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisorFF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ffFF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []Chrome:=======CHR DefaultSearchKeyword: mcafeeCHR DefaultSearchProvider: McAfeeCHR DefaultSearchURL: http://search.yahoo.com/search?fr=mcafee&type=A211US0&p={searchTerms}CHR DefaultNewTabURL:CHR Extension: (Google Docs) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-23]CHR Extension: (Google Drive) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-23]CHR Extension: (PasswordBox) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdgldefdgecfggjdniencbihfhfnenke [2013-11-23]CHR Extension: (YouTube) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-25]CHR Extension: (Google Search) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-25]CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-06-25]CHR Extension: (DVDVideoSoft Browser Extension) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-02-05]CHR Extension: (Google Wallet) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]CHR Extension: (Gmail) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-25]CHR HKCU\...\Chrome\Extension: [bdgldefdgecfggjdniencbihfhfnenke] - C:\Documents and Settings\Donny\Local Settings\Application Data\PasswordBox\Chrome\extension [2013-04-27]CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-02-05]========================== Services (Whitelisted) =================S2 0150511402065688mcinstcleanup; C:\Documents and Settings\Donny\Local Settings\Temp\0150511402065688mcinst.exe [836168 2014-03-13] (McAfee, Inc.)R2 iRacingService; C:\Program Files\iRacing\iRacingService.exe [527016 2013-01-25] (iRacing.com Motorsport Simulations, LLCBedford, MA 01730)R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-05-04] (Memeo)R2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.)S4 PasswordBox; C:\Program Files\PasswordBox\pbbtnService.exe [67584 2013-03-01] (PasswordBox, Inc.)S3 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)S4 ZuneBusEnum; c:\Program Files\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation)==================== Drivers (Whitelisted) ====================R3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [26080 2012-10-08] (Wondershare)S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1759584 2010-09-30] (Atheros Communications, Inc.)S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions)R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions)R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions)R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions)R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions)R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions)R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions)R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions)R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions)R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions)S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-05-18] (HP)S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-05-18] (HP)S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-05-18] (HP)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-06-06] (Malwarebytes Corporation)R1 MOBKFilter; C:\WINDOWS\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)R0x01000000 papycpu2; C:\WINDOWS\System32\DRIVERS\papycpu2.sys [1984 2003-01-17] ()R0x01000000 papyjoy; C:\WINDOWS\System32\DRIVERS\papyjoy.sys [1856 2003-01-17] ()R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [187992 2001-04-13] (Roland)R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1156648 2006-03-20] (SigmaTel, Inc.)R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)S3 WmHidLo; C:\WINDOWS\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)R3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)R2 zumbus; C:\WINDOWS\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation)S4 IntelIde; No ImagePathU5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U1 WS2IFSL;========================== Drivers MD5 =======================C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557C:\WINDOWS\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys 548CCBD8B48FDF7E2435AD6017920A7FC:\WINDOWS\System32\DRIVERS\athuw.sys 3BC98A53C0ABE3FEB3B2B9B3BD9E7AA5C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BCC:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9C:\WINDOWS\System32\DRIVERS\CCDECODE.sys 0BE5AEF125BE881C4F854C554F2B025CC:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873BC:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32C:\WINDOWS\System32\DRIVERS\cdrom.sys 4B0A100EAF5C49EF3CCA8C641431EACCC:\WINDOWS\system32\Drivers\cercsr6.sys 84853B3FD012251690570E9E7E43343FC:\WINDOWS\System32\DRIVERS\ssudbus.sys B575C523F537F24D66D31F8877E6BCABC:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25C:\WINDOWS\System32\DLA\DLABOIOM.SYS D8D58A84F3ECE3359DF95FD2E459B330C:\WINDOWS\System32\Drivers\DLACDBHM.SYS EC6AE8BC9F773382D2EED49E4DFDAE2AC:\WINDOWS\System32\DLA\DLADResN.SYS 27C78078BD9C4F2DE2AD3EB04BFE101BC:\WINDOWS\System32\DLA\DLAIFS_M.SYS 7F2D93E560B763EF5D11422D78DA8ED0C:\WINDOWS\System32\DLA\DLAOPIOM.SYS F643637DE6AAC57E38D197AA63D9EA74C:\WINDOWS\System32\DLA\DLAPoolM.SYS 340705474807F57A46D59D18FC2959F1C:\WINDOWS\System32\Drivers\DLARTL_N.SYS 0605B66052F82B6F07204DBDB61C13FFC:\WINDOWS\System32\DLA\DLAUDFAM.SYS 6984EA763907C045CE813468882BC587C:\WINDOWS\System32\DLA\DLAUDF_M.SYS 12B30C449CFD36ADBED53EB6560933C6C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6FC:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5FC:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8C:\WINDOWS\System32\Drivers\DRVMCDB.SYS FD0F95981FEF9073659D8EC58E40AA3CC:\WINDOWS\System32\Drivers\DRVNDDM.SYS B4869D320428CDC5EC4D7F5E808E99B5C:\WINDOWS\System32\DRIVERS\e1e5132.sys 00192F0C612591D585594E9467E6CA8BC:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343EC:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3C:\WINDOWS\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0C:\WINDOWS\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779AC:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259DC:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legitC:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2C:\WINDOWS\System32\DRIVERS\HDAudBus.sys 573C7D0A32852B48F3058CFD8026F511C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1C:\WINDOWS\System32\DRIVERS\HPZid412.sys D03D10F7DED688FECF50F8FBF1EA9B8AC:\WINDOWS\System32\DRIVERS\HPZipr12.sys 89F41658929393487B6B7D13C8528CE3C:\WINDOWS\System32\DRIVERS\HPZius12.sys ABCB05CCDBF03000354B9553820E39F8C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys 77E4FF0B73BC0AEAAF39BF0C8104231FC:\WINDOWS\System32\DRIVERS\HSF_DP.sys 60E1604729A15EF4A3B05F298427B3B1C:\WINDOWS\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38C:\WINDOWS\system32\Drivers\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30C:\WINDOWS\System32\DRIVERS\igxpmp32.sys 0674CE8AE167D830B871A99C677C5C59C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8EC:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66BC:\WINDOWS\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BBC:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128C:\WINDOWS\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378C:\WINDOWS\system32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1C:\WINDOWS\system32\drivers\mbam.sys 8683C1B450F4B3872839308D836E0F92C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 12E71DA845D76665B56753AD149E32B3C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys