moonze

I tried to copy paste both files. I get an error saying post too long. So i then tried to post just one log, still same error. Now i will try to attach them. FRST.txtAddition.txt

Been over a week with no response.

I was directed here after having some malware issues removed. The problem i am having is i get an error saying punkbuster needs to shut down. I play Call of Duty World at War online. When i turn my pc on and wait for the system to fully load, i then click on waw to play online. The screens starts to open, then it minimizes and says there was an error with pnkbstr.exe and it needs to shut down. Sometimes i can click on the minimized window of cod and continue to play, and somestimes i have to right click it to close it out since its not responding. I then i have to wait a few minutes to try again, because if i dont, it says i have a duplicate on the server. I was told to use punkbuster setup to reload it, but the sight is no longer being payed by Activision, so therefore it doesnt support COD anymore. This never happened until after the malware was removed. What else can i do?

Results of screen317's Security Check version 0.99.81 Windows XP Service Pack 3 x86 Internet Explorer 8 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Disabled! McAfee Anti-Virus and Anti-Spyware Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 CCleaner Java 7 Update 51 Adobe Flash Player 12.0.0.44 Adobe Reader XI Mozilla Firefox (27.0) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C:: 15% Defragment your hard drive soon! (Do NOT defrag if SSD!) ````````````````````End of Log``````````````````````

Fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014 01 Ran by Mike at 2014-03-24 09:01:58 Run:1 Running from C:\Documents and Settings\Mike\Desktop Boot Mode: Normal ============================================== Content of fixlist: ***************** C:\Documents and Settings\Mike\My Documents\wpsetup.exe C:\Program Files\Flvto Converter\FlvtoConverterSetupV0.3.2.exe C:\WINDOWS\system32\Adobe\Shockwave 12\gt.exe ***************** C:\Documents and Settings\Mike\My Documents\wpsetup.exe => Moved successfully. C:\Program Files\Flvto Converter\FlvtoConverterSetupV0.3.2.exe => Moved successfully. C:\WINDOWS\system32\Adobe\Shockwave 12\gt.exe => Moved successfully. ==== End of Fixlog ==== Adwarecleaner: # AdwCleaner v3.022 - Report created 24/03/2014 at 09:06:50 # Updated 13/03/2014 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : Mike - TRON33 # Running from : C:\Documents and Settings\Mike\Desktop\adwcleaner.exe # Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** [!] Folder Deleted : C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v27.0 (en-US) [ File : C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\6alscx3p.default-1391569677500\prefs.js ] -\\ Google Chrome v [ File : C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [1114 octets] - [24/03/2014 09:05:48] AdwCleaner[s0].txt - [1042 octets] - [24/03/2014 09:06:50] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1102 octets] ########## JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.3 (03.23.2014:1) OS: Microsoft Windows XP x86 Ran by Mike on Mon 03/24/2014 at 9:16:17.73 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Mon 03/24/2014 at 9:36:29.57 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Secuirty Check did not run. Said, unsupported operating system, aborting.

Malware: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Database version: v2014.03.23.01 Windows XP Service Pack 3 x86 NTFS Internet Explorer 8.0.6001.18702 Mike :: TRON33 [administrator] Protection: Enabled 3/22/2014 7:22:36 PM mbam-log-2014-03-22 (19-22-36).txt Scan type: Full scan (C:\|E:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 485706 Time elapsed: 6 hour(s), 4 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 2 HKLM\SOFTWARE\Microsoft\Security Center|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. HKLM\SOFTWARE\Microsoft\Security Center|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully. Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) ESET C:\Documents and Settings\Mike\My Documents\wpsetup.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\Program Files\Flvto Converter\FlvtoConverterSetupV0.3.2.exe Win32/InstallMonetizer.AN potentially unwanted application C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP222\A0182069.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP222\A0182070.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP222\A0182072.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP222\A0182074.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP222\A0182075.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP222\A0182076.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP222\A0182077.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP222\A0182078.exe a variant of Win32/Toolbar.Conduit.H potentially unwanted application C:\System Volume Information\_restore{C12F2F84-3FDB-45AF-AD32-216C6308BF29}\RP226\A0185477.exe Win32/InstallCore.IY potentially unwanted application C:\WINDOWS\system32\Adobe\Shockwave 12\gt.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application

I think by shutting down all the way, then turning the machine back on, allowed the antivirus to update. It did shut off, but it was during the update then it installed the new files. After it was complete, the pc restarted, and the antivirus stayed on. This morning when turning on my machine, it found a trojan with the name Artemis! and it quarentined it.

tried the procedures above, same thing, antivirus still turns itself off. tried to update, but still turns off.

For the scannow, there was nothing after it was done, it just stopped. Event Type: Information Event Source: Winlogon Event Category: None Event ID: 1001 Date: 3/20/2014 Time: 10:21:32 PM User: N/A Computer: TRON33 Description: Checking file system on C: The type of the file system is NTFS. A disk check has been scheduled. Windows will now check the disk. Cleaning up minor inconsistencies on the drive. Cleaning up 146 unused index entries from index $SII of file 0x9. Cleaning up 146 unused index entries from index $SDH of file 0x9. Cleaning up 146 unused security descriptors. CHKDSK is verifying file data (stage 4 of 5)... File data verification completed. CHKDSK is verifying free space (stage 5 of 5)... Free space verification is complete. 488375968 KB total disk space. 104475408 KB in 257060 files. 91488 KB in 10444 indexes. 0 KB in bad sectors. 359204 KB in use by the system. 65536 KB occupied by the log file. 383449868 KB available on disk. 4096 bytes in each allocation unit. 122093992 total allocation units on disk. 95862467 allocation units available on disk. Internal Info: 50 38 04 00 fb 14 04 00 15 64 06 00 00 00 00 00 P8.......d...... e8 0a 00 00 04 00 00 00 bd 08 00 00 00 00 00 00 ................ 58 55 1f 15 00 00 00 00 68 a1 16 8f 00 00 00 00 XU......h....... d2 db 69 1f 00 00 00 00 ea f9 e9 39 07 00 00 00 ..i........9.... 4c fc 99 14 1d 00 00 00 6e 74 48 19 25 00 00 00 L.......ntH.%... 99 9e 36 00 00 00 00 00 a8 39 07 00 24 ec 03 00 ..6......9..$... 00 00 00 00 00 40 ac e8 18 00 00 00 cc 28 00 00 .....@.......(.. Windows has finished checking your disk. Please wait while your computer restarts. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.

For this part: System File Check For Windows XP: Press the Windows- and the R-key simultanously.Within the text box that jus opened, write cmd and hit Enter.Can i Click Start then Run and type in CMD? I use an older keyboard and it doesnt have the Window Key.

I didnt do anything, i just copy pasted from the notepad. Here is combofix: ComboFix 14-03-19.01 - Mike 03/19/2014 20:26:50.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2815.1928 [GMT -7:00] Running from: c:\documents and settings\Mike\Desktop\ComboFix.exe AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: ActiveArmor Firewall *Enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D} FW: McAfee Firewall *Enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8} . . ((((((((((((((((((((((((( Files Created from 2014-02-20 to 2014-03-20 ))))))))))))))))))))))))))))))) . . 2014-03-17 16:31 . 2014-03-17 16:57 -------- d-----w- C:\FRST . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2014-03-19 23:31 . 2012-04-05 16:06 139280 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2014-03-19 23:31 . 2012-04-06 17:22 281872 ----a-w- c:\windows\system32\PnkBstrB.xtr 2014-03-19 23:31 . 2012-04-05 16:06 281872 ----a-w- c:\windows\system32\PnkBstrB.exe 2014-03-19 17:21 . 2012-04-05 16:06 281872 ----a-w- c:\windows\system32\PnkBstrB.ex0 2014-02-24 11:46 . 2005-08-31 15:58 920064 ----a-w- c:\windows\system32\wininet.dll 2014-02-24 11:45 . 2005-08-31 15:58 43520 ------w- c:\windows\system32\licmgr10.dll 2014-02-24 11:45 . 2005-08-31 15:57 1469440 ------w- c:\windows\system32\inetcpl.cpl 2014-02-24 11:45 . 2005-08-31 15:57 18944 ----a-w- c:\windows\system32\corpol.dll 2014-02-24 10:54 . 2005-08-31 15:57 385024 ------w- c:\windows\system32\html.iec 2014-02-07 02:01 . 2005-08-31 15:58 1879040 ----a-w- c:\windows\system32\win32k.sys 2014-02-05 18:01 . 2012-04-05 07:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2014-02-05 18:01 . 2012-04-05 07:53 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2014-02-05 08:55 . 2005-08-31 15:58 562688 ----a-w- c:\windows\system32\qedit.dll 2014-01-27 16:18 . 2012-07-03 20:28 61400 ----a-w- c:\windows\system32\drivers\cfwids.sys 2014-01-27 16:11 . 2012-07-03 20:22 175480 ----a-w- c:\windows\system32\mfevtps.exe 2014-01-27 16:11 . 2012-07-03 20:28 92216 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys 2014-01-27 16:06 . 2012-02-22 20:29 573840 ----a-w- c:\windows\system32\drivers\mfehidk.sys 2014-01-27 16:05 . 2012-12-17 16:18 85544 ----a-w- c:\windows\system32\drivers\mfendisk.sys 2014-01-27 16:04 . 2012-07-03 20:28 366248 ----a-w- c:\windows\system32\drivers\mfefirek.sys 2014-01-27 16:04 . 2012-07-03 20:28 66408 ----a-w- c:\windows\system32\drivers\mfebopk.sys 2014-01-27 16:03 . 2014-01-27 16:03 236480 ----a-w- c:\windows\system32\drivers\SETB6.tmp 2014-01-27 16:03 . 2012-07-03 20:28 236480 ----a-w- c:\windows\system32\drivers\mfeavfk.sys 2014-01-27 16:02 . 2012-02-22 20:29 134568 ----a-w- c:\windows\system32\drivers\mfeapfk.sys 2014-01-21 10:49 . 2014-01-21 10:49 10632 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys 2014-01-21 10:49 . 2014-01-21 10:49 81264 ----a-w- c:\windows\system32\drivers\mfencrk.sys 2014-01-21 10:48 . 2014-01-21 10:48 330248 ----a-w- c:\windows\system32\drivers\mfencbdc.sys 2014-01-04 03:13 . 2005-08-31 15:58 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-12-24 14:47 . 2012-04-05 04:39 36864 ----a-w- c:\windows\system32\drivers\AmdK8.sys . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDCPL"="RTHDCPL.EXE" [2006-02-27 16005120] "mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 517392] "Nvtmru"="c:\program files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2013-06-21 15677728] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2013-06-21 223008] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2011-10-24 421888] "mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 517392] . c:\documents and settings\Mike\Start Menu\Programs\Startup\ Xfire.lnk - c:\program files\Xfire\Xfire.exe [2013-3-20 3560832] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2013-11-21 16:57 959904 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-04-22 04:43 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter] 2010-07-26 02:08 2569616 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2012-04-05 05:02 116648 ----atw- c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2013-08-16 16:07 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] 2006-01-12 22:40 155648 ----a-w- c:\program files\Common Files\Ahead\Lib\NeroCheck.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2011-10-24 21:28 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl] 2004-11-03 03:24 32768 ----a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2013-07-02 17:16 254336 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2012-04-10 02:26 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus] "DisableMonitoring"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall] "DisableMonitoring"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"= "c:\\WINDOWS\\system32\\PnkBstrA.exe"= "c:\\WINDOWS\\system32\\PnkBstrB.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaW.exe"= "c:\\Program Files\\Activision\\Call of Duty - World at War\\CoDWaWmp.exe"= "c:\\Program Files\\Xfire\\Xfire.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"= "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Update Core\\daemonu.exe"= "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= "c:\\Program Files\\Common Files\\Mcafee\\Platform\\McSvcHost\\McSvHost.