Need Help numerous: iexplore.exe's running along with dllhost.exe's

[Brownie]

I'm working on my son's computer to get rid of what's definitely a virus of some form or another. Numerous entries of iexplore.exe, and dllhost.exe causing up to 100% of memory being used.

 

Here is a copy of FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-05-2014
Ran by Donny (administrator) on DONNY-8E17D58B6 on 22-05-2014 18:02:46
Running from C:\Documents and Settings\Donny\Desktop
Platform: Microsoft Windows XP Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730) C:\Program Files\iRacing\iRacingService.exe
(InstallShield Software Corporation) C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\WINDOWS\ehome\ehtray.exe
(Sonic Solutions) C:\WINDOWS\system32\DLA\DLACTRLW.EXE
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\Platform\McUICnt.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Memeo) C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Windows Desktop Search\WindowsSearch.exe
(McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\McAfee Online Backup\MOBKbackup.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\Mcafee\SystemCore\mfefire.exe
() C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\WINDOWS\system32\taskmgr.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [sigmatelSysTrayApp] => C:\WINDOWS\stsystra.exe [282624 2006-03-20] (SigmaTel, Inc.)
HKLM\...\Run: [NvCplDaemon] => C:\WINDOWS\system32\NvCpl.dll [8491008 2007-09-17] (NVIDIA Corporation)
HKLM\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [517392 2014-04-25] (McAfee, Inc.)
HKLM\...\Run: [iSUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [81920 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [iSUSPM Startup] => C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [221184 2004-07-27] (InstallShield Software Corporation)
HKLM\...\Run: [ehTray] => C:\WINDOWS\ehome\ehtray.exe [64512 2005-08-05] (Microsoft Corporation)
HKLM\...\Run: [DLA] => C:\WINDOWS\System32\DLA\DLACTRLW.EXE [122940 2005-11-07] (Sonic Solutions)
HKLM\...\Run: [Zune Launcher] => c:\Program Files\Zune\ZuneLauncher.exe [159456 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [switchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [start WingMan Profiler] => C:\Program Files\Logitech\Gaming Software\LWEMon.exe [153672 2010-06-14] (Logitech Inc.)
HKLM\...\Run: [seagate Dashboard] => C:\Program Files\Seagate\Seagate Dashboard\MemeoLauncher.exe [79112 2011-06-01] ()
HKLM\...\Run: [Memeo Instant Backup] => C:\Program Files\Memeo\AutoBackup\MemeoLauncher2.exe [136416 2011-05-04] (Memeo Inc.)
HKLM\...\Run: [Memeo AutoSync] => C:\Program Files\Memeo\AutoSync\MemeoLauncher2.exe [144608 2011-05-04] (Memeo Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2011-12-08] (Apple Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-05-30] (Apple Inc.)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKU\.DEFAULT\...\RunOnce: [FlashPlayerUpdate] - C:\WINDOWS\system32\Macromed\Flash\FlashUtil11e_ActiveX.exe [247968 2011-12-17] (Adobe Systems, Inc.)
HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2006-10-18] (Microsoft Corporation)
HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-12-17] (Google Inc.)
HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\Run: [Google Update] => "C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1644491937-1220945662-725345543-1003\...\MountPoints2: {7ce7db57-c569-11e2-8b1b-001676deffa7} - F:\VZW_Software_upgrade_assistant.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk
ShortcutTarget: Windows Search.lnk -> C:\Program Files\Windows Desktop Search\WindowsSearch.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {D8CDAC95-B82F-4A59-B757-7D3B30676E1B} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
SearchScopes: HKCU - {D8CDAC95-B82F-4A59-B757-7D3B30676E1B} URL = http://search.yahoo.com/search?fr=mcafee&type=A011US0&p={SearchTerms}
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL (Sonic Solutions)
BHO: PasswordBox Helper - {5DB69B97-934B-451D-94DB-32EF802A01CD} - C:\Program Files\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.9012.1008\swg.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: JQSIEStartDetectorImpl Class - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No File
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - PasswordBox - {25E2E5C9-C43C-4EE8-B23E-4383915F2BCE} - C:\Program Files\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1354481751750
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76

FireFox:
========
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @mcafee.com/MVT - C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: geocomply.com/gc_browser_plugin_client_c - C:\PROGRA~1\888POK~1\bin\gc\npgc-browser-plugin-client-c.dll (GeoComply)
FF Plugin HKCU: geocomply.com/gc_browser_plugin_client_2_1_7 - C:\PROGRA~1\GEOCOM~1\GC-BRO~1\217~1.1\NPGC-B~1.DLL (GeoComply)
FF HKLM\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-12-15]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files\McAfee\SiteAdvisor [