EEAEA6514BA7C9D273B5E87C4E1AAB30C:\WINDOWS\System32\DRIVERS\mhndrv.sys 7F2F1D2815A6449D346FCCCBC569FBD6C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6C:\WINDOWS\System32\DRIVERS\MOBK.sys E896775837A8BCE436348DF460522394C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1C:\WINDOWS\System32\drivers\MODEMCSA.sys 1992E0D143B09653AB0F9C5E04B0FD65C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FDC:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BDC:\WINDOWS\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3EC:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3DC:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136C:\WINDOWS\System32\drivers\MSTEE.sys E53736A9E30C45FA9E7B5EAC55056D1DC:\WINDOWS\system32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5C:\WINDOWS\System32\DRIVERS\NABTSFEC.sys 5B50F1B2A2ED47D560577B221DA734DBC:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130DC:\WINDOWS\System32\DRIVERS\NdisIP.sys 7FF1F1FD8609C149AA432F95A8163D97C:\WINDOWS\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659ABC:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3DC:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034AC:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCAC:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3ADC:\WINDOWS\System32\DRIVERS\nv4_mini.sys 5950E6CC9FB3FABB61604D395DBC8550C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9C:\WINDOWS\System32\DRIVERS\papycpu2.sys F5CF06754AE54D9D3353FC9C59BC4E04C:\WINDOWS\System32\DRIVERS\papyjoy.sys B09A71E8E1E127455F3A2FE83D38851FC:\WINDOWS\system32\Drivers\Parport.sys 5575FAF8F97CE5E713D108C2A58D7C7CC:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1C:\WINDOWS\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADDC:\WINDOWS\System32\Drivers\PxHelp20.sys 7C81AE3C9B82BA2DA437ED4D31BC56CFC:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9CC:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEEC:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780AC:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332C:\WINDOWS\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1C:\WINDOWS\system32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys 93F66FAEA8BF047D4242AC85AADA403DC:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legitC:\WINDOWS\system32\Drivers\Serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562C:\WINDOWS\System32\DRIVERS\SLIP.sys 866D538EBE33709A5C9F5C62B73B7D14C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9FC:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5DC:\WINDOWS\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7C:\WINDOWS\System32\DRIVERS\ssadbus.sys 64E44ACD8C238FCBBB78F0BA4BDC4B05C:\WINDOWS\System32\DRIVERS\ssadmdfl.sys BB2C84A15C765DA89FD832B0E73F26CEC:\WINDOWS\System32\DRIVERS\ssadmdm.sys 6D0D132DDC6F43EDA00DCED6D8B1CA31C:\WINDOWS\System32\drivers\sthda.sys 797FCC1D859B203958E915BB82528DA9C:\WINDOWS\System32\DRIVERS\StreamIP.sys 77813007BA6265C4B6098187E6ED79D2C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0FC:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290C:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3DC:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9EC:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31C:\WINDOWS\System32\drivers\usbaudio.sys 65898A183FBF1D1F7759D5CCB364DCD4C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FCC:\WINDOWS\System32\DRIVERS\usbehci.sys 4BAC8DF07F1D8434FC640E677A62204EC:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285CC:\WINDOWS\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00C:\WINDOWS\System32\DRIVERS\usbscan.sys F8EDE2B6928970DCE3D5614C27D9E7F6C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6C:\WINDOWS\System32\Drivers\usbvideo.sys 813236B1183CFCF289E367BD5DE6E29EC:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6C:\WINDOWS\System32\Drivers\wdf01000.sys D918617B46457B9AC28027722E30F647C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00FC:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys F59ED5A43B988A18EF582BB07B2327A7C:\WINDOWS\System32\DRIVERS\WinUSB.sys 30FC6E5448D0CBAAA95280EEEF7FEDAEC:\WINDOWS\System32\drivers\WmBEnum.sys 5D410936831F7FB58EFF941EAC3F6D3DC:\WINDOWS\System32\drivers\WmFilter.sys 7A13CFDE92956CA61A0927D766C5AD4FC:\WINDOWS\System32\drivers\WmHidLo.sys 1F596392149CAC51F7C095AF7D533934C:\WINDOWS\System32\drivers\WmVirHid.sys 6F04646BC690F8BBFC344BE32A60796DC:\WINDOWS\System32\drivers\WmXlCore.sys 1D6CA43D562333F4DFB40BCEF2453F3AC:\WINDOWS\System32\DRIVERS\wpdusb.sys CF4DEF1BF66F06964DC0D91844239104C:\WINDOWS\System32\DRIVERS\WSTCODEC.SYS C98B39829C2BBD34E454150633C62C78C:\WINDOWS\System32\DRIVERS\WudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311C:\WINDOWS\System32\DRIVERS\wudfrd.sys 28B524262BCE6DE1F7EF9F510BA3985BC:\WINDOWS\System32\DRIVERS\zumbus.sys AE279CD76B38FC079EEC3CA6D65A5926==================== NetSvcs (Whitelisted) ===================NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)==================== One Month Created Files and Folders ========2014-06-06 15:08 - 2014-06-06 15:11 - 00032448 _____ () C:\Documents and Settings\Donny\Desktop\FRST.txt2014-06-06 15:08 - 2014-06-06 15:08 - 00000000 ____D () C:\Documents and Settings\Donny\Desktop\FRST-OlderVersion2014-06-06 14:57 - 2014-06-06 14:57 - 00001068 _____ () C:\Documents and Settings\Donny\Desktop\MBAM Scan 6_6_2014.txt2014-06-06 10:30 - 2014-06-06 10:31 - 03218352 _____ (McAfee, Inc.) C:\Documents and Settings\Donny\Desktop\MCPR.exe2014-06-04 14:09 - 2014-06-04 14:09 - 00002233 _____ () C:\Documents and Settings\Donny\Desktop\FSS2.txt2014-06-04 13:32 - 2008-02-28 11:50 - 00000000 ____D () C:\Documents and Settings\Donny\Desktop\FixPolicies2014-06-04 13:30 - 2014-06-04 13:30 - 00185065 _____ () C:\Documents and Settings\Donny\Desktop\FixPolicies.exe2014-06-04 13:06 - 2014-06-04 13:07 - 00000000 ____D () C:\Documents and Settings\All Users\Desktop\CC Support2014-06-04 12:19 - 2014-06-04 12:19 - 04009167 _____ () C:\Documents and Settings\Donny\Desktop\ServicesRepair.exe2014-06-04 12:18 - 2014-06-04 12:18 - 00004576 _____ () C:\Documents and Settings\Donny\Desktop\winmgmt.reg2014-06-04 12:17 - 2014-06-04 12:17 - 00003658 _____ () C:\Documents and Settings\Donny\Desktop\wscsvc.reg2014-06-04 12:17 - 2014-06-04 12:17 - 00003274 _____ () C:\Documents and Settings\Donny\Desktop\Wmi.reg2014-06-04 12:16 - 2014-06-04 12:16 - 00003774 _____ () C:\Documents and Settings\Donny\Desktop\srservice.reg2014-06-04 12:16 - 2014-06-04 12:16 - 00002824 _____ () C:\Documents and Settings\Donny\Desktop\sr.reg2014-06-04 12:14 - 2014-06-04 12:15 - 00005848 _____ () C:\Documents and Settings\Donny\Desktop\SharedAccess.reg2014-06-04 12:10 - 2014-06-04 12:10 - 00000000 ____D () C:\RegBackup2014-06-04 12:08 - 2014-06-04 12:08 - 00001876 _____ () C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk2014-06-04 12:08 - 2014-06-04 12:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com2014-06-04 12:03 - 2014-06-04 12:03 - 00000000 ____D () C:\Program Files\Tweaking.com2014-06-04 12:01 - 2014-06-04 12:01 - 04057608 _____ () C:\Documents and Settings\Donny\Desktop\tweaking.com_registry_backup_setup.exe2014-06-04 01:54 - 2014-06-04 01:54 - 00001672 _____ () C:\Documents and Settings\Donny\Desktop\RKreport_SCN_06042014_015038.log2014-06-02 15:50 - 2014-06-02 15:50 - 00000000 ____D () C:\WINDOWS\system32\cos2014-06-01 19:14 - 2014-06-01 19:14 - 00001451 _____ () C:\Documents and Settings\Donny\Desktop\RKreport_SCN_06012014_182921.log2014-06-01 18:19 - 2014-06-04 01:41 - 00026624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys2014-06-01 18:19 - 