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R?2 mcbootdelaystartsvc;McAfee Boot Delay Start Service;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [3/17/2014 7:02 AM 281560] R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [7/3/2012 1:28 PM 92216] R2 EventService;MR APP Event Service;c:\program files\MR APP\MRAPP.Event.Service.exe [12/17/2013 12:50 PM 31744] R2 HomeNetSvc;McAfee Home Network;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [3/17/2014 7:02 AM 281560] R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/3/2012 1:28 PM 167784] R2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe [3/17/2014 7:02 AM 145568] R2 mcpltsvc;McAfee Platform Services;"c:\program files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc [3/17/2014 7:02 AM 281560] R2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\Mcafee\AMCore\mcshield.exe [3/16/2014 8:43 AM 644088] R2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [7/3/2012 1:28 PM 169800] R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [7/3/2012 1:22 PM 175480] R2 TransferService;MR APP Transfer Service;c:\program files\MR APP\MRAPP.Transfer.Service.exe [12/17/2013 12:49 PM 31232] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [7/3/2012 1:28 PM 366248] R3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\drivers\mfencbdc.sys [1/21/2014 3:48 AM 330248] R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [12/17/2012 9:18 AM 85544] S2 LiveUpdateSvc;LiveUpdate;c:\program files\IObit\LiveUpdate\LiveUpdate.exe [10/29/2013 8:59 AM 2151200] S2 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/3/2012 1:28 PM 167784] S2 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [7/3/2012 1:28 PM 167784] S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [7/3/2012 1:28 PM 61400] S3 DrvAgent32;DrvAgent32;c:\windows\system32\drivers\DrvAgent32.sys [9/17/2013 5:04 PM 23456] S3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys [12/11/2012 9:48 AM 147912] S3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\drivers\mfencrk.sys [1/21/2014 3:49 AM 81264] S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [12/17/2012 9:18 AM 85544] . Contents of the 'Scheduled Tasks' folder . 2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 02:26] . 2014-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 02:26] . 2014-03-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003Core.job - c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-05 05:02] . 2014-03-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003UA.job - c:\documents and settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2012-04-05 05:02] . . ------- Supplementary Scan ------- . mSearch Bar = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html uInternet Settings,ProxyOverride = <-loopback>;;view.truste.com uSearchURL,(Default) = hxxp://rd.yahoo.com/customize/sbcydsl/defaults/su/*http://www.yahoo.com IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 Trusted Zone: $talisma_url$ Trusted Zone: starstable.com Trusted Zone: xfire.com\secure TCP: DhcpNameServer = 192.168.1.254 FF - ProfilePath - c:\documents and settings\Mike\Application Data\Mozilla\Firefox\Profiles\6alscx3p.default-1391569677500\ . - - - - ORPHANS REMOVED - - - - . AddRemove-MixPad - c:\program files\NCH Software\MixPad\mixpad.exe AddRemove-Pixillion - c:\program files\NCH Software\Pixillion\pixillion.exe AddRemove-VideoPad - c:\program files\NCH Software\VideoPad\videopad.exe AddRemove-WavePad - c:\program files\NCH Software\WavePad\wavepad.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2014-03-19 20:46 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1960408961-606747145-725345543-1003\Software\SecuROM\License information*] "datasecu"=hex:14,ad,1d,81,4e,fa,fb,29,33,f8,04,a5,24,7e,3b,11,bf,e0,54,98,5c, 5f,94,87,89,cb,34,04,08,4f,78,cf,5b,c3,d9,ea,ca,43,87,d4,19,c8,50,7f,d8,0d,\ "rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_12_0_0_38_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'explorer.exe'(3000) c:\windows\system32\WININET.dll c:\progra~1\mcafee\SITEAD~1\saHook.dll c:\program files\Xfire\xfire_toucan_46139.dll c:\windows\system32\ieframe.dll c:\windows\system32\msi.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . Completion time: 2014-03-19 20:50:08 ComboFix-quarantined-files.txt 2014-03-20 03:49 . Pre-Run: 392,686,731,264 bytes free Post-Run: 394,054,025,216 bytes free . - - End Of File - - 14ACF2F1C1E9F97CBBD3B061BC900C0B 8F558EB6672622401DA993E1E865C861

I do open them in notepad. I dont see what the problem you are having trying to read them. I can attach them if you want. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Mike (administrator) on TRON33 on 17-03-2014 09:56:37 Running from C:\Documents and Settings\Mike\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Digital Market Research Apps Pty Ltd) C:\Program Files\MR APP\MRAPP.Event.Service.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (Xfire Inc.) C:\Program Files\Xfire\Xfire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (Apache Software Foundation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Apache Software Foundation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\WINDOWS\system32\PnkBstrA.exe (Digital Market Research Apps Pty Ltd) C:\Program Files\MR APP\MRAPP.Transfer.Service.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe () C:\WINDOWS\system32\PnkBstrB.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16005120 2006-02-27] (Realtek Semiconductor Corp.) HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-01-28] (McAfee, Inc.) HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15677728 2013-06-21] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [223008 2013-06-21] (NVIDIA Corporation) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2011-10-24] (Apple Inc.) HKLM\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-01-28] (McAfee, Inc.) HKU\S-1-5-21-1960408961-606747145-725345543-1003\...\Run: [Google Update] - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-04-04] (Google Inc.) Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\Xfire.lnk ShortcutTarget: Xfire.lnk -> C:\Program Files\Xfire\Xfire.exe (Xfire Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {F6DEA26D-6B54-4791-9B02-ACE45D39F09C} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {4EA46B1B-D008-4CB3-8769-40A8C130D9CC} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll (Yahoo! Inc.) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {26CF0ECA-50B9-411D-BA37-86BD6AD53382} http://www.starstable.com/plugin/PXStudioRuntimeAX.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\6alscx3p.default-1391569677500 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\Documents and Settings\All Users\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2012-07-03] Chrome: ======= CHR DefaultSearchKeyword: bing.com CHR DefaultSearchProvider: Bing CHR DefaultSearchURL: http://www.bing.com/search?setmkt=en-US&q={searchTerms} CHR DefaultNewTabURL: CHR Extension: (YouTube) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-04] CHR Extension: (Google Search) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-04] CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-04-06] CHR Extension: (Ads Removal) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-13] CHR Extension: (Amazing Coupons) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-02-28] CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-01-24] CHR Extension: (Google Wallet) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01] CHR Extension: (Gmail) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-04] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2012-07-03] CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 EventService; C:\Program Files\MR APP\MRAPP.Event.Service.exe [31744 2013-12-17] (Digital Market Research Apps Pty Ltd) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [143360 2006-03-30] () R2 ForcewareWebInterface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [20543 2006-02-07] (Apache Software Foundation) R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-01-28] (McAfee, Inc.) U2 mcbootdelaystartsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [644088 2014-01-21] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-01-27] (McAfee, Inc.) R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [175480 2014-01-27] (McAfee, Inc.) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [131131 2006-03-30] (NVIDIA Corporation) R2 nSvcLog; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [65599 2006-03-30] (NVIDIA Corporation) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76888 2012-05-18] () R2 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [281872 2014-03-17] () R2 TransferService; C:\Program Files\MR APP\MRAPP.Transfer.Service.exe [31232 2013-12-17] (Digital Market Research Apps Pty Ltd) ==================== Drivers (Whitelisted) ==================== R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2013-12-24] (Advanced Micro Devices) S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [61400 2014-01-27] (McAfee, Inc.) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.) R2 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [134568 2014-01-27] (McAfee, Inc.) R2 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [236480 2014-01-27] (McAfee, Inc.) S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [66408 2014-01-27] (McAfee, Inc.) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [366248 2014-01-27] (McAfee, Inc.) R2 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [573840 2014-01-27] (McAfee, Inc.) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [330248 2014-01-21] (McAfee, Inc.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81264 2014-01-21] (McAfee, Inc.) S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [85544 2014-01-27] (McAfee, Inc.) R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [85544 2014-01-27] (McAfee, Inc.) R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [92216 2014-01-27] (McAfee, Inc.) S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [100736 2006-04-24] (NVIDIA Corporation) S0 nvatabus; C:\WINDOWS\system32\Drivers\nvatabus.sys [99840 2006-03-16] (NVIDIA Corporation) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2013-10-29] (NVIDIA Corporation) R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-24] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2013-10-29] (NVIDIA Corporation) S1 NVTCP; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [109568 2006-03-22] (NVIDIA Corporation) R3 PnkBstrK; C:\WINDOWS\system32\drivers\PnkBstrK.sys [139280 2014-03-17] () S4 IntelIde; No ImagePath U2 mfewfpk; U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-17 09:31 - 2014-03-17 09:56 - 00017172 _____ () C:\Documents and Settings\Mike\Desktop\FRST.txt 2014-03-17 09:31 - 2014-03-17 09:56 - 00000000 ____D () C:\FRST 2014-03-17 09:31 - 2014-03-17 09:31 - 01145856 _____ (Farbar) C:\Documents and Settings\Mike\Desktop\FRST.exe 2014-03-17 07:59 - 2014-03-17 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee 2014-03-14 09:59 - 2014-03-14 09:59 - 00011201 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-14 09:36 - 2014-03-14 09:59 - 00009734 _____ () C:\WINDOWS\KB2930275.log 2014-03-14 09:36 - 2014-03-14 09:59 - 00008512 _____ () C:\WINDOWS\KB2929961.log 2014-03-10 10:27 - 2014-03-10 10:27 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk 2014-03-06 08:40 - 2014-03-11 18:29 - 00000806 _____ () C:\WINDOWS\wmsetup.log ==================== One Month Modified Files and Folders ======= 2014-03-17 09:56 - 2014-03-17 09:31 - 00017172 _____ () C:\Documents and Settings\Mike\Desktop\FRST.txt 2014-03-17 09:56 - 2014-03-17 09:31 - 00000000 ____D () C:\FRST 2014-03-17 09:56 - 2012-04-04 22:02 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003UA.job 2014-03-17 09:52 - 2012-04-04 21:23 - 01733895 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-17 09:31 - 2014-03-17 09:31 - 01145856 _____ (Farbar) C:\Documents and Settings\Mike\Desktop\FRST.exe 2014-03-17 09:30 - 2013-02-26 08:50 - 00013776 _____ () C:\WINDOWS\system32\nvAppTimestamps 2014-03-17 09:29 - 2012-04-09 19:26 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-17 08:31 - 2012-04-05 09:06 - 00139280 _____ () C:\WINDOWS\system32\Drivers\PnkBstrK.sys 2014-03-17 08:30 - 2012-04-06 10:22 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.xtr 2014-03-17 08:30 - 2012-04-05 09:06 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.exe 2014-03-17 08:03 - 2012-04-05 01:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee 2014-03-17 07:59 - 2014-03-17 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee 2014-03-17 07:58 - 2012-04-04 22:41 - 00000716 _____ () C:\WINDOWS\system32\nmp.log 2014-03-17 07:58 - 2005-08-31 08:59 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-03-17 07:56 - 2014-01-22 17:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-03-17 07:56 - 2014-01-22 17:23 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-03-17 07:55 - 2012-04-09 19:26 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-17 07:55 - 2012-04-05 00:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$ 2014-03-17 07:55 - 2012-04-04 21:42 - 00000000 ____D () C:\WINDOWS\system32\Lang 2014-03-17 07:55 - 2012-04-04 21:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-17 07:54 - 2014-01-22 17:22 - 00032560 _____ () C:\WINDOWS\SchedLgU.Txt 2014-03-17 07:54 - 2012-04-04 21:28 - 00000178 ___SH () C:\Documents and Settings\Mike\ntuser.ini 2014-03-17 07:12 - 2012-07-03 13:28 - 00000000 ____D () C:\Program Files\McAfee 2014-03-17 07:06 - 2012-07-03 13:28 - 00000000 ____D () C:\Program Files\Common Files\Mcafee 2014-03-17 07:05 - 2013-02-28 23:04 - 00507014 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-606747145-725345543-1003-0.dat 2014-03-17 07:05 - 2013-02-28 23:04 - 00160782 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2014-03-17 07:03 - 2014-02-02 09:09 - 00115756 _____ () C:\WINDOWS\setupapi.log 2014-03-16 09:06 - 2012-04-05 09:06 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.ex0 2014-03-15 15:45 - 2012-08-23 17:42 - 00000000 ____D () C:\Documents and Settings\Mike\Desktop\Wizard101 2014-03-15 11:56 - 2012-04-04 22:02 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003Core.job 2014-03-14 15:28 - 2013-08-20 15:40 - 00000116 _____ () C:\Documents and Settings\Mike\Desktop\Survey passcode.txt 2014-03-14 15:08 - 2012-04-04 14:18 - 00152384 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-14 09:59 - 2014-03-14 09:59 - 00011201 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-14 09:59 - 2014-03-14 09:36 - 00009734 _____ () C:\WINDOWS\KB2930275.log 2014-03-14 09:59 - 2014-03-14 09:36 - 00008512 _____ () C:\WINDOWS\KB2929961.