2014-06-01 18:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller2014-05-31 19:19 - 2014-06-04 14:06 - 00002233 _____ () C:\Documents and Settings\Donny\Desktop\FSS.txt2014-05-29 14:25 - 2014-06-04 14:04 - 00410112 _____ (Farbar) C:\Documents and Settings\Donny\Desktop\FSS.exe2014-05-28 18:20 - 2014-05-28 18:20 - 00000000 ____D () C:\Documents and Settings\Donny\Start Menu\Programs\Dell2014-05-28 17:59 - 2014-05-28 17:59 - 00000000 ____D () C:\temp2014-05-28 17:59 - 2014-05-28 17:59 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\PCDr2014-05-28 15:07 - 2014-05-28 15:07 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE2014-05-25 01:19 - 2014-05-25 03:32 - 00000000 ____D () C:\TDSSKiller_Quarantine2014-05-25 01:00 - 2014-05-25 01:00 - 04165472 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Donny\Desktop\tdsskiller.exe2014-05-24 11:00 - 2014-06-04 01:40 - 04673536 _____ () C:\Documents and Settings\Donny\Desktop\RogueKiller.exe2014-05-23 10:37 - 2014-06-06 15:11 - 00000000 ____D () C:\Documents and Settings\Donny\Local Settings\Temp2014-05-22 17:39 - 2014-05-22 17:39 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2014-05-22 17:39 - 2014-05-22 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-05-22 17:39 - 2014-05-22 17:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-22 17:39 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-05-22 17:39 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-05-22 17:33 - 2014-05-22 17:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Donny\Desktop\mbam-setup-2.0.2.1012.exe2014-05-22 17:30 - 2014-06-06 15:08 - 01063424 _____ (Farbar) C:\Documents and Settings\Donny\Desktop\FRST.exe2014-05-21 12:16 - 2014-05-21 12:16 - 00016419 _____ () C:\Documents and Settings\Donny\Desktop\MVTHealthCheck_Deviation.html2014-05-21 11:56 - 2014-05-21 11:56 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\McAfee2014-05-20 14:40 - 2014-05-20 16:47 - 00000000 ____D () C:\AdwCleaner2014-05-17 03:52 - 2014-05-17 03:52 - 00000000 ____D () C:\Program Files\ESET2014-05-16 14:04 - 2014-05-23 00:37 - 00000000 _____ () C:\prefs.js2014-05-16 13:28 - 2014-06-06 15:08 - 00000000 ____D () C:\FRST2014-05-16 13:24 - 2014-06-06 14:37 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-05-16 12:14 - 2014-05-16 12:14 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\4D27306B.sys2014-05-15 01:06 - 2014-05-15 12:13 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\09EB3FCF.sys2014-05-15 00:34 - 2014-05-16 12:13 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys2014-05-12 14:12 - 2014-05-12 14:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Sun2014-05-12 14:12 - 2014-05-12 14:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe2014-05-12 14:08 - 2014-05-12 14:08 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache2014-05-10 14:56 - 2014-05-10 14:56 - 00000000 ___HD () C:\WINDOWS\PIF2014-05-08 12:36 - 2014-05-08 12:36 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Apple Computer2014-05-07 16:05 - 2014-05-08 18:29 - 00000664 _____ () C:\Documents and Settings\Donny\Local Settings\Application Data\d3d9caps.dat==================== One Month Modified Files and Folders =======2014-06-06 15:11 - 2014-06-06 15:08 - 00032448 _____ () C:\Documents and Settings\Donny\Desktop\FRST.txt2014-06-06 15:11 - 2014-05-23 10:37 - 00000000 ____D () C:\Documents and Settings\Donny\Local Settings\Temp2014-06-06 15:08 - 2014-06-06 15:08 - 00000000 ____D () C:\Documents and Settings\Donny\Desktop\FRST-OlderVersion2014-06-06 15:08 - 2014-05-22 17:30 - 01063424 _____ (Farbar) C:\Documents and Settings\Donny\Desktop\FRST.exe2014-06-06 15:08 - 2014-05-16 13:28 - 00000000 ____D () C:\FRST2014-06-06 14:57 - 2014-06-06 14:57 - 00001068 _____ () C:\Documents and Settings\Donny\Desktop\MBAM Scan 6_6_2014.txt2014-06-06 14:40 - 2011-12-17 16:10 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-06-06 14:40 - 2011-12-17 16:10 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-06-06 14:37 - 2014-05-16 13:24 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-06-06 14:32 - 2011-12-12 01:56 - 00000000 ____D () C:\WINDOWS\Registration2014-06-06 14:31 - 2011-12-12 01:58 - 01772707 _____ () C:\WINDOWS\WindowsUpdate.log2014-06-06 14:30 - 2011-12-11 20:47 - 00000159 _____ () C:\WINDOWS\wiadebug.log2014-06-06 14:30 - 2011-12-11 20:47 - 00000048 _____ () C:\WINDOWS\wiaservc.log2014-06-06 14:29 - 2014-03-21 22:50 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2014-06-06 14:29 - 2011-12-12 02:02 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-06-06 10:51 - 2011-12-12 02:02 - 00032656 _____ () C:\WINDOWS\SchedLgU.Txt2014-06-06 10:31 - 2014-06-06 10:30 - 03218352 _____ (McAfee, Inc.) C:\Documents and Settings\Donny\Desktop\MCPR.exe2014-06-06 09:55 - 2004-08-10 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl2014-06-04 14:09 - 2014-06-04 14:09 - 00002233 _____ () C:\Documents and Settings\Donny\Desktop\FSS2.txt2014-06-04 14:06 - 2014-05-31 19:19 - 00002233 _____ () C:\Documents and Settings\Donny\Desktop\FSS.txt2014-06-04 14:04 - 2014-05-29 14:25 - 00410112 _____ (Farbar) C:\Documents and Settings\Donny\Desktop\FSS.exe2014-06-04 13:30 - 2014-06-04 13:30 - 00185065 _____ () C:\Documents and Settings\Donny\Desktop\FixPolicies.exe2014-06-04 13:07 - 2014-06-04 13:06 - 00000000 ____D () C:\Documents and Settings\All Users\Desktop\CC Support2014-06-04 12:19 - 2014-06-04 12:19 - 04009167 _____ () C:\Documents and Settings\Donny\Desktop\ServicesRepair.exe2014-06-04 12:18 - 2014-06-04 12:18 - 00004576 _____ () C:\Documents and Settings\Donny\Desktop\winmgmt.reg2014-06-04 12:17 - 2014-06-04 12:17 - 00003658 _____ () C:\Documents and Settings\Donny\Desktop\wscsvc.reg2014-06-04 12:17 - 2014-06-04 12:17 - 00003274 _____ () C:\Documents and Settings\Donny\Desktop\Wmi.reg2014-06-04 12:16 - 2014-06-04 12:16 - 00003774 _____ () C:\Documents and Settings\Donny\Desktop\srservice.reg2014-06-04 12:16 - 2014-06-04 12:16 - 00002824 _____ () C:\Documents and Settings\Donny\Desktop\sr.reg2014-06-04 12:15 - 2014-06-04 12:14 - 00005848 _____ () C:\Documents and Settings\Donny\Desktop\SharedAccess.reg2014-06-04 12:11 - 2013-09-19 23:09 - 00496222 _____ () C:\WINDOWS\setupapi.log2014-06-04 12:11 - 2011-12-11 20:39 - 00000000 ____D () C:\WINDOWS\repair2014-06-04 12:10 - 2014-06-04 12:10 - 00000000 ____D () C:\RegBackup2014-06-04 12:08 - 2014-06-04 12:08 - 00001876 _____ () C:\Documents and Settings\All Users\Desktop\Tweaking.com - Registry Backup.lnk2014-06-04 12:08 - 2014-06-04 12:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Tweaking.com2014-06-04 12:03 - 2014-06-04 12:03 - 00000000 ____D () C:\Program Files\Tweaking.com2014-06-04 12:01 - 2014-06-04 12:01 - 04057608 _____ () C:\Documents and Settings\Donny\Desktop\tweaking.com_registry_backup_setup.exe2014-06-04 02:00 - 2011-12-24 03:45 - 00000342 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-DONNY-8E17D58B6-Donny.job2014-06-04 01:54 - 2014-06-04 01:54 - 00001672 _____ () C:\Documents and Settings\Donny\Desktop\RKreport_SCN_06042014_015038.log2014-06-04 01:41 - 2014-06-01 18:19 - 00026624 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys2014-06-04 01:40 - 2014-05-24 11:00 - 04673536 _____ () C:\Documents and Settings\Donny\Desktop\RogueKiller.exe2014-06-03 05:50 - 2012-12-02 18:30 - 01703936 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt2014-06-03 03:45 - 2011-12-12 02:02 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Temp2014-06-02 18:54 - 2011-12-28 19:15 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job2014-06-02 16:24 - 2014-05-06 20:12 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat2014-06-02 