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00040098 _____ () C:\WINDOWS\iis6.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00037100 _____ () C:\WINDOWS\FaxSetup.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00017736 _____ () C:\WINDOWS\ocgen.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00016927 _____ () C:\WINDOWS\tsoc.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00012366 _____ () C:\WINDOWS\comsetup.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00011320 _____ () C:\WINDOWS\msmqinst.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00007488 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00006498 _____ () C:\WINDOWS\netfxocm.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00006354 _____ () C:\WINDOWS\updspapi.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00002550 _____ () C:\WINDOWS\MedCtrOC.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00002052 _____ () C:\WINDOWS\ocmsn.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00001866 _____ () C:\WINDOWS\tabletoc.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00001854 _____ () C:\WINDOWS\msgsocm.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-03-14 09:59 - 2012-04-05 00:34 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-03-11 18:29 - 2014-03-06 08:40 - 00000806 _____ () C:\WINDOWS\wmsetup.log 2014-03-11 18:07 - 2012-04-12 05:40 - 00000000 ____D () C:\Program Files\Xfire 2014-03-10 10:27 - 2014-03-10 10:27 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk 2014-03-10 10:27 - 2013-04-16 19:08 - 00001868 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk 2014-03-10 10:27 - 2013-04-16 19:08 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor 2014-03-09 06:46 - 2012-04-04 14:19 - 00634032 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-03-08 08:45 - 2012-04-28 06:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2014-03-07 07:29 - 2012-12-17 09:19 - 00001024 ____H () C:\WINDOWS\system32\config\ELAM.LOG 2014-02-24 16:24 - 2005-08-31 08:57 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-02-24 16:24 - 2005-08-31 08:57 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe 2014-02-24 04:46 - 2012-04-05 00:34 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2014-02-24 04:46 - 2012-04-04 21:22 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-02-24 04:45 - 2012-06-13 07:52 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2014-02-24 04:45 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-02-24 04:45 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-02-24 04:45 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-02-24 04:45 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2014-02-24 04:45 - 2005-08-31 08:58 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2014-02-24 04:45 - 2005-08-31 08:58 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-02-24 04:45 - 2005-08-31 08:57 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl 2014-02-24 04:45 - 2005-08-31 08:57 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll 2014-02-24 03:54 - 2005-08-31 08:57 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-02-23 00:45 - 2012-04-26 12:58 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini 2014-02-21 18:04 - 2012-04-04 21:28 - 00000000 ____D () C:\Documents and Settings\Mike 2014-02-17 10:52 - 2012-04-14 08:52 - 00000000 ____D () C:\Documents and Settings\Mike\Application Data\Xfire Some content of TEMP: ==================== C:\Documents and Settings\Mike\Local Settings\temp\hcuninstaller_20140203_072758_1832.exe C:\Documents and Settings\Mike\Local Settings\temp\ICReinstall_FirefoxSetup[1].exe C:\Documents and Settings\Mike\Local Settings\temp\promote-upx.exe C:\Documents and Settings\Mike\Local Settings\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Addition txt: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Mike at 2014-03-17 09:56:56 Running from C:\Documents and Settings\Mike\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FW: ActiveArmor Firewall (Disabled) {EDC10449-64D1-46c7-A59A-EC20D662F26D} ==================== Installed Programs ====================== Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.) Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) att.net Internet Mail (HKLM\...\Yahoo! Mail) (Version: - ) Audio MP3 Editor 5.80 (HKLM\...\Audio MP3 Editor_is1) (Version: - audio2x.com) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Call of Duty® - World at War (HKLM\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.7 - Activision) Call of Duty® - World at War (Version: 1.0 - Activision) Hidden Call of Duty® - World at War 1.2 Patch (Version: - ) Hidden Call of Duty® - World at War 1.2 Patch (Version: 1.2 - Activision) Hidden Call of Duty® - World at War 1.3 Patch (Version: - ) Hidden Call of Duty® - World at War 1.3 Patch (Version: 1.3 - Activision) Hidden Call of Duty® - World at War 1.4 Patch (Version: - ) Hidden Call of Duty® - World at War 1.4 Patch (Version: 1.4 - Activision) Hidden Call of Duty® - World at War 1.5 Patch (Version: - ) Hidden Call of Duty® - World at War 1.5 Patch (Version: 1.5 - Activision) Hidden Call of Duty® - World at War 1.6 Patch (Version: - ) Hidden Call of Duty® - World at War 1.6 Patch (Version: 1.6 - Activision) Hidden Call of Duty® - World at War 1.7 Patch (Version: - ) Hidden Call of Duty® - World at War 1.7 Patch (Version: 1.7 - Activision) Hidden Canon MP Navigator EX 4.1 (HKLM\...\MP Navigator EX 4.1) (Version: - ) Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version: - ) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) Disney's Stanley Tiger Tales (HKLM\...\{75C139EF-A37B-11D5-B232-0050DACD394D}) (Version: - ) e-Rewards Notify (HKLM\...\{54AA8284-7213-4D3E-9186-9DB50AFF600D}) (Version: 1.1.0.181 - e-Rewards Opinion Panel) Eye Candy 4000 (HKLM\...\Eye Candy 4000) (Version: - ) Flvto Youtube Downloader (HKLM\...\Flvto Youtube Downloader) (Version: 0.5.0 - Hotger) FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time) Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden HandBrake 0.9.8 (HKLM\...\HandBrake) (Version: 0.9.8 - ) Happy Cloud Client (HKCU\...\HappyCloud) (Version: 1.386 - Happy Cloud, Inc.) High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation) iTunes (HKLM\...\{9B486871-27EB-49A5-8832-77176E63333C}) (Version: 11.0.5.5 - Apple Inc.) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden LightScribe 1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) McAfee SecurityCenter (HKLM\...\MSC) (Version: 12.8.934 - McAfee, Inc.) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MixPad (HKLM\...\MixPad) (Version: - NCH Software) Mozilla Firefox 27.0 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0 (x86 en-US)) (Version: 27.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0 - Mozilla) Nero 7 Essentials (HKLM\...\{18039280-98B7-4C5E-AAC0-10EBC9731033}) (Version: 7.02.4457 - Nero AG) NVIDIA Control Panel 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}) (Version: 2.03.5523 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (Version: 2.03.5523 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation) NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation) NVIDIA PhysX (Version: 9.13.0604 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation) NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden Paint Shop Pro 7 ESD (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc) Pirate101 (HKLM\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.) Pixillion Image Converter (HKLM\...\Pixillion) (Version: 2.72 - NCH Software) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - ) Prime World version 9.8.6 (HKLM\...\{F6F3C462-2729-4555-8A95-CC317A90F8FF}_is1) (Version: 9.8.6 - Nival) PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.) Pyware iPAS (HKLM\...\Pyware iPAS) (Version: 1.0.0.0 - Pygraphics) QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.04 - Realtek Semiconductor Corp.) Rose Online (HKLM\...\{2C3BC4D9-2CDB-4EFB-8CB9-323D032D5FF5}) (Version: 1.0.483.1 - Gravity Interactive, Inc.) SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.) Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden Shockwave (HKLM\...\Shockwave) (Version: - ) SPORE™ (HKLM\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH) The Mighty Quest For Epic Loot version 1.219367 (HKLM\...\The Mighty Quest For Epic Loot_is1) (Version: 1.219367 - ) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) VideoPad Video Editor (HKLM\...\VideoPad) (Version: - NCH Software) WavePad Sound Editor (HKLM\...\WavePad) (Version: - NCH Software) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) (HKLM\...\9E140F48C9836B9B78539C08FB2B17146BDB3F65) (Version: 04/28/2006 1.3.1.0 - Advanced Micro Devices) Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.) Xfire (remove only) (HKLM\...\Xfire) (Version: - ) Yahoo! Login (HKLM\...\Yahoo! Login) (Version: - ) Yahoo! Messenger Explorer Bar (HKLM\...\Yahoo! Messenger Explorer Bar) (Version: - ) ==================== Restore Points ========================= 04-02-2014 17:54:42 System Checkpoint 04-02-2014 17:54:42 System Checkpoint 04-02-2014 17:54:42 System Checkpoint 04-02-2014 17:54:43 Software Distribution Service 3.0 04-02-2014 17:54:43 System Checkpoint 04-02-2014 17:54:43 System Checkpoint 04-02-2014 17:54:44 Installed Java 7 Update 45 04-02-2014 17:54:45 System Checkpoint 04-02-2014 17:54:46 Installed %1 %2. 04-02-2014 17:54:46 Installed %1 %2. 04-02-2014 17:54:46 Installed Windows XP KB2808679. 04-02-2014 17:54:47 System Checkpoint 04-02-2014 17:54:47 System Checkpoint 04-02-2014 17:54:47 System Checkpoint 04-02-2014 17:54:48 System Checkpoint 04-02-2014 17:54:48 System Checkpoint 04-02-2014 17:54:49 System Checkpoint 04-02-2014 17:54:49 System Checkpoint 04-02-2014 17:54:49 System Checkpoint 04-02-2014 17:54:50 System Checkpoint 04-02-2014 17:54:50 System Checkpoint 04-02-2014 17:54:50 System Checkpoint 04-02-2014 17:54:51 System Checkpoint 04-02-2014 17:54:51 Software Distribution Service 3.0 04-02-2014 17:54:51 Software Distribution Service 3.0 04-02-2014 17:54:51 System Checkpoint 04-02-2014 17:54:52 System Checkpoint 04-02-2014 17:54:52 System Checkpoint 04-02-2014 17:54:53 System Checkpoint 04-02-2014 17:54:53 System Checkpoint 04-02-2014 17:54:54 Driver Booster : NVIDIA GeForce GTX 650 04-02-2014 17:54:54 System Checkpoint 04-02-2014 17:54:54 System Checkpoint 04-02-2014 17:54:55 System Checkpoint 04-02-2014 17:54:55 System Checkpoint 04-02-2014 17:54:55 System Checkpoint 04-02-2014 17:54:56 System Checkpoint 04-02-2014 17:54:56 System Checkpoint 04-02-2014 17:54:57 System Checkpoint 04-02-2014 17:54:57 System Checkpoint 04-02-2014 17:54:58 System Checkpoint 04-02-2014 17:54:58 System Checkpoint 04-02-2014 17:54:58 Software Distribution Service 3.0 04-02-2014 17:54:59 System Checkpoint 04-02-2014 17:55:00 System Checkpoint 04-02-2014 17:55:00 System Checkpoint 04-02-2014 17:55:00 System Checkpoint 04-02-2014 17:55:01 Installed Java 7 Update 51 04-02-2014 17:55:01 System Checkpoint 04-02-2014 17:55:03 System Checkpoint 04-02-2014 17:55:03 System Checkpoint 04-02-2014 17:55:04 System Checkpoint 04-02-2014 17:55:05 System Checkpoint 04-02-2014 17:55:05 System Checkpoint 04-02-2014 17:55:05 System Checkpoint 04-02-2014 17:55:05 System Checkpoint 04-02-2014 17:55:08 End of disinfection 05-02-2014 19:13:08 System Checkpoint 06-02-2014 20:39:34 System Checkpoint 08-02-2014 17:46:33 System Checkpoint 10-02-2014 02:19:46 System Checkpoint 12-02-2014 00:55:01 System Checkpoint 12-02-2014 23:39:39 Software Distribution Service 3.0 14-02-2014 00:36:45 System Checkpoint 15-02-2014 01:19:53 System Checkpoint 16-02-2014 17:03:50 System Checkpoint 18-02-2014 01:16:31 System Checkpoint 19-02-2014 01:25:00 System Checkpoint 20-02-2014 01:40:39 System Checkpoint 21-02-2014 01:53:11 System Checkpoint 24-02-2014 01:17:02 System Checkpoint 25-02-2014 17:25:31 System Checkpoint 26-02-2014 17:26:52 System Checkpoint 27-02-2014 17:45:01 System Checkpoint 28-02-2014 18:07:11 System Checkpoint 01-03-2014 21:29:23 System Checkpoint 02-03-2014 23:32:44 System Checkpoint 04-03-2014 04:45:21 System Checkpoint 05-03-2014 14:50:56 System Checkpoint 06-03-2014 17:49:05 System Checkpoint 08-03-2014 01:38:11 System Checkpoint 09-03-2014 14:11:26 System Checkpoint 10-03-2014 16:17:14 System Checkpoint 12-03-2014 14:26:51 System Checkpoint 13-03-2014 16:31:56 System Checkpoint 14-03-2014 16:59:27 Software Distribution Service 3.0 17-03-2014 13:39:47 System Checkpoint ==================== Hosts content: ========================== 2005-08-31 08:57 - 2013-03-10 07:55 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003Core.job => C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003UA.job => C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\MixPadReminder.job => C:\Program Files\NCH Software\MixPad\mixpad.exe Task: C:\WINDOWS\Tasks\PixillionSevenDays.job => C:\Program Files\NCH Software\Pixillion\pixillion.