15:50 - 2014-06-02 15:50 - 00000000 ____D () C:\WINDOWS\system32\cos2014-06-01 19:14 - 2014-06-01 19:14 - 00001451 _____ () C:\Documents and Settings\Donny\Desktop\RKreport_SCN_06012014_182921.log2014-06-01 18:19 - 2014-06-01 18:19 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\RogueKiller2014-05-31 19:23 - 2011-12-11 20:44 - 00313446 _____ () C:\WINDOWS\setupact.log2014-05-30 09:48 - 2011-12-12 02:02 - 00000000 __SHD () C:\Documents and Settings\LocalService2014-05-30 00:03 - 2011-12-12 01:57 - 00000000 ____D () C:\WINDOWS\system32\Restore2014-05-28 19:19 - 2013-12-06 13:00 - 00000000 ____D () C:\Documents and Settings\Donny\My Documents\888PokerNJ2014-05-28 18:20 - 2014-05-28 18:20 - 00000000 ____D () C:\Documents and Settings\Donny\Start Menu\Programs\Dell2014-05-28 18:20 - 2012-06-25 13:49 - 00000000 ____D () C:\Documents and Settings\Donny\Local Settings\Application Data\Deployment2014-05-28 17:59 - 2014-05-28 17:59 - 00000000 ____D () C:\temp2014-05-28 17:59 - 2014-05-28 17:59 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\PCDr2014-05-28 16:21 - 2011-12-12 16:47 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Dell Accessories2014-05-28 15:30 - 2011-12-12 02:05 - 00000178 ___SH () C:\Documents and Settings\Donny\ntuser.ini2014-05-28 15:22 - 2014-05-06 15:01 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini2014-05-28 15:19 - 2014-05-06 19:25 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp2014-05-28 15:07 - 2014-05-28 15:07 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE2014-05-28 15:07 - 2014-05-06 15:01 - 00000000 ____D () C:\Documents and Settings\Administrator2014-05-26 11:07 - 2011-12-15 02:08 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB960859_0$2014-05-25 03:32 - 2014-05-25 01:19 - 00000000 ____D () C:\TDSSKiller_Quarantine2014-05-25 01:00 - 2014-05-25 01:00 - 04165472 _____ (Kaspersky Lab ZAO) C:\Documents and Settings\Donny\Desktop\tdsskiller.exe2014-05-24 15:02 - 2011-12-12 02:02 - 00000178 ___SH () C:\Documents and Settings\NetworkService\ntuser.ini2014-05-24 15:01 - 2011-12-12 02:02 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini2014-05-24 10:57 - 2013-11-23 13:43 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk2014-05-23 00:37 - 2014-05-16 14:04 - 00000000 _____ () C:\prefs.js2014-05-22 17:39 - 2014-05-22 17:39 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk2014-05-22 17:39 - 2014-05-22 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-05-22 17:39 - 2014-05-22 17:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware2014-05-22 17:33 - 2014-05-22 17:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Donny\Desktop\mbam-setup-2.0.2.1012.exe2014-05-21 12:16 - 2014-05-21 12:16 - 00016419 _____ () C:\Documents and Settings\Donny\Desktop\MVTHealthCheck_Deviation.html2014-05-21 11:56 - 2014-05-21 11:56 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\McAfee2014-05-20 16:47 - 2014-05-20 14:40 - 00000000 ____D () C:\AdwCleaner2014-05-17 03:52 - 2014-05-17 03:52 - 00000000 ____D () C:\Program Files\ESET2014-05-16 12:14 - 2014-05-16 12:14 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\4D27306B.sys2014-05-16 12:13 - 2014-05-15 00:34 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys2014-05-16 12:10 - 2014-03-20 21:16 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\Malwarebytes2014-05-15 19:55 - 2013-07-14 11:33 - 00000144 ___RH () C:\Documents and Settings\Donny\Desktop\Stinger.opt2014-05-15 19:55 - 2013-07-14 09:00 - 00000000 ____D () C:\Program Files\stinger2014-05-15 19:51 - 2013-07-14 09:03 - 00000000 ____D () C:\Stinger_Quarantine2014-05-15 19:31 - 2011-12-15 12:17 - 00000000 ____D () C:\Program Files\Microsoft Works2014-05-15 12:50 - 2011-12-15 13:08 - 00000000 ____D () C:\Program Files\Java2014-05-15 12:13 - 2014-05-15 01:06 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\09EB3FCF.sys2014-05-15 01:14 - 2012-12-25 13:13 - 00000000 ____D () C:\WINDOWS\pss2014-05-15 01:14 - 2011-12-11 20:43 - 00000209 ___SH () C:\boot.ini2014-05-15 01:14 - 2004-08-10 07:00 - 00000542 _____ () C:\WINDOWS\win.ini2014-05-15 01:14 - 2004-08-10 07:00 - 00000227 _____ () C:\WINDOWS\system.ini2014-05-15 00:30 - 2014-03-20 21:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes2014-05-12 14:12 - 2014-05-12 14:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Sun2014-05-12 14:12 - 2014-05-12 14:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe2014-05-12 14:08 - 2014-05-12 14:08 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache2014-05-12 07:26 - 2014-05-22 17:39 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-05-12 07:25 - 2014-05-22 17:39 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-05-10 14:56 - 2014-05-10 14:56 - 00000000 ___HD () C:\WINDOWS\PIF2014-05-09 22:39 - 2011-12-11 20:39 - 00000000 ____D () C:\WINDOWS\Help2014-05-08 18:29 - 2014-05-07 16:05 - 00000664 _____ () C:\Documents and Settings\Donny\Local Settings\Application Data\d3d9caps.dat2014-05-08 17:18 - 2011-12-12 02:02 - 00000000 __SHD () C:\Documents and Settings\NetworkService2014-05-08 17:05 - 2014-03-21 22:50 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2014-05-08 12:36 - 2014-05-08 12:36 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Apple Computer2014-05-07 17:44 - 2011-12-15 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980232$2014-05-07 04:21 - 2011-12-15 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978601$Some content of TEMP:====================C:\Documents and Settings\Donny\Local Settings\Temp\0150511402065688mcinst.exeC:\Documents and Settings\Donny\Local Settings\Temp\ntdll_dump.dllC:\Documents and Settings\Donny\Local Settings\Temp\{E878B0AB-1064-44D0-95DB-53EC005C2346}.exe==================== Bamital & volsnap Check =================C:\WINDOWS\explorer.exe => MD5 is legitC:\WINDOWS\system32\winlogon.exe => MD5 is legitC:\WINDOWS\system32\svchost.exe => MD5 is legitC:\WINDOWS\system32\services.exe => MD5 is legitC:\WINDOWS\system32\User32.dll => MD5 is legitC:\WINDOWS\system32\userinit.exe => MD5 is legitC:\WINDOWS\system32\rpcss.dll => MD5 is legitC:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit==================== End Of Log ============================ Link to post Share on other sites More sharing options...
Brownie Posted June 6, 2014 Author ID:838681 Share Posted June 6, 2014 Here is: "Additional txt": Additional scan result of Farbar Recovery Scan Tool (x86) Version:06-06-2014Ran by Donny at 2014-06-06 15:12:13Running from C:\Documents and Settings\Donny\DesktopBoot Mode: Normal============================================================================== Security Center ============================================ Installed Programs ======================32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden4500_G510gm_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden4500G510gm (Version: 000.0.423.000 - Hewlett-Packard) Hidden4500G510gm_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )888pokerNJ (HKLM\...\888pokerNJ) (Version: - )Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) HiddenAdobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) HiddenAdobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) HiddenAdobe Photoshop CS5 (HKLM\...\{3EB745BA-194F-4475-9164-B20BB2172395}) (Version: 12.0 - Adobe Systems Incorporated)Adobe Reader X (10.1.2) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)Apple Application Support (HKLM\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{8153ED9A-C94A-426E-9880-5E6775C08B62}) (Version: 4.0.0.97 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)BorgataPoker (HKLM\...\BorgataPoker) (Version: - theBorgata)BovadaPoker (HKLM\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version: - )BufferChm (Version: 130.0.331.000 - Hewlett-Packard) HiddenConexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.7.0.6 - Dell)Destinations (Version: 130.0.0.0 - Hewlett-Packard) HiddenDeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) HiddenDocMgr (Version: 130.0.000.000 - Hewlett-Packard) HiddenDocProc (Version: 13.0.0.0 - Hewlett-Packard) HiddenDVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)ESPNMotion (HKLM\...\ESPNMotion) (Version: 2.1.6.0011 - ESPN Internet Ventures)Fax (Version: 130.0.418.000 - Hewlett-Packard) HiddenFree YouTube to MP3 Converter version 3.12.33.424 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.33.424 - DVDVideoSoft Ltd.)FrostWire 5.3.8 (HKLM\...\FrostWire 5) (Version: 5.3.8.0 - FrostWire Team)GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version: - )GeoComply Browser Plugin (HKLM\...\{31575B33-1F39-46C6-970F-3E2C45EF9DA8}) (Version: 2.1.7.1 - GeoComply)Google Chrome (HKLM\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) HiddenGoogle Update Helper (Version: 1.3.24.7 - Google Inc.) HiddenGPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) HiddenHewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) HiddenHigh Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) HiddenHPSSupply (Version: 130.0.371.000 - Hewlett-Packard) HiddenInfraRecorder (HKLM\...\InfraRecorder) (Version: - Christian Kindahl)Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - )Intel® PRO Network Connections (HKLM\...\{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}) (Version: - Dell)iRacing.com Race Simulation (HKLM\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0383 - iRacing.com Motorsport Simulations)iTunes (HKLM\...\{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}) (Version: 10.5.2.11 - Apple Inc.)Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)MAGIX Music Maker 17 Premium Download Version (HKLM\...\MAGIX_MSI_mm17dlx) (Version: 17.0.2.6 - MAGIX AG)MAGIX Music Maker 17 Premium Download Version (Version: 17.0.2.6 - MAGIX AG) HiddenMAGIX Screenshare (HKLM\...\{4881B1D9-55E6-4F61-A76E-5836F12D3536}) (Version: 4.3.6.1987 - MAGIX AG)MAGIX Speed burnR (MSI) (HKLM\...\{FEE404D1-832A-48CA-8E2D-18830DE449CB}) (Version: 7.0.1.27 - MAGIX AG)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) HiddenMcAfee Online Backup (Version: - McAfee, Inc.) HiddenMcAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) HiddenMemeo AutoSync (HKLM\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version: - Memeo Inc.)Memeo Instant Backup (HKLM\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version: - Microsoft Corporation)Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version: - Microsoft Corporation)Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version: - Microsoft Corporation)Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version: - Microsoft Corporation)Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version: - Microsoft Corporation)Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version: - Microsoft Corporation)Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version: - Microsoft Corporation)Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) HiddenMicrosoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) HiddenMicrosoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation)Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version: - Microsoft Corporation) HiddenMicrosoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version: - Microsoft Corporation)Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) HiddenMicrosoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) HiddenMicrosoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) HiddenMSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)MSXML 6.0 Parser (HKLM\...\{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}) (Version: 6.00.3883.15 - Microsoft Corporation)NASCAR® Racing 2003 Season (HKLM\...\{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}) (Version: - Sierra Entertainment)Network (Version: 130.0.374.000 - Hewlett-Packard) Hiddennj.partypoker (HKLM\...\partypokerNJ) (Version: - partyNJ)NJ.WSOP.com (HKLM\...\NJ.WSOP.com) (Version: - )NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: - )OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version: - )PasswordBox (HKLM\...\PasswordBox) (Version: 1.21.3.2423 - PasswordBox, Inc.)PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) HiddenPG Music DirectX Plugins 1.3.4.1 (HKLM\...\PG Music DirectX Plugins_is1) (Version: - PG Music Inc.)Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)PS3 Media Server (HKLM\...\PS3 Media Server) (Version: 1.90.0 - PS3 Media Server)RealDrums Bonus Set (HKLM\...\bb_is1) (Version: - PG Music Inc.)Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)Roxio MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.6 - Roxio)Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)Scan (Version: 13.0.0.0 - Hewlett-Packard) HiddenSeagate Dashboard (HKLM\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)Shared C Run-time for x86 (Version: 10.0.0 - McAfee) HiddenShop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4803.0 - SigmaTel)Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) HiddenSolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) HiddenSonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)Status (Version: 130.0.373.000 - Hewlett-Packard) HiddenSuperNZB v4.0.6 (HKLM\...\SuperNZB_is1) (Version: - )TempoPerfect Metronome Software (HKLM\...\TempoPerfect) (Version: - NCH Software)Tenorshare Photo Recovery (HKLM\...\Tenorshare Photo Recovery) (Version: - Tenorshare, Inc.)Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)Toolbox (Version: 130.0.648.000 - Hewlett-Packard) HiddenTrayApp (Version: 130.0.376.000 - Hewlett-Packard) HiddenTweaking.com - Registry Backup (HKLM\...\Tweaking.com - Registry Backup) (Version: 1.9.0 - Tweaking.com)Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)Update for Windows Media Player 10 (KB913800) (Version: - Microsoft Corporation) HiddenUpdate for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) HiddenUpdate for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version: - Microsoft Corporation)Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM\...\{3AC82D10-23DD-48F7-9E4A-FBD3792F2655}) (Version: 2.14.0307 - Samsung Electronics Co., Ltd.)Verizon Wireless Software Utility Application for Android - Samsung (HKLM\...\{B7C5C35E-E750-4D09-BD2E-381D10124CBB}) (Version: 2.14.0305 - Samsung Electronics Co., Ltd.)Video Download Capture V4.3.5 (HKLM\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.3.5 - Apowersoft)Virtual Sound Canvas DXi (HKLM\...\{745877DC-8FFE-4E4C-ABBC-589B887A47D1}) (Version: - )Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0 - Microsoft Corporation) HiddenVLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) HiddenWebReg (Version: 130.0.132.017 - Hewlett-Packard) HiddenWindows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version: - Microsoft Corporation)Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation)Windows Media Connect (Version: - Microsoft Corporation) HiddenWindows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )Windows Media Format 11 runtime (Version: - Microsoft Corporation) HiddenWindows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )Windows Media Player 11 (Version: - Microsoft Corporation) HiddenWindows Media Player Packages (HKCU\...