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2005-08-31 08:57 - 2008-04-13 17:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2005-08-31 08:58 - 2008-04-13 17:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2006-02-07 00:13 - 2006-02-07 00:13 - 00024691 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so 2006-02-07 00:13 - 2006-02-07 00:13 - 00159744 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\SSLEAY32.dll 2006-02-07 00:13 - 2006-02-07 00:13 - 00876544 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\LIBEAY32.dll 2012-04-05 09:06 - 2012-05-18 11:04 - 00076888 _____ () C:\WINDOWS\system32\PnkBstrA.exe 2006-03-30 14:58 - 2006-03-30 14:58 - 00143360 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe 2012-04-05 09:06 - 2014-03-17 08:30 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.exe ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/17/2014 07:03:21 AM) (Source: Application Error) (User: ) Description: Fault bucket -1068817231. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. Error: (03/17/2014 07:03:10 AM) (Source: Application Error) (User: ) Description: Faulting application McSvHost.exe, version 2.6.259.0, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd. Processing media-specific event for [McSvHost.exe!ws!] Error: (03/17/2014 07:02:30 AM) (Source: McLogEvent) (User: NT AUTHORITY) Description: 1 Error: (03/17/2014 06:12:34 AM) (Source: McLogEvent) (User: NT AUTHORITY) Description: 1 Error: (03/16/2014 09:40:44 PM) (Source: McLogEvent) (User: NT AUTHORITY) Description: 1 Error: (03/16/2014 08:43:15 AM) (Source: McLogEvent) (User: NT AUTHORITY) Description: 1 Error: (03/13/2014 08:28:54 AM) (Source: Application Hang) (User: ) Description: Hanging application CoDWaWmp.exe, version 1.7.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/11/2014 06:13:25 PM) (Source: Application Hang) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/10/2014 10:12:30 AM) (Source: Application Hang) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/06/2014 09:41:23 PM) (Source: Application Error) (User: ) Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23562, fault address 0x000ddc85. Processing media-specific event for [iexplore.exe!ws!] System errors: ============= Error: (03/17/2014 09:21:16 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout. Error: (03/17/2014 09:20:45 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 09:20:15 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 08:10:46 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout. Error: (03/17/2014 08:10:15 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 08:09:45 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 08:08:32 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout. Error: (03/17/2014 08:08:01 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 08:07:31 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 08:04:04 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 35% Total physical RAM: 2815.48 MB Available physical RAM: 1808.96 MB Total Pagefile: 4702.89 MB Available Pagefile: 3649.65 MB Total Virtual: 2047.88 MB Available Virtual: 1931.62 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.75 GB) (Free:366.89 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (CODWAW) (CDROM) (Total:6.95 GB) (Free:0 GB) UDF Drive e: (Storage) (Fixed) (Total:465.76 GB) (Free:414.69 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: D4920F58) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: A8EDA8ED) Partition: GPT Partition Type. ==================== End Of Log ============================

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software Run date: 2014-03-18 15:46:19 ----------------------------- 15:46:19.109 OS Version: Windows 5.1.2600 Service Pack 3 15:46:19.125 Number of processors: 2 586 0x4302 15:46:19.125 ComputerName: TRON33 UserName: Mike 15:46:21.218 Initialize success 15:51:10.671 AVAST engine defs: 14031802 16:00:29.796 Disk 0 \Device\Harddisk0\DR0 -> \Device\00000073 16:00:29.796 Disk 0 Vendor: ST3500418AS CC38 Size: 476940MB BusType: 3 16:00:29.796 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\00000074 16:00:29.796 Disk 1 Vendor: ST500DM002-1BD142 KC45 Size: 476940MB BusType: 3 16:00:29.937 Disk 1 MBR read successfully 16:00:29.937 Disk 1 MBR scan 16:00:29.968 Disk 1 Windows XP default MBR code 16:00:29.968 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 476929 MB offset 63 16:00:29.968 Disk 1 scanning sectors +976752000 16:00:30.000 Disk 1 scanning C:\WINDOWS\system32\drivers 16:00:41.515 Service scanning 16:01:04.609 Modules scanning 16:01:12.109 Disk 1 trace - called modules: 16:01:12.140 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll nvata.sys 16:01:12.140 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8aea0ab8] 16:01:12.140 3 CLASSPNP.SYS[b8108fd7] -> nt!IofCallDriver -> \Device\00000076[0x8af01b70] 16:01:12.140 5 ACPI.sys[b7f7f620] -> nt!IofCallDriver -> \Device\00000074[0x8ae9e030] 16:01:16.015 AVAST engine scan C:\WINDOWS 16:01:27.625 AVAST engine scan C:\WINDOWS\system32 16:05:21.687 AVAST engine scan C:\WINDOWS\system32\drivers 16:05:53.031 AVAST engine scan C:\Documents and Settings\Mike 16:19:27.859 Disk 1 MBR has been saved successfully to "C:\Documents and Settings\Mike\Desktop\MBR.dat" 16:19:27.859 The log file has been saved successfully to "C:\Documents and Settings\Mike\Desktop\aswMBR.txt"

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Mike (administrator) on TRON33 on 17-03-2014 09:56:37 Running from C:\Documents and Settings\Mike\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Digital Market Research Apps Pty Ltd) C:\Program Files\MR APP\MRAPP.Event.Service.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (Xfire Inc.) C:\Program Files\Xfire\Xfire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (Apache Software Foundation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Apache Software Foundation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\WINDOWS\system32\PnkBstrA.exe (Digital Market Research Apps Pty Ltd) C:\Program Files\MR APP\MRAPP.Transfer.Service.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe () C:\WINDOWS\system32\PnkBstrB.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16005120 2006-02-27] (Realtek Semiconductor Corp.) HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-01-28] (McAfee, Inc.) HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15677728 2013-06-21] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [223008 2013-06-21] (NVIDIA Corporation) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2011-10-24] (Apple Inc.) HKLM\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-01-28] (McAfee, Inc.) HKU\S-1-5-21-1960408961-606747145-725345543-1003\...\Run: [Google Update] - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-04-04] (Google Inc.) Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\Xfire.lnk ShortcutTarget: Xfire.lnk -> C:\Program Files\Xfire\Xfire.exe (Xfire Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {F6DEA26D-6B54-4791-9B02-ACE45D39F09C} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {4EA46B1B-D008-4CB3-8769-40A8C130D9CC} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll (Yahoo! Inc.) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {26CF0ECA-50B9-411D-BA37-86BD6AD53382} http://www.starstable.com/plugin/PXStudioRuntimeAX.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\6alscx3p.default-1391569677500 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\Documents and Settings\All Users\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2012-07-03] Chrome: ======= CHR DefaultSearchKeyword: bing.com CHR DefaultSearchProvider: Bing CHR DefaultSearchURL: http://www.bing.com/search?setmkt=en-US&q={searchTerms} CHR DefaultNewTabURL: CHR Extension: (YouTube) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-04] CHR Extension: (Google Search) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-04] CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-04-06] CHR Extension: (Ads Removal) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-13] CHR Extension: (Amazing Coupons) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-02-28] CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-01-24] CHR Extension: (Google Wallet) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01] CHR Extension: (Gmail) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-04] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2012-07-03] CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 EventService; C:\Program Files\MR APP\MRAPP.Event.Service.exe [31744 2013-12-17] (Digital Market Research Apps Pty Ltd) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [143360 2006-03-30] () R2 ForcewareWebInterface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [20543 2006-02-07] (Apache Software Foundation) R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-01-28] (McAfee, Inc.) U2 mcbootdelaystartsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [644088 2014-01-21] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-01-27] (McAfee, Inc.) R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [175480 2014-01-27] (McAfee, Inc.) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [131131 2006-03-30] (NVIDIA Corporation) R2 nSvcLog; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [65599 2006-03-30] (NVIDIA Corporation) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76888 2012-05-18] () R2 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [281872 2014-03-17] () R2 TransferService; C:\Program Files\MR APP\MRAPP.Transfer.Service.exe [31232 2013-12-17] (Digital Market Research Apps Pty Ltd) ==================== Drivers (Whitelisted) ==================== R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2013-12-24] (Advanced Micro Devices) S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [61400 2014-01-27] (McAfee, Inc.) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.) R2 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [134568 2014-01-27] (McAfee, Inc.) R2 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [236480 2014-01-27] (McAfee, Inc.) S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [66408 2014-01-27] (McAfee, Inc.) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [366248 2014-01-27] (McAfee, Inc.) R2 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [573840 2014-01-27] (McAfee, Inc.) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [330248 2014-01-21] (McAfee, Inc.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81264 2014-01-21] (McAfee, Inc.) S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [85544 2014-01-27] (McAfee, Inc.) R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [85544 2014-01-27] (McAfee, Inc.) R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [92216 2014-01-27] (McAfee, Inc.) S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [100736 2006-04-24] (NVIDIA Corporation) S0 nvatabus; C:\WINDOWS\system32\Drivers\nvatabus.sys [99840 2006-03-16] (NVIDIA Corporation) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2013-10-29] (NVIDIA Corporation) R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-24] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2013-10-29] (NVIDIA Corporation) S1 NVTCP; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [109568 2006-03-22] (NVIDIA Corporation) R3 PnkBstrK; C:\WINDOWS\system32\drivers\PnkBstrK.sys [139280 2014-03-17] () S4 IntelIde; No ImagePath U2 mfewfpk; U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-17 09:31 - 2014-03-17 09:56 - 00017172 _____ () C:\Documents and Settings\Mike\Desktop\FRST.txt 2014-03-17 09:31 - 2014-03-17 09:56 - 00000000 ____D () C:\FRST 2014-03-17 09:31 - 2014-03-17 09:31 - 01145856 _____ (Farbar) C:\Documents and Settings\Mike\Desktop\FRST.exe 2014-03-17 07:59 - 2014-03-17 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee 2014-03-14 09:59 - 2014-03-14 09:59 - 00011201 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-14 09:36 - 2014-03-14 09:59 - 00009734 _____ () C:\WINDOWS\KB2930275.log 2014-03-14 09:36 - 2014-03-14 09:59 - 00008512 _____ () C:\WINDOWS\KB2929961.log 2014-03-10 10:27 - 2014-03-10 10:27 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk 2014-03-06 08:40 - 2014-03-11 18:29 - 00000806 _____ () C:\WINDOWS\wmsetup.log ==================== One Month Modified Files and Folders ======= 2014-03-17 09:56 - 2014-03-17 09:31 - 00017172 _____ () C:\Documents and Settings\Mike\Desktop\FRST.txt 2014-03-17 09:56 - 2014-03-17 09:31 - 00000000 ____D () C:\FRST 2014-03-17 09:56 - 2012-04-04 22:02 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003UA.job 2014-03-17 09:52 - 2012-04-04 21:23 - 01733895 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-17 09:31 - 2014-03-17 09:31 - 01145856 _____ (Farbar) C:\Documents and Settings\Mike\Desktop\FRST.exe 2014-03-17 09:30 - 2013-02-26 08:50 - 00013776 _____ () C:\WINDOWS\system32\nvAppTimestamps 2014-03-17 09:29 - 2012-04-09 19:26 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-17 08:31 - 2012-04-05 09:06 - 00139280 _____ () C:\WINDOWS\system32\Drivers\PnkBstrK.sys 2014-03-17 08:30 - 2012-04-06 10:22 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.xtr 2014-03-17 08:30 - 2012-04-05 09:06 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.exe 2014-03-17 08:03 - 2012-04-05 01:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee 2014-03-17 07:59 - 2014-03-17 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee 2014-03-17 07:58 - 2012-04-04 22:41 - 00000716 _____ () C:\WINDOWS\system32\nmp.log 2014-03-17 07:58 - 2005-08-31 08:59 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-03-17 07:56 - 2014-01-22 17:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-03-17 07:56 - 2014-01-22 17:23 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-03-17 07:55 - 2012-04-09 19:26 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-17 07:55 - 2012-04-05 00:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$ 2014-03-17 07:55 - 2012-04-04 21:42 - 00000000 ____D () C:\WINDOWS\system32\Lang 2014-03-17 07:55 - 2012-04-04 21:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-17 07:54 - 2014-01-22 17:22 - 00032560 _____ () C:\WINDOWS\SchedLgU.Txt 2014-03-17 07:54 - 2012-04-04 21:28 - 00000178 ___SH () C:\Documents and Settings\Mike\ntuser.ini 2014-03-17 07:12 - 2012-07-03 13:28 - 00000000 ____D () C:\Program Files\McAfee 2014-03-17 07:06 - 2012-07-03 13:28 - 00000000 ____D () C:\Program Files\Common Files\Mcafee 2014-03-17 07:05 - 2013-02-28 23:04 - 00507014 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-606747145-725345543-1003-0.dat 2014-03-17 07:05 - 2013-02-28 23:04 - 00160782 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2014-03-17 07:03 - 2014-02-02 09:09 - 00115756 _____ () C:\WINDOWS\setupapi.log 2014-03-16 09:06 - 2012-04-05 09:06 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.ex0 2014-03-15 15:45 - 2012-08-23 17:42 - 00000000 ____D () C:\Documents and Settings\Mike\Desktop\Wizard101 2014-03-15 11:56 - 2012-04-04 22:02 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003Core.job 2014-03-14 15:28 - 2013-08-20 15:40 - 00000116 _____ () C:\Documents and Settings\Mike\Desktop\Survey passcode.txt 2014-03-14 15:08 - 2012-04-04 14:18 - 00152384 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-14 09:59 - 2014-03-14 09:59 - 00011201 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-14 09:59 - 2014-03-14 09:36 - 00009734 _____ () C:\WINDOWS\KB2930275.log 2014-03-14 09:59 - 2014-03-14 09:36 - 00008512 _____ () C:\WINDOWS\KB2929961.