\Windows Media Player Packages) (Version: - ) <==== ATTENTIONWindows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) HiddenWindows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version: - Microsoft Corporation)Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version: - Microsoft Corporation)Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version: - Microsoft Corporation)Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version: - Microsoft Corporation)Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version: - Microsoft Corporation)Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)Zune (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) HiddenZune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden==================== Restore Points =========================30-05-2014 04:04:01 System Checkpoint==================== Hosts content: ==========================2004-08-10 07:00 - 2004-08-10 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost==================== Scheduled Tasks (whitelisted) =============Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-DONNY-8E17D58B6-Donny.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exeTask: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe==================== Loaded Modules (whitelisted) =============2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2004-08-10 07:00 - 2011-02-04 18:48 - 00291840 _____ () C:\WINDOWS\system32\sbe.dll2004-08-10 07:00 - 2013-01-02 02:49 - 01292288 _____ () C:\WINDOWS\system32\quartz.dll2004-08-10 07:00 - 2008-04-13 20:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll2004-08-10 07:00 - 2008-04-13 20:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll2010-04-13 21:11 - 2010-04-13 21:11 - 00077624 _____ () C:\Program Files\McAfee Online Backup\librs2.dll==================== Alternate Data Streams (whitelisted) ============================= Safe Mode (whitelisted) ===================HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\00512310.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\34865341.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\00512310.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\34865341.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"==================== EXE Association (whitelisted) ================================= Disabled items from MSCONFIG ==============MSCONFIG\startupfolder: C:^Documents and Settings^Donny^Start Menu^Programs^Startup^Verizon Wireless Software Utility Application for Android – Samsung.lnk => C:\WINDOWS\pss\Verizon Wireless Software Utility Application for Android – Samsung.lnkStartup==================== Faulty Device Manager Devices =============Name: Standard floppy disk controllerDescription: Standard floppy disk controllerClass Guid: {4D36E969-E325-11CE-BFC1-08002BE10318}Manufacturer: (Standard floppy disk controllers)Service: fdcProblem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.Name: SM Bus ControllerDescription: SM Bus ControllerClass Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}Manufacturer:Service:Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.Name:Description:Class Guid: {6BDD1FC6-810F-11D0-BEC7-08002BE2092F}Manufacturer:Service:Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.==================== Event log errors: =========================Application errors:==================Error: (06/06/2014 10:01:08 AM) (Source: VSS) (EventID: 12302) (User: )Description: Volume Shadow Copy Service error: An internal inconsistency was detected in tryingto contact shadow copy service writers. Please check to see that the Event Serviceand Volume Shadow Copy Service are operating properly.Error: (06/04/2014 01:51:13 PM) (Source: VSS) (EventID: 12302) (User: )Description: Volume Shadow Copy Service error: An internal inconsistency was detected in tryingto contact shadow copy service writers. Please check to see that the Event Serviceand Volume Shadow Copy Service are operating properly.Error: (06/04/2014 11:12:13 AM) (Source: VSS) (EventID: 12302) (User: )Description: Volume Shadow Copy Service error: An internal inconsistency was detected in tryingto contact shadow copy service writers. Please check to see that the Event Serviceand Volume Shadow Copy Service are operating properly.Error: (06/04/2014 01:27:20 AM) (Source: VSS) (EventID: 12302) (User: )Description: Volume Shadow Copy Service error: An internal inconsistency was detected in tryingto contact shadow copy service writers. Please check to see that the Event Serviceand Volume Shadow Copy Service are operating properly.Error: (06/03/2014 11:50:42 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application McSvHost.exe, version 3.8.703.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.Processing media-specific event for [McSvHost.exe!ws!]Error: (06/03/2014 07:15:58 PM) (Source: crypt32) (EventID: 8) (User: )Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.Error: (06/03/2014 07:15:58 PM) (Source: crypt32) (EventID: 8) (User: )Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.Error: (06/02/2014 02:44:47 PM) (Source: VSS) (EventID: 12302) (User: )Description: Volume Shadow Copy Service error: An internal inconsistency was detected in tryingto contact shadow copy service writers. Please check to see that the Event Serviceand Volume Shadow Copy Service are operating properly.Error: (06/01/2014 07:07:57 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: Hanging application DellSystemDetect.exe, version 5.7.0.6, hang module hungapp, version 0.0.0.0, hang address 0x00000000.Error: (05/31/2014 06:45:50 PM) (Source: VSS) (EventID: 12302) (User: )Description: Volume Shadow Copy Service error: An internal inconsistency was detected in tryingto contact shadow copy service writers. Please check to see that the Event Serviceand Volume Shadow Copy Service are operating properly.System errors:=============Error: (06/06/2014 02:37:45 PM) (Source: DCOM) (EventID: 10005) (User: DONNY-8E17D58B6)Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""in order to run the server:{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}Error: (06/06/2014 02:32:45 PM) (Source: DCOM) (EventID: 10005) (User: DONNY-8E17D58B6)Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""in order to run the server:{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}Error: (06/06/2014 02:32:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )Description: The McAfee Application Installer Cleanup (0150511402065688) service terminated unexpectedly. It has done this 1 time(s).Error: (06/06/2014 02:32:30 PM) (Source: Service Control Manager) (EventID: 7011) (User: )Description: Timeout (120000 milliseconds) waiting for a transaction response from the MBAMService service.Error: (06/06/2014 02:29:51 PM) (Source: DCOM) (EventID: 10005) (User: DONNY-8E17D58B6)Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""in order to run the server:{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}Error: (06/06/2014 02:29:51 PM) (Source: DCOM) (EventID: 10005) (User: DONNY-8E17D58B6)Description: DCOM got error "%%1058" attempting to start the service WSearch with arguments ""in order to run the server:{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}Error: (06/06/2014 02:29:33 PM) (Source: 0) (EventID: 1) (User: )Description: 0xC0000034_filelst.cfgHarddiskVolume1Error: (06/06/2014 10:51:19 AM) (Source: PlugPlayManager) (EventID: 11) (User: )Description: The device Root\LEGACY_MFEHIDK\0000 disappeared from the system without first being prepared for removal.Error: (06/06/2014 10:51:19 AM) (Source: PlugPlayManager) (EventID: 11) (User: )Description: The device Root\LEGACY_MFEBOPK\0000 disappeared from the system without first being prepared for removal.Error: (06/06/2014 10:51:19 AM) (Source: PlugPlayManager) (EventID: 11) (User: )Description: The device Root\LEGACY_MFEAVFK\0000 disappeared from the system without first being prepared for removal.Microsoft Office Sessions:=========================Error: (06/06/2014 10:01:08 AM) (Source: VSS) (EventID: 12302) (User: )Description:Error: (06/04/2014 01:51:13 PM) (Source: VSS) (EventID: 12302) (User: )Description:Error: (06/04/2014 11:12:13 AM) (Source: VSS) (EventID: 12302) (User: )Description:Error: (06/04/2014 01:27:20 AM) (Source: VSS) (EventID: 12302) (User: )Description:Error: (06/03/2014 11:50:42 PM) (Source: Application Error) (EventID: 1000) (User: )Description: McSvHost.exe3.8.703.0unknown0.0.0.000000000Error: (06/03/2014 07:15:58 PM) (Source: crypt32) (EventID: 8) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.Error: (06/03/2014 07:15:58 PM) (Source: crypt32) (EventID: 8) (User: )Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.Error: (06/02/2014 02:44:47 PM) (Source: VSS) (EventID: 12302) (User: )Description:Error: (06/01/2014 07:07:57 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: DellSystemDetect.exe5.7.0.6hungapp0.0.0.000000000Error: (05/31/2014 06:45:50 PM) (Source: VSS) (EventID: 12302) (User: )Description:==================== Memory info ===========================Percentage of memory in use: 24%Total physical RAM: 3069.86 MBAvailable physical RAM: 2324.14 MBTotal Pagefile: 4433.58 MBAvailable Pagefile: 3833.23 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1947.3 MB==================== Drives ================================Drive c: () (Fixed) (Total:465.75 GB) (Free:50.83 GB) NTFS ==>[Drive with boot components (Windows XP)]==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 47314730)Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)==================== End Of Log ============================ PS: It also produced another scan called: "Shortcuts" If you need it too, just let me know.. I'll wait for your next reply back. Thanks, we're getting there. lolYour friend,Brownie Link to post Share on other sites More sharing options...
B-boy/StyLe/ Posted June 8, 2014 ID:839147 Share Posted June 8, 2014 Hello Brownie, PS: I first Uninstalled McAfee, Next, I Scanned it with "MBAM" and wow! The total time for that scan with everything checked, was down to being only about 9 minutes, as compared to many hours previous to removing McAfee. I then performed the FRST Scan.Yeah, MBAM is faster than the most antivirus programs but however keep in mind that MBAM is not an antivirus program and also when used in "Threat Scan" mode MBAM don't have to scan every file on the computer and that help it do its job faster. Things are looking pretty good now, and yes! We now have "Device Manager" back as well as everything else now working. My son's name is now back in "Task Manager" too.That's great! Good to know that! That Blank Window still comes up on "Boot or Reboot" C:\Documents, and there are a couple of items running in Task Manager, that are really eating up some resources. One of the names is: "cidaemon.exe" the 2nd is: "cisvc.exe" and the 3rd is: "csrss.exe" And when one of them is running it really eats up the resources. They'll each take turns running in succession with one another, bringing the computer to a halt, while you wait for it to get done. "Whatever they're doing".We may need to use a different approach to catch this because I don't see any suspicious startup entries in the latest FRST log that may cause this but I have something in mind that may help resolving the issue.As for the processes - they are legit. They are a part of the Indexing service in Windows XP. Try to get rid of them this way:Go to => Start => Control Panel => Add or Remove Programs => Add/Remove Windows Components button on left hand side scroll down to and uncheck "Indexing Service" => click on the Next button and then on Finish. Close Add or Remove Programs.Next go to => Start => Run => type in services.msc and hit OK => scroll down to and double click Indexing Service => Click the Stop button and from the dropdown menu in the Startup type field, select Disabled => click the Apply button and then select OK. After you restart your machine they should be gone.You can also improve your computer performance by following the steps below:Use Disk Cleanup to delete files you no longer need and reclaim storage space on your computer.Open Disk Cleanup by clicking the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk Cleanup.If the Disk Cleanup: Drive Selection dialog box appears, select the hard disk drive that you want to clean up, and then click OK.Click the Disk Cleanup tab, and then select the check boxes for the files you want to delete.When you finish selecting the files you want to delete, click OK, and then click Delete files to confirm the operation. Disk Cleanup proceeds to remove all unnecessary files from your computer.You can use Disk Defragmenter to rearrange files and unused space on your hard disk so that programs run fasterPlease Open Disk Defragmenter by clicking the Start button, clicking All Programs, clicking Accessories, clicking System Tools, and then clicking Disk DefragmenterSelect the drive you want to Defragment (the drive where Windows is installed).Click Defragment Now.Use MSConfig to disable any processes that you do not want running in the background of the computer.Please type msconfig in the start menu, then hit enter.Go to the startup tab and then uncheck any programs that you don't need to load with Windows like these:NvCplDaemonISUSSchedulerISUSPM StartupehTrayDLAZune LauncherSwitchBoardAdobeCS5ServiceManagerAdobeAAMUpdater-1.0Adobe ARMFlashPlayerUpdateWMPNSCFGAdobeBridgeswgMSMSGSClick the "Apply" button and click "OK" to close the MSCONFIG window.Restart your computer to save the changes you made to the Startup.You might have a popup window when you log on. This is typical. Just click ok. You can also make the popup window not come up anymore by checking the box there.The programs you removed will no longer automatically launch once Windows starts up. You can always revert the changes at a later stage if some of your applications require them... Also I guess that disabling the ISUSScheduler and ISUSPM startup entries will resolve the issue with the blank folder on reboot. Let me know! Also It's a good idea to install the drivers for the chipset: (the SM Bus Controller) driver is missing! Name: SM Bus ControllerDescription: SM Bus ControllerClass Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}Manufacturer:Service:Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.Let me know if you need assistance in finding the correct driver(s) for your computer. Also I noticed an error that prevents VSS to do its job. Volume Shadow Copy is imporant to backup. Error: (06/06/2014 10:01:08 AM) (Source: VSS) (EventID: 12302) (User: )Description: Volume Shadow Copy Service error: An internal inconsistency was detected in tryingto contact shadow copy service writers. Please check to see that the Event Serviceand Volume Shadow Copy Service are operating properly. Check this outSo please click Start Menu > Run => type in CMD and hit OKCopy/paste the following text at the command prompt and press enter after each line:vssadmin list writers >>c:\report1.txtvssadmin list providers >>c:\report2.txtvssadmin list shadows >>c:\report3.txtfltmc >>c:\report4.txtand attach the logs c:\report1.txt, report2.txt, report3.txt and report4.txt to your next reply. Regards,Georgi Link to post Share on other sites More sharing options...