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00040098 _____ () C:\WINDOWS\iis6.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00037100 _____ () C:\WINDOWS\FaxSetup.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00017736 _____ () C:\WINDOWS\ocgen.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00016927 _____ () C:\WINDOWS\tsoc.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00012366 _____ () C:\WINDOWS\comsetup.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00011320 _____ () C:\WINDOWS\msmqinst.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00007488 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00006498 _____ () C:\WINDOWS\netfxocm.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00006354 _____ () C:\WINDOWS\updspapi.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00002550 _____ () C:\WINDOWS\MedCtrOC.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00002052 _____ () C:\WINDOWS\ocmsn.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00001866 _____ () C:\WINDOWS\tabletoc.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00001854 _____ () C:\WINDOWS\msgsocm.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-03-14 09:59 - 2012-04-05 00:34 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-03-11 18:29 - 2014-03-06 08:40 - 00000806 _____ () C:\WINDOWS\wmsetup.log 2014-03-11 18:07 - 2012-04-12 05:40 - 00000000 ____D () C:\Program Files\Xfire 2014-03-10 10:27 - 2014-03-10 10:27 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk 2014-03-10 10:27 - 2013-04-16 19:08 - 00001868 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk 2014-03-10 10:27 - 2013-04-16 19:08 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor 2014-03-09 06:46 - 2012-04-04 14:19 - 00634032 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-03-08 08:45 - 2012-04-28 06:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2014-03-07 07:29 - 2012-12-17 09:19 - 00001024 ____H () C:\WINDOWS\system32\config\ELAM.LOG 2014-02-24 16:24 - 2005-08-31 08:57 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-02-24 16:24 - 2005-08-31 08:57 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe 2014-02-24 04:46 - 2012-04-05 00:34 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2014-02-24 04:46 - 2012-04-04 21:22 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-02-24 04:45 - 2012-06-13 07:52 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2014-02-24 04:45 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-02-24 04:45 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-02-24 04:45 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-02-24 04:45 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2014-02-24 04:45 - 2005-08-31 08:58 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2014-02-24 04:45 - 2005-08-31 08:58 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-02-24 04:45 - 2005-08-31 08:57 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl 2014-02-24 04:45 - 2005-08-31 08:57 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll 2014-02-24 03:54 - 2005-08-31 08:57 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-02-23 00:45 - 2012-04-26 12:58 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini 2014-02-21 18:04 - 2012-04-04 21:28 - 00000000 ____D () C:\Documents and Settings\Mike 2014-02-17 10:52 - 2012-04-14 08:52 - 00000000 ____D () C:\Documents and Settings\Mike\Application Data\Xfire Some content of TEMP: ==================== C:\Documents and Settings\Mike\Local Settings\temp\hcuninstaller_20140203_072758_1832.exe C:\Documents and Settings\Mike\Local Settings\temp\ICReinstall_FirefoxSetup[1].exe C:\Documents and Settings\Mike\Local Settings\temp\promote-upx.exe C:\Documents and Settings\Mike\Local Settings\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Mike at 2014-03-17 09:56:56 Running from C:\Documents and Settings\Mike\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FW: ActiveArmor Firewall (Disabled) {EDC10449-64D1-46c7-A59A-EC20D662F26D} ==================== Installed Programs ====================== Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.) Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) att.net Internet Mail (HKLM\...\Yahoo! Mail) (Version: - ) Audio MP3 Editor 5.80 (HKLM\...\Audio MP3 Editor_is1) (Version: - audio2x.com) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Call of Duty® - World at War (HKLM\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.7 - Activision) Call of Duty® - World at War (Version: 1.0 - Activision) Hidden Call of Duty® - World at War 1.2 Patch (Version: - ) Hidden Call of Duty® - World at War 1.2 Patch (Version: 1.2 - Activision) Hidden Call of Duty® - World at War 1.3 Patch (Version: - ) Hidden Call of Duty® - World at War 1.3 Patch (Version: 1.3 - Activision) Hidden Call of Duty® - World at War 1.4 Patch (Version: - ) Hidden Call of Duty® - World at War 1.4 Patch (Version: 1.4 - Activision) Hidden Call of Duty® - World at War 1.5 Patch (Version: - ) Hidden Call of Duty® - World at War 1.5 Patch (Version: 1.5 - Activision) Hidden Call of Duty® - World at War 1.6 Patch (Version: - ) Hidden Call of Duty® - World at War 1.6 Patch (Version: 1.6 - Activision) Hidden Call of Duty® - World at War 1.7 Patch (Version: - ) Hidden Call of Duty® - World at War 1.7 Patch (Version: 1.7 - Activision) Hidden Canon MP Navigator EX 4.1 (HKLM\...\MP Navigator EX 4.1) (Version: - ) Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version: - ) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) Disney's Stanley Tiger Tales (HKLM\...\{75C139EF-A37B-11D5-B232-0050DACD394D}) (Version: - ) e-Rewards Notify (HKLM\...\{54AA8284-7213-4D3E-9186-9DB50AFF600D}) (Version: 1.1.0.181 - e-Rewards Opinion Panel) Eye Candy 4000 (HKLM\...\Eye Candy 4000) (Version: - ) Flvto Youtube Downloader (HKLM\...\Flvto Youtube Downloader) (Version: 0.5.0 - Hotger) FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time) Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden HandBrake 0.9.8 (HKLM\...\HandBrake) (Version: 0.9.8 - ) Happy Cloud Client (HKCU\...\HappyCloud) (Version: 1.386 - Happy Cloud, Inc.) High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation) iTunes (HKLM\...\{9B486871-27EB-49A5-8832-77176E63333C}) (Version: 11.0.5.5 - Apple Inc.) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden LightScribe 1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) McAfee SecurityCenter (HKLM\...\MSC) (Version: 12.8.934 - McAfee, Inc.) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MixPad (HKLM\...\MixPad) (Version: - NCH Software) Mozilla Firefox 27.0 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0 (x86 en-US)) (Version: 27.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0 - Mozilla) Nero 7 Essentials (HKLM\...\{18039280-98B7-4C5E-AAC0-10EBC9731033}) (Version: 7.02.4457 - Nero AG) NVIDIA Control Panel 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}) (Version: 2.03.5523 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (Version: 2.03.5523 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation) NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation) NVIDIA PhysX (Version: 9.13.0604 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation) NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden Paint Shop Pro 7 ESD (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc) Pirate101 (HKLM\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.) Pixillion Image Converter (HKLM\...\Pixillion) (Version: 2.72 - NCH Software) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - ) Prime World version 9.8.6 (HKLM\...\{F6F3C462-2729-4555-8A95-CC317A90F8FF}_is1) (Version: 9.8.6 - Nival) PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.) Pyware iPAS (HKLM\...\Pyware iPAS) (Version: 1.0.0.0 - Pygraphics) QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.04 - Realtek Semiconductor Corp.) Rose Online (HKLM\...\{2C3BC4D9-2CDB-4EFB-8CB9-323D032D5FF5}) (Version: 1.0.483.1 - Gravity Interactive, Inc.) SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.) Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden Shockwave (HKLM\...\Shockwave) (Version: - ) SPORE™ (HKLM\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH) The Mighty Quest For Epic Loot version 1.219367 (HKLM\...\The Mighty Quest For Epic Loot_is1) (Version: 1.219367 - ) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) VideoPad Video Editor (HKLM\...\VideoPad) (Version: - NCH Software) WavePad Sound Editor (HKLM\...\WavePad) (Version: - NCH Software) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) (HKLM\...\9E140F48C9836B9B78539C08FB2B17146BDB3F65) (Version: 04/28/2006 1.3.1.0 - Advanced Micro Devices) Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.) Xfire (remove only) (HKLM\...\Xfire) (Version: - ) Yahoo! Login (HKLM\...\Yahoo! Login) (Version: - ) Yahoo! Messenger Explorer Bar (HKLM\...\Yahoo! Messenger Explorer Bar) (Version: - ) ==================== Restore Points ========================= 04-02-2014 17:54:42 System Checkpoint 04-02-2014 17:54:42 System Checkpoint 04-02-2014 17:54:42 System Checkpoint 04-02-2014 17:54:43 Software Distribution Service 3.0 04-02-2014 17:54:43 System Checkpoint 04-02-2014 17:54:43 System Checkpoint 04-02-2014 17:54:44 Installed Java 7 Update 45 04-02-2014 17:54:45 System Checkpoint 04-02-2014 17:54:46 Installed %1 %2. 04-02-2014 17:54:46 Installed %1 %2. 04-02-2014 17:54:46 Installed Windows XP KB2808679. 04-02-2014 17:54:47 System Checkpoint 04-02-2014 17:54:47 System Checkpoint 04-02-2014 17:54:47 System Checkpoint 04-02-2014 17:54:48 System Checkpoint 04-02-2014 17:54:48 System Checkpoint 04-02-2014 17:54:49 System Checkpoint 04-02-2014 17:54:49 System Checkpoint 04-02-2014 17:54:49 System Checkpoint 04-02-2014 17:54:50 System Checkpoint 04-02-2014 17:54:50 System Checkpoint 04-02-2014 17:54:50 System Checkpoint 04-02-2014 17:54:51 System Checkpoint 04-02-2014 17:54:51 Software Distribution Service 3.0 04-02-2014 17:54:51 Software Distribution Service 3.0 04-02-2014 17:54:51 System Checkpoint 04-02-2014 17:54:52 System Checkpoint 04-02-2014 17:54:52 System Checkpoint 04-02-2014 17:54:53 System Checkpoint 04-02-2014 17:54:53 System Checkpoint 04-02-2014 17:54:54 Driver Booster : NVIDIA GeForce GTX 650 04-02-2014 17:54:54 System Checkpoint 04-02-2014 17:54:54 System Checkpoint 04-02-2014 17:54:55 System Checkpoint 04-02-2014 17:54:55 System Checkpoint 04-02-2014 17:54:55 System Checkpoint 04-02-2014 17:54:56 System Checkpoint 04-02-2014 17:54:56 System Checkpoint 04-02-2014 17:54:57 System Checkpoint 04-02-2014 17:54:57 System Checkpoint 04-02-2014 17:54:58 System Checkpoint 04-02-2014 17:54:58 System Checkpoint 04-02-2014 17:54:58 Software Distribution Service 3.0 04-02-2014 17:54:59 System Checkpoint 04-02-2014 17:55:00 System Checkpoint 04-02-2014 17:55:00 System Checkpoint 04-02-2014 17:55:00 System Checkpoint 04-02-2014 17:55:01 Installed Java 7 Update 51 04-02-2014 17:55:01 System Checkpoint 04-02-2014 17:55:03 System Checkpoint 04-02-2014 17:55:03 System Checkpoint 04-02-2014 17:55:04 System Checkpoint 04-02-2014 17:55:05 System Checkpoint 04-02-2014 17:55:05 System Checkpoint 04-02-2014 17:55:05 System Checkpoint 04-02-2014 17:55:05 System Checkpoint 04-02-2014 17:55:08 End of disinfection 05-02-2014 19:13:08 System Checkpoint 06-02-2014 20:39:34 System Checkpoint 08-02-2014 17:46:33 System Checkpoint 10-02-2014 02:19:46 System Checkpoint 12-02-2014 00:55:01 System Checkpoint 12-02-2014 23:39:39 Software Distribution Service 3.0 14-02-2014 00:36:45 System Checkpoint 15-02-2014 01:19:53 System Checkpoint 16-02-2014 17:03:50 System Checkpoint 18-02-2014 01:16:31 System Checkpoint 19-02-2014 01:25:00 System Checkpoint 20-02-2014 01:40:39 System Checkpoint 21-02-2014 01:53:11 System Checkpoint 24-02-2014 01:17:02 System Checkpoint 25-02-2014 17:25:31 System Checkpoint 26-02-2014 17:26:52 System Checkpoint 27-02-2014 17:45:01 System Checkpoint 28-02-2014 18:07:11 System Checkpoint 01-03-2014 21:29:23 System Checkpoint 02-03-2014 23:32:44 System Checkpoint 04-03-2014 04:45:21 System Checkpoint 05-03-2014 14:50:56 System Checkpoint 06-03-2014 17:49:05 System Checkpoint 08-03-2014 01:38:11 System Checkpoint 09-03-2014 14:11:26 System Checkpoint 10-03-2014 16:17:14 System Checkpoint 12-03-2014 14:26:51 System Checkpoint 13-03-2014 16:31:56 System Checkpoint 14-03-2014 16:59:27 Software Distribution Service 3.0 17-03-2014 13:39:47 System Checkpoint ==================== Hosts content: ========================== 2005-08-31 08:57 - 2013-03-10 07:55 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003Core.job => C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003UA.job => C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\MixPadReminder.job => C:\Program Files\NCH Software\MixPad\mixpad.exe Task: C:\WINDOWS\Tasks\PixillionSevenDays.job => C:\Program Files\NCH Software\Pixillion\pixillion.