Brownie Posted June 8, 2014 Author ID:839309 Share Posted June 8, 2014 Hi Georgi, I'll follow the list you sent and let you know how it goes. I'm familiar with most all of it, so I have a good grip on that, so it ought to go smooth. Of (I think) great importance for you to know: I knew that system had to have some powerful infections in it, since before I came on here to get help, I'd checked over all the things I could and the one thing I noticed was the fact that most everything had been "Disabled" when I ran: "Services.msc" Concerning the "Disabled Floppy Drive" this is why that's reported as being Disabled... McAfee sent an Update out to folks a couple of months back, that had bugs in it. After the computers started up they would keep accessing the A: drive/s, making them chatter like heck over and over constantly. I had already solved that problem in our computers, via way of "Device Manager" and then "Disabling the Floppy Drives" even before anyone knew what the real problem was. So until we get word from McAfee the Disabled Reports for that (the Floppy Drive) are correct. Also the Re-Installation of McAfee went smooth and it's now working fine, right alongside of MBAM in Real Time too. I wanted to let you know about that. OK, I'll get that list of work done and give you the results. Thanks again so very much Your friend,Brownie Link to post Share on other sites More sharing options...
B-boy/StyLe/ Posted June 9, 2014 ID:839489 Share Posted June 9, 2014 Hi Brownie, I didn't mean that the disabled Floppy Device is an issue but the missing SM Bus Controller driver instead. Check this out Regards,Georgi Link to post Share on other sites More sharing options...
B-boy/StyLe/ Posted June 11, 2014 ID:840405 Share Posted June 11, 2014 Hi Brownie, Are you still around? Just checking. Hope you are doing well. Regards,Georgi Link to post Share on other sites More sharing options...
Brownie Posted June 11, 2014 Author ID:840418 Share Posted June 11, 2014 Hi Georgi, Sorry, I had a couple of bad days (old age I guess) but I'm now back and going to get that report to you ASAP.. Thanks for asking. I was like the red headed step child for a while there. lol One thing you can bet on, is the fact I won't be leaving you until we've completed the task. Then I'll be using paypal. In the meantime, I do want to really thank you for sticking with me on this. Thanks my friend,Brownie Link to post Share on other sites More sharing options...
B-boy/StyLe/ Posted June 14, 2014 ID:841542 Share Posted June 14, 2014 Hi Brownie, No worries about the delay. As you can see I had a busy week as well.Thank you for letting me know! Regards,Georgi Link to post Share on other sites More sharing options...
Brownie Posted June 17, 2014 Author ID:842799 Share Posted June 17, 2014 Hi Georgi, My full Apologies for my delay, I'm currently (now) down to the last step before doing the CMD reports. I Disabled those start up items you listed in msconfig, but that C:\Documents "folder" is still alive and well.. Although it still comes up during (both) Cold Boot as well as on Restarts, it gives no other (seeable) problem. If I click on the X to close it, it drops down onto the Task Bar, and then if I "Right Click" on it and click on "Close" it then closes. I went to C:\ and the folder is in there. It's empty. Under the "Properties" General Tab, it's showing Size is 0 bytes, Size on disk 0 bytes, and is marked (as the other folders in there are) "Read Only" (and again as the other folders in there are) under Advanced: the box is checked: "For fast searching, allow indexing service to index this folder" Ok I'm on to installing the drivers for the Chipset. Thanks again so very much for understanding my situation, it's much appreciated. Brownie Link to post Share on other sites More sharing options...
B-boy/StyLe/ Posted June 18, 2014 ID:842881 Share Posted June 18, 2014 Hello Brownie, No problems. I received your PM and I understand the situation.Can you let me know what is the name and the full filepath of this mysterious folder? Please download AutoRuns and save it to your desktop.Right click on the downloaded file and choose Extract All Files.Once extracted, open the program named Autoruns.Click on Options and then Hide Microsoft and Windows Entries.Press F5 to refresh the startup list.Next go to File -> Save and choose the file type to Text File (.arn).Please zip the file and upload it here => http://zippyshare.com/ and then post the link to the archive in your next reply. Regards,Georgi Link to post Share on other sites More sharing options...
Brownie Posted June 18, 2014 Author ID:843052 Share Posted June 18, 2014 Hi Georgi, Success in the installing the driver. Since it's a Dell computer, and my son found his original CD's that came with it, there was one with all the drivers. Number 2 on the list was just what we needed. It loaded the file on the desktop and from there it was automatic installation. Granted that driver may be out of date (possibly) but it's working fine. So I'm assured it's the correct one for that mother board's "Chip Set". Thought you'd like to know. Before I do this other step for that Window, I'm thinking you'd want me to first complete this last step for posting the (4) CMD Txt results. Hope I'm right. PS: I'll download AutoRuns and follow your steps to the letter. The path to that window is: C:\ Hope that's what you wanted. when it comes up, in the top bar it's shows: C:\Windows And it's definitely residing in C:\ Thanks,Brownie Link to post Share on other sites More sharing options...
Recommended Posts