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2005-08-31 08:57 - 2008-04-13 17:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2005-08-31 08:58 - 2008-04-13 17:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2006-02-07 00:13 - 2006-02-07 00:13 - 00024691 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so 2006-02-07 00:13 - 2006-02-07 00:13 - 00159744 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\SSLEAY32.dll 2006-02-07 00:13 - 2006-02-07 00:13 - 00876544 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\LIBEAY32.dll 2012-04-05 09:06 - 2012-05-18 11:04 - 00076888 _____ () C:\WINDOWS\system32\PnkBstrA.exe 2006-03-30 14:58 - 2006-03-30 14:58 - 00143360 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe 2012-04-05 09:06 - 2014-03-17 08:30 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.exe ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/17/2014 07:03:21 AM) (Source: Application Error) (User: ) Description: Fault bucket -1068817231. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. Error: (03/17/2014 07:03:10 AM) (Source: Application Error) (User: ) Description: Faulting application McSvHost.exe, version 2.6.259.0, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd. Processing media-specific event for [McSvHost.exe!ws!] Error: (03/17/2014 07:02:30 AM) (Source: McLogEvent) (User: NT AUTHORITY) Description: 1 Error: (03/17/2014 06:12:34 AM) (Source: McLogEvent) (User: NT AUTHORITY) Description: 1 Error: (03/16/2014 09:40:44 PM) (Source: McLogEvent) (User: NT AUTHORITY) Description: 1 Error: (03/16/2014 08:43:15 AM) (Source: McLogEvent) (User: NT AUTHORITY) Description: 1 Error: (03/13/2014 08:28:54 AM) (Source: Application Hang) (User: ) Description: Hanging application CoDWaWmp.exe, version 1.7.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/11/2014 06:13:25 PM) (Source: Application Hang) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/10/2014 10:12:30 AM) (Source: Application Hang) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/06/2014 09:41:23 PM) (Source: Application Error) (User: ) Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23562, fault address 0x000ddc85. Processing media-specific event for [iexplore.exe!ws!] System errors: ============= Error: (03/17/2014 09:21:16 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout. Error: (03/17/2014 09:20:45 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 09:20:15 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 08:10:46 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout. Error: (03/17/2014 08:10:15 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 08:09:45 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 08:08:32 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout. Error: (03/17/2014 08:08:01 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 08:07:31 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 08:04:04 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 35% Total physical RAM: 2815.48 MB Available physical RAM: 1808.96 MB Total Pagefile: 4702.89 MB Available Pagefile: 3649.65 MB Total Virtual: 2047.88 MB Available Virtual: 1931.62 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.75 GB) (Free:366.89 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (CODWAW) (CDROM) (Total:6.95 GB) (Free:0 GB) UDF Drive e: (Storage) (Fixed) (Total:465.76 GB) (Free:414.69 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: D4920F58) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: A8EDA8ED) Partition: GPT Partition Type. ==================== End Of Log ============================ I have disabled pop up blocker, but it still doesnt allow me to download the TDSSkiller.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 Ran by Mike (administrator) on TRON33 on 17-03-2014 09:56:37 Running from C:\Documents and Settings\Mike\Desktop Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Digital Market Research Apps Pty Ltd) C:\Program Files\MR APP\MRAPP.Event.Service.exe (Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (Xfire Inc.) C:\Program Files\Xfire\Xfire.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe (Apache Software Foundation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe (Apache Software Foundation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe (Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe () C:\WINDOWS\system32\PnkBstrA.exe (Digital Market Research Apps Pty Ltd) C:\Program Files\MR APP\MRAPP.Transfer.Service.exe (McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe (McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe () C:\WINDOWS\system32\PnkBstrB.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RTHDCPL] - C:\WINDOWS\RTHDCPL.EXE [16005120 2006-02-27] (Realtek Semiconductor Corp.) HKLM\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-01-28] (McAfee, Inc.) HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation) HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [15677728 2013-06-21] (NVIDIA Corporation) HKLM\...\Run: [NvMediaCenter] - C:\WINDOWS\system32\NvMcTray.dll [223008 2013-06-21] (NVIDIA Corporation) HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2011-10-24] (Apple Inc.) HKLM\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-01-28] (McAfee, Inc.) HKU\S-1-5-21-1960408961-606747145-725345543-1003\...\Run: [Google Update] - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2012-04-04] (Google Inc.) Startup: C:\Documents and Settings\Mike\Start Menu\Programs\Startup\Xfire.lnk ShortcutTarget: Xfire.lnk -> C:\Program Files\Xfire\Xfire.exe (Xfire Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/sbcydsl/defaults/sb/*http://www.yahoo.com/search/ie.html URLSearchHook: HKCU - Default Value = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM - {F6DEA26D-6B54-4791-9B02-ACE45D39F09C} URL = SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {4EA46B1B-D008-4CB3-8769-40A8C130D9CC} URL = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7 BHO: Yahoo! Companion BHO - {13F537F0-AF09-11d6-9029-0002B31F9E59} - C:\Program Files\Yahoo!\Common\ycomp5,0,8,0.dll (Yahoo! Inc.) BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.) BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation) Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {26CF0ECA-50B9-411D-BA37-86BD6AD53382} http://www.starstable.com/plugin/PXStudioRuntimeAX.cab DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} http://download.yahoo.com/dl/installs/ymail/ymmapi.dll Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Documents and Settings\Mike\Application Data\Mozilla\Firefox\Profiles\6alscx3p.default-1391569677500 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll () FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent) FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\Documents and Settings\All Users\HappyCloud\Application\npHappyCloudPlugin.dll (The Happy Cloud) FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [] FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2012-07-03] Chrome: ======= CHR DefaultSearchKeyword: bing.com CHR DefaultSearchProvider: Bing CHR DefaultSearchURL: http://www.bing.com/search?setmkt=en-US&q={searchTerms} CHR DefaultNewTabURL: CHR Extension: (YouTube) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-04-04] CHR Extension: (Google Search) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-04-04] CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-04-06] CHR Extension: (Ads Removal) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gkcefkcdkepgkpbgncjchhbjgoanleod [2013-12-13] CHR Extension: (Amazing Coupons) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mjildcbkilmkddbbpbjljljdmmlfeppl [2013-02-28] CHR Extension: (Advanced SystemCare Surfing Protection) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd [2014-01-24] CHR Extension: (Google Wallet) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-01] CHR Extension: (Gmail) - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-04-04] CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx [2012-07-03] CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Chrome\Application\chrome.exe ========================== Services (Whitelisted) ================= R2 EventService; C:\Program Files\MR APP\MRAPP.Event.Service.exe [31744 2013-12-17] (Digital Market Research Apps Pty Ltd) R2 ForceWare Intelligent Application Manager (IAM); C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe [143360 2006-03-30] () R2 ForcewareWebInterface; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [20543 2006-02-07] (Apache Software Foundation) R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation) S2 LiveUpdateSvc; C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-12-03] (IObit) R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-01-28] (McAfee, Inc.) U2 mcbootdelaystartsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [279048 2012-11-16] (McAfee, Inc.) R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.) R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [644088 2014-01-21] (McAfee, Inc.) R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-01-27] (McAfee, Inc.) R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [175480 2014-01-27] (McAfee, Inc.) R2 nSvcIp; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [131131 2006-03-30] (NVIDIA Corporation) R2 nSvcLog; C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [65599 2006-03-30] (NVIDIA Corporation) R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76888 2012-05-18] () R2 PnkBstrB; C:\WINDOWS\system32\PnkBstrB.exe [281872 2014-03-17] () R2 TransferService; C:\Program Files\MR APP\MRAPP.Transfer.Service.exe [31232 2013-12-17] (Digital Market Research Apps Pty Ltd) ==================== Drivers (Whitelisted) ==================== R1 AmdK8; C:\WINDOWS\System32\DRIVERS\AmdK8.sys [36864 2013-12-24] (Advanced Micro Devices) S3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [61400 2014-01-27] (McAfee, Inc.) S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.) R2 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [134568 2014-01-27] (McAfee, Inc.) R2 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [236480 2014-01-27] (McAfee, Inc.) S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [66408 2014-01-27] (McAfee, Inc.) R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [366248 2014-01-27] (McAfee, Inc.) R2 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [573840 2014-01-27] (McAfee, Inc.) R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [330248 2014-01-21] (McAfee, Inc.) S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81264 2014-01-21] (McAfee, Inc.) S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [85544 2014-01-27] (McAfee, Inc.) R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [85544 2014-01-27] (McAfee, Inc.) R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [92216 2014-01-27] (McAfee, Inc.) S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2011-09-09] (Printing Communications Assoc., Inc. (PCAUSA)) R0 nvata; C:\WINDOWS\System32\DRIVERS\nvata.sys [100736 2006-04-24] (NVIDIA Corporation) S0 nvatabus; C:\WINDOWS\system32\Drivers\nvatabus.sys [99840 2006-03-16] (NVIDIA Corporation) R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2013-10-29] (NVIDIA Corporation) R3 NVHDA; C:\WINDOWS\System32\drivers\nvhda32.sys [128672 2013-02-24] (NVIDIA Corporation) R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2013-10-29] (NVIDIA Corporation) S1 NVTCP; C:\WINDOWS\System32\DRIVERS\NVTcp.sys [109568 2006-03-22] (NVIDIA Corporation) R3 PnkBstrK; C:\WINDOWS\system32\drivers\PnkBstrK.sys [139280 2014-03-17] () S4 IntelIde; No ImagePath U2 mfewfpk; U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-17 09:31 - 2014-03-17 09:56 - 00017172 _____ () C:\Documents and Settings\Mike\Desktop\FRST.txt 2014-03-17 09:31 - 2014-03-17 09:56 - 00000000 ____D () C:\FRST 2014-03-17 09:31 - 2014-03-17 09:31 - 01145856 _____ (Farbar) C:\Documents and Settings\Mike\Desktop\FRST.exe 2014-03-17 07:59 - 2014-03-17 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee 2014-03-14 09:59 - 2014-03-14 09:59 - 00011201 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-14 09:36 - 2014-03-14 09:59 - 00009734 _____ () C:\WINDOWS\KB2930275.log 2014-03-14 09:36 - 2014-03-14 09:59 - 00008512 _____ () C:\WINDOWS\KB2929961.log 2014-03-10 10:27 - 2014-03-10 10:27 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk 2014-03-06 08:40 - 2014-03-11 18:29 - 00000806 _____ () C:\WINDOWS\wmsetup.log ==================== One Month Modified Files and Folders ======= 2014-03-17 09:56 - 2014-03-17 09:31 - 00017172 _____ () C:\Documents and Settings\Mike\Desktop\FRST.txt 2014-03-17 09:56 - 2014-03-17 09:31 - 00000000 ____D () C:\FRST 2014-03-17 09:56 - 2012-04-04 22:02 - 00000974 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003UA.job 2014-03-17 09:52 - 2012-04-04 21:23 - 01733895 _____ () C:\WINDOWS\WindowsUpdate.log 2014-03-17 09:31 - 2014-03-17 09:31 - 01145856 _____ (Farbar) C:\Documents and Settings\Mike\Desktop\FRST.exe 2014-03-17 09:30 - 2013-02-26 08:50 - 00013776 _____ () C:\WINDOWS\system32\nvAppTimestamps 2014-03-17 09:29 - 2012-04-09 19:26 - 00000882 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-17 08:31 - 2012-04-05 09:06 - 00139280 _____ () C:\WINDOWS\system32\Drivers\PnkBstrK.sys 2014-03-17 08:30 - 2012-04-06 10:22 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.xtr 2014-03-17 08:30 - 2012-04-05 09:06 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.exe 2014-03-17 08:03 - 2012-04-05 01:11 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee 2014-03-17 07:59 - 2014-03-17 07:59 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee 2014-03-17 07:58 - 2012-04-04 22:41 - 00000716 _____ () C:\WINDOWS\system32\nmp.log 2014-03-17 07:58 - 2005-08-31 08:59 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl 2014-03-17 07:56 - 2014-01-22 17:23 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2014-03-17 07:56 - 2014-01-22 17:23 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2014-03-17 07:55 - 2012-04-09 19:26 - 00000878 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-17 07:55 - 2012-04-05 00:28 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB975560$ 2014-03-17 07:55 - 2012-04-04 21:42 - 00000000 ____D () C:\WINDOWS\system32\Lang 2014-03-17 07:55 - 2012-04-04 21:27 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-03-17 07:54 - 2014-01-22 17:22 - 00032560 _____ () C:\WINDOWS\SchedLgU.Txt 2014-03-17 07:54 - 2012-04-04 21:28 - 00000178 ___SH () C:\Documents and Settings\Mike\ntuser.ini 2014-03-17 07:12 - 2012-07-03 13:28 - 00000000 ____D () C:\Program Files\McAfee 2014-03-17 07:06 - 2012-07-03 13:28 - 00000000 ____D () C:\Program Files\Common Files\Mcafee 2014-03-17 07:05 - 2013-02-28 23:04 - 00507014 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-606747145-725345543-1003-0.dat 2014-03-17 07:05 - 2013-02-28 23:04 - 00160782 _____ () C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat 2014-03-17 07:03 - 2014-02-02 09:09 - 00115756 _____ () C:\WINDOWS\setupapi.log 2014-03-16 09:06 - 2012-04-05 09:06 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.ex0 2014-03-15 15:45 - 2012-08-23 17:42 - 00000000 ____D () C:\Documents and Settings\Mike\Desktop\Wizard101 2014-03-15 11:56 - 2012-04-04 22:02 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003Core.job 2014-03-14 15:28 - 2013-08-20 15:40 - 00000116 _____ () C:\Documents and Settings\Mike\Desktop\Survey passcode.txt 2014-03-14 15:08 - 2012-04-04 14:18 - 00152384 _____ () C:\WINDOWS\system32\FNTCACHE.DAT 2014-03-14 09:59 - 2014-03-14 09:59 - 00011201 _____ () C:\WINDOWS\KB2925418-IE8.log 2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$ 2014-03-14 09:59 - 2014-03-14 09:59 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$ 2014-03-14 09:59 - 2014-03-14 09:36 - 00009734 _____ () C:\WINDOWS\KB2930275.log 2014-03-14 09:59 - 2014-03-14 09:36 - 00008512 _____ () C:\WINDOWS\KB2929961.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00040098 _____ () C:\WINDOWS\iis6.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00037100 _____ () C:\WINDOWS\FaxSetup.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00017736 _____ () C:\WINDOWS\ocgen.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00016927 _____ () C:\WINDOWS\tsoc.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00012366 _____ () C:\WINDOWS\comsetup.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00011320 _____ () C:\WINDOWS\msmqinst.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00007488 _____ () C:\WINDOWS\ntdtcsetup.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00006498 _____ () C:\WINDOWS\netfxocm.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00006354 _____ () C:\WINDOWS\updspapi.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00002550 _____ () C:\WINDOWS\MedCtrOC.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00002052 _____ () C:\WINDOWS\ocmsn.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00001866 _____ () C:\WINDOWS\tabletoc.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00001854 _____ () C:\WINDOWS\msgsocm.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00001374 _____ () C:\WINDOWS\imsins.log 2014-03-14 09:59 - 2014-02-12 16:42 - 00001374 _____ () C:\WINDOWS\imsins.BAK 2014-03-14 09:59 - 2012-04-05 00:34 - 00000000 ____D () C:\WINDOWS\ie8updates 2014-03-11 18:29 - 2014-03-06 08:40 - 00000806 _____ () C:\WINDOWS\wmsetup.log 2014-03-11 18:07 - 2012-04-12 05:40 - 00000000 ____D () C:\Program Files\Xfire 2014-03-10 10:27 - 2014-03-10 10:27 - 00001862 _____ () C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk 2014-03-10 10:27 - 2013-04-16 19:08 - 00001868 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk 2014-03-10 10:27 - 2013-04-16 19:08 - 00000000 ____D () C:\Program Files\Microsoft Windows 7 Upgrade Advisor 2014-03-09 06:46 - 2012-04-04 14:19 - 00634032 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-03-08 08:45 - 2012-04-28 06:46 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\CanonIJPLM 2014-03-07 07:29 - 2012-12-17 09:19 - 00001024 ____H () C:\WINDOWS\system32\config\ELAM.LOG 2014-02-24 16:24 - 2005-08-31 08:57 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-02-24 16:24 - 2005-08-31 08:57 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ie4uinit.exe 2014-02-24 04:46 - 2012-04-05 00:34 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xpshims.dll 2014-02-24 04:46 - 2012-04-04 21:22 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\vgx.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\urlmon.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\wininet.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS\system32\mstime.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mstime.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS\system32\occache.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\occache.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\url.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\url.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtmled.dll 2014-02-24 04:46 - 2005-08-31 08:58 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-02-24 04:45 - 2012-06-13 07:52 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsdbgui.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieframe.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iertutil.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedvtool.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeeds.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\ieproxy.dll 2014-02-24 04:45 - 2012-04-05 00:34 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\msfeedsbs.dll 2014-02-24 04:45 - 2009-03-08 04:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-02-24 04:45 - 2009-03-08 04:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-02-24 04:45 - 2009-03-08 04:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-02-24 04:45 - 2009-03-08 04:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeedsbs.dll 2014-02-24 04:45 - 2005-08-31 08:58 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS\system32\licmgr10.dll 2014-02-24 04:45 - 2005-08-31 08:58 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\licmgr10.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-02-24 04:45 - 2005-08-31 08:57 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\inetcpl.cpl 2014-02-24 04:45 - 2005-08-31 08:57 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iedkcs32.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\iepeers.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\jsproxy.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\corpol.dll 2014-02-24 04:45 - 2005-08-31 08:57 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\corpol.dll 2014-02-24 03:54 - 2005-08-31 08:57 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2014-02-23 00:45 - 2012-04-26 12:58 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini 2014-02-21 18:04 - 2012-04-04 21:28 - 00000000 ____D () C:\Documents and Settings\Mike 2014-02-17 10:52 - 2012-04-14 08:52 - 00000000 ____D () C:\Documents and Settings\Mike\Application Data\Xfire Some content of TEMP: ==================== C:\Documents and Settings\Mike\Local Settings\temp\hcuninstaller_20140203_072758_1832.exe C:\Documents and Settings\Mike\Local Settings\temp\ICReinstall_FirefoxSetup[1].exe C:\Documents and Settings\Mike\Local Settings\temp\promote-upx.exe C:\Documents and Settings\Mike\Local Settings\temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legit C:\WINDOWS\system32\winlogon.exe => MD5 is legit C:\WINDOWS\system32\svchost.exe => MD5 is legit C:\WINDOWS\system32\services.exe => MD5 is legit C:\WINDOWS\system32\User32.dll => MD5 is legit C:\WINDOWS\system32\userinit.exe => MD5 is legit C:\WINDOWS\system32\rpcss.dll => MD5 is legit C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Mike at 2014-03-17 09:56:56 Running from C:\Documents and Settings\Mike\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: McAfee Anti-Virus and Anti-Spyware (Disabled - Up to date) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83} FW: McAfee Firewall (Disabled) {94894B63-8C7F-4050-BDA4-813CA00DA3E8} FW: ActiveArmor Firewall (Disabled) {EDC10449-64D1-46c7-A59A-EC20D662F26D} ==================== Installed Programs ====================== Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.38 - Adobe Systems Incorporated) Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.44 - Adobe Systems Incorporated) Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.) Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.) Apple Application Support (HKLM\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) att.net Internet Mail (HKLM\...\Yahoo! Mail) (Version: - ) Audio MP3 Editor 5.80 (HKLM\...\Audio MP3 Editor_is1) (Version: - audio2x.com) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Call of Duty® - World at War (HKLM\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.7 - Activision) Call of Duty® - World at War (Version: 1.0 - Activision) Hidden Call of Duty® - World at War 1.2 Patch (Version: - ) Hidden Call of Duty® - World at War 1.2 Patch (Version: 1.2 - Activision) Hidden Call of Duty® - World at War 1.3 Patch (Version: - ) Hidden Call of Duty® - World at War 1.3 Patch (Version: 1.3 - Activision) Hidden Call of Duty® - World at War 1.4 Patch (Version: - ) Hidden Call of Duty® - World at War 1.4 Patch (Version: 1.4 - Activision) Hidden Call of Duty® - World at War 1.5 Patch (Version: - ) Hidden Call of Duty® - World at War 1.5 Patch (Version: 1.5 - Activision) Hidden Call of Duty® - World at War 1.6 Patch (Version: - ) Hidden Call of Duty® - World at War 1.6 Patch (Version: 1.6 - Activision) Hidden Call of Duty® - World at War 1.7 Patch (Version: - ) Hidden Call of Duty® - World at War 1.7 Patch (Version: 1.7 - Activision) Hidden Canon MP Navigator EX 4.1 (HKLM\...\MP Navigator EX 4.1) (Version: - ) Canon MX410 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX410_series) (Version: - ) Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - ) CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform) Disney's Stanley Tiger Tales (HKLM\...\{75C139EF-A37B-11D5-B232-0050DACD394D}) (Version: - ) e-Rewards Notify (HKLM\...\{54AA8284-7213-4D3E-9186-9DB50AFF600D}) (Version: 1.1.0.181 - e-Rewards Opinion Panel) Eye Candy 4000 (HKLM\...\Eye Candy 4000) (Version: - ) Flvto Youtube Downloader (HKLM\...\Flvto Youtube Downloader) (Version: 0.5.0 - Hotger) FormatFactory 3.0.1 (HKLM\...\FormatFactory) (Version: 3.0.1 - Free Time) Google Chrome (HKCU\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.) Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.) Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (Version: 1.3.22.5 - Google Inc.) Hidden HandBrake 0.9.8 (HKLM\...\HandBrake) (Version: 0.9.8 - ) Happy Cloud Client (HKCU\...\HappyCloud) (Version: 1.386 - Happy Cloud, Inc.) High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation) iTunes (HKLM\...\{9B486871-27EB-49A5-8832-77176E63333C}) (Version: 11.0.5.5 - Apple Inc.) Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle) Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden LightScribe 1.4.124.1 (Version: 1.4.124.1 - http://www.lightscribe.com) Hidden Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation) McAfee SecurityCenter (HKLM\...\MSC) (Version: 12.8.934 - McAfee, Inc.) Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation) Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation) Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version: - Microsoft Corporation) Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation) Microsoft Office Excel MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Home and Student 2007 (HKLM\...\HOMESTUDENTR) (Version: 12.0.4518.1014 - Microsoft Corporation) Microsoft Office Home and Student 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (French) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proof (Spanish) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Office Word MUI (English) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation) Microsoft Software Update for Web Folders (English) 12 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation) MixPad (HKLM\...\MixPad) (Version: - NCH Software) Mozilla Firefox 27.0 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0 (x86 en-US)) (Version: 27.0 - Mozilla) Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 27.0 - Mozilla) Nero 7 Essentials (HKLM\...\{18039280-98B7-4C5E-AAC0-10EBC9731033}) (Version: 7.02.4457 - Nero AG) NVIDIA Control Panel 320.49 (Version: 320.49 - NVIDIA Corporation) Hidden NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (HKLM\...\InstallShield_{1F6423DE-7959-4178-80E0-023C7EAA5347}) (Version: 2.03.5523 - NVIDIA Corporation) NVIDIA ForceWare Network Access Manager (Version: 2.03.5523 - NVIDIA Corporation) Hidden NVIDIA GeForce Experience 1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.5 - NVIDIA Corporation) NVIDIA Graphics Driver 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation) NVIDIA HD Audio Driver 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.124.810 - NVIDIA Corporation) Hidden NVIDIA nView 140.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 140.62 - NVIDIA Corporation) NVIDIA PhysX (Version: 9.13.0604 - NVIDIA Corporation) Hidden NVIDIA PhysX System Software 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation) NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden Paint Shop Pro 7 ESD (HKLM\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.0.0000 - Jasc Software Inc) Pirate101 (HKLM\...\{662140BE-138C-4DC1-B4CD-B62C6C855A25}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.) Pixillion Image Converter (HKLM\...\Pixillion) (Version: 2.72 - NCH Software) PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: - ) Prime World version 9.8.6 (HKLM\...\{F6F3C462-2729-4555-8A95-CC317A90F8FF}_is1) (Version: 9.8.6 - Nival) PunkBuster Services (HKLM\...\PunkBusterSvc) (Version: 0.986 - Even Balance, Inc.) Pyware iPAS (HKLM\...\Pyware iPAS) (Version: 1.0.0.0 - Pygraphics) QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.) Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 2.04 - Realtek Semiconductor Corp.) Rose Online (HKLM\...\{2C3BC4D9-2CDB-4EFB-8CB9-323D032D5FF5}) (Version: 1.0.483.1 - Gravity Interactive, Inc.) SAMSUNG Intelli-studio (HKLM\...\Intelli-studio) (Version: 3.1.32.1 - Samsung Electronics Co., Ltd.) Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden Shockwave (HKLM\...\Shockwave) (Version: - ) SPORE™ (HKLM\...\{9DF0196F-B6B8-4C3A-8790-DE42AA530101}) (Version: 1.00.0000 - Electronic Arts) swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden TeamSpeak 3 Client (HKCU\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH) The Mighty Quest For Epic Loot version 1.219367 (HKLM\...\The Mighty Quest For Epic Loot_is1) (Version: 1.219367 - ) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation) Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation) Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation) Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation) VideoPad Video Editor (HKLM\...\VideoPad) (Version: - NCH Software) WavePad Sound Editor (HKLM\...\WavePad) (Version: - NCH Software) WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden Windows 7 Upgrade Advisor (HKLM\...\{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}) (Version: 2.0.5000.0 - Microsoft Corporation) Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (04/28/2006 1.3.1.0) (HKLM\...\9E140F48C9836B9B78539C08FB2B17146BDB3F65) (Version: 04/28/2006 1.3.1.0 - Advanced Micro Devices) Windows Genuine Advantage Notifications (KB905474) (HKLM\...\WgaNotify) (Version: 1.9.0040.0 - Microsoft Corporation) Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation) Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation) Windows Management Framework Core (HKLM\...\KB968930) (Version: - Microsoft Corporation) Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - ) Windows Media Format 11 runtime (Version: - Microsoft Corporation) Hidden Windows Media Player 11 (HKLM\...\Windows Media Player) (Version: - ) Windows Media Player 11 (Version: - Microsoft Corporation) Hidden Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation) Wizard101 (HKLM\...\{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}) (Version: 1.0.0 - KingsIsle Entertainment, Inc.) Xfire (remove only) (HKLM\...\Xfire) (Version: - ) Yahoo! Login (HKLM\...\Yahoo! Login) (Version: - ) Yahoo! Messenger Explorer Bar (HKLM\...\Yahoo! Messenger Explorer Bar) (Version: - ) ==================== Restore Points ========================= 04-02-2014 17:54:42 System Checkpoint 04-02-2014 17:54:42 System Checkpoint 04-02-2014 17:54:42 System Checkpoint 04-02-2014 17:54:43 Software Distribution Service 3.0 04-02-2014 17:54:43 System Checkpoint 04-02-2014 17:54:43 System Checkpoint 04-02-2014 17:54:44 Installed Java 7 Update 45 04-02-2014 17:54:45 System Checkpoint 04-02-2014 17:54:46 Installed %1 %2. 04-02-2014 17:54:46 Installed %1 %2. 04-02-2014 17:54:46 Installed Windows XP KB2808679. 04-02-2014 17:54:47 System Checkpoint 04-02-2014 17:54:47 System Checkpoint 04-02-2014 17:54:47 System Checkpoint 04-02-2014 17:54:48 System Checkpoint 04-02-2014 17:54:48 System Checkpoint 04-02-2014 17:54:49 System Checkpoint 04-02-2014 17:54:49 System Checkpoint 04-02-2014 17:54:49 System Checkpoint 04-02-2014 17:54:50 System Checkpoint 04-02-2014 17:54:50 System Checkpoint 04-02-2014 17:54:50 System Checkpoint 04-02-2014 17:54:51 System Checkpoint 04-02-2014 17:54:51 Software Distribution Service 3.0 04-02-2014 17:54:51 Software Distribution Service 3.0 04-02-2014 17:54:51 System Checkpoint 04-02-2014 17:54:52 System Checkpoint 04-02-2014 17:54:52 System Checkpoint 04-02-2014 17:54:53 System Checkpoint 04-02-2014 17:54:53 System Checkpoint 04-02-2014 17:54:54 Driver Booster : NVIDIA GeForce GTX 650 04-02-2014 17:54:54 System Checkpoint 04-02-2014 17:54:54 System Checkpoint 04-02-2014 17:54:55 System Checkpoint 04-02-2014 17:54:55 System Checkpoint 04-02-2014 17:54:55 System Checkpoint 04-02-2014 17:54:56 System Checkpoint 04-02-2014 17:54:56 System Checkpoint 04-02-2014 17:54:57 System Checkpoint 04-02-2014 17:54:57 System Checkpoint 04-02-2014 17:54:58 System Checkpoint 04-02-2014 17:54:58 System Checkpoint 04-02-2014 17:54:58 Software Distribution Service 3.0 04-02-2014 17:54:59 System Checkpoint 04-02-2014 17:55:00 System Checkpoint 04-02-2014 17:55:00 System Checkpoint 04-02-2014 17:55:00 System Checkpoint 04-02-2014 17:55:01 Installed Java 7 Update 51 04-02-2014 17:55:01 System Checkpoint 04-02-2014 17:55:03 System Checkpoint 04-02-2014 17:55:03 System Checkpoint 04-02-2014 17:55:04 System Checkpoint 04-02-2014 17:55:05 System Checkpoint 04-02-2014 17:55:05 System Checkpoint 04-02-2014 17:55:05 System Checkpoint 04-02-2014 17:55:05 System Checkpoint 04-02-2014 17:55:08 End of disinfection 05-02-2014 19:13:08 System Checkpoint 06-02-2014 20:39:34 System Checkpoint 08-02-2014 17:46:33 System Checkpoint 10-02-2014 02:19:46 System Checkpoint 12-02-2014 00:55:01 System Checkpoint 12-02-2014 23:39:39 Software Distribution Service 3.0 14-02-2014 00:36:45 System Checkpoint 15-02-2014 01:19:53 System Checkpoint 16-02-2014 17:03:50 System Checkpoint 18-02-2014 01:16:31 System Checkpoint 19-02-2014 01:25:00 System Checkpoint 20-02-2014 01:40:39 System Checkpoint 21-02-2014 01:53:11 System Checkpoint 24-02-2014 01:17:02 System Checkpoint 25-02-2014 17:25:31 System Checkpoint 26-02-2014 17:26:52 System Checkpoint 27-02-2014 17:45:01 System Checkpoint 28-02-2014 18:07:11 System Checkpoint 01-03-2014 21:29:23 System Checkpoint 02-03-2014 23:32:44 System Checkpoint 04-03-2014 04:45:21 System Checkpoint 05-03-2014 14:50:56 System Checkpoint 06-03-2014 17:49:05 System Checkpoint 08-03-2014 01:38:11 System Checkpoint 09-03-2014 14:11:26 System Checkpoint 10-03-2014 16:17:14 System Checkpoint 12-03-2014 14:26:51 System Checkpoint 13-03-2014 16:31:56 System Checkpoint 14-03-2014 16:59:27 Software Distribution Service 3.0 17-03-2014 13:39:47 System Checkpoint ==================== Hosts content: ========================== 2005-08-31 08:57 - 2013-03-10 07:55 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003Core.job => C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-606747145-725345543-1003UA.job => C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\MixPadReminder.job => C:\Program Files\NCH Software\MixPad\mixpad.exe Task: C:\WINDOWS\Tasks\PixillionSevenDays.job => C:\Program Files\NCH Software\Pixillion\pixillion.exe ==================== Loaded Modules (whitelisted) ============= 2011-09-27 07:23 - 2011-09-27 07:23 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2011-09-27 07:22 - 2011-09-27 07:22 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2005-08-31 08:57 - 2008-04-13 17:11 - 00059904 _____ () C:\WINDOWS\system32\devenum.dll 2005-08-31 08:58 - 2008-04-13 17:11 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll 2006-02-07 00:13 - 2006-02-07 00:13 - 00024691 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\modules\mod_auth.so 2006-02-07 00:13 - 2006-02-07 00:13 - 00159744 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\SSLEAY32.dll 2006-02-07 00:13 - 2006-02-07 00:13 - 00876544 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\LIBEAY32.dll 2012-04-05 09:06 - 2012-05-18 11:04 - 00076888 _____ () C:\WINDOWS\system32\PnkBstrA.exe 2006-03-30 14:58 - 2006-03-30 14:58 - 00143360 _____ () C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe 2012-04-05 09:06 - 2014-03-17 08:30 - 00281872 _____ () C:\WINDOWS\system32\PnkBstrB.exe ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver" ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk => C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon MSCONFIG\startupreg: Google Update => "C:\Documents and Settings\Mike\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: NeroFilterCheck => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\qttask.exe" -atboottime MSCONFIG\startupreg: RemoteControl => "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe" MSCONFIG\startupreg: swg => "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (03/17/2014 07:03:21 AM) (Source: Application Error) (User: ) Description: Fault bucket -1068817231. The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. Error: (03/17/2014 07:03:10 AM) (Source: Application Error) (User: ) Description: Faulting application McSvHost.exe, version 2.6.259.0, faulting module msvcr100.dll, version 10.0.40219.325, fault address 0x0008d6fd. Processing media-specific event for [McSvHost.exe!ws!] Error: (03/17/2014 07:02:30 AM) (Source: McLogEvent) (User: NT AUTHORITY) Description: 1 Error: (03/17/2014 06:12:34 AM) (Source: McLogEvent) (User: NT AUTHORITY) Description: 1 Error: (03/16/2014 09:40:44 PM) (Source: McLogEvent) (User: NT AUTHORITY) Description: 1 Error: (03/16/2014 08:43:15 AM) (Source: McLogEvent) (User: NT AUTHORITY) Description: 1 Error: (03/13/2014 08:28:54 AM) (Source: Application Hang) (User: ) Description: Hanging application CoDWaWmp.exe, version 1.7.0.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/11/2014 06:13:25 PM) (Source: Application Hang) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/10/2014 10:12:30 AM) (Source: Application Hang) (User: ) Description: Hanging application iexplore.exe, version 8.0.6001.18702, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/06/2014 09:41:23 PM) (Source: Application Error) (User: ) Description: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module mshtml.dll, version 8.0.6001.23562, fault address 0x000ddc85. Processing media-specific event for [iexplore.exe!ws!] System errors: ============= Error: (03/17/2014 09:21:16 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout. Error: (03/17/2014 09:20:45 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 09:20:15 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 08:10:46 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout. Error: (03/17/2014 08:10:15 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 08:09:45 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 08:08:32 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout. Error: (03/17/2014 08:08:01 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 08:07:31 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {395633B1-EED9-4DFC-B67F-9788B51C9F06} did not register with DCOM within the required timeout. Error: (03/17/2014 08:04:04 AM) (Source: DCOM) (User: NT AUTHORITY) Description: The server {DC7EF8E1-824F-4110-AB43-1604DA9B4F40} did not register with DCOM within the required timeout. Microsoft Office Sessions: ========================= ==================== Memory info =========================== Percentage of memory in use: 35% Total physical RAM: 2815.48 MB Available physical RAM: 1808.96 MB Total Pagefile: 4702.89 MB Available Pagefile: 3649.65 MB Total Virtual: 2047.88 MB Available Virtual: 1931.62 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.75 GB) (Free:366.89 GB) NTFS ==>[Drive with boot components (Windows XP)] Drive d: (CODWAW) (CDROM) (Total:6.95 GB) (Free:0 GB) UDF Drive e: (Storage) (Fixed) (Total:465.76 GB) (Free:414.69 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: D4920F58) Partition: GPT Partition Type. ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: A8EDA8ED) Partition: GPT Partition Type. ==================== End Of Log ============================ Having trouble downloading the TDSSKIler. Pop up blocker stops the down load. I click on allow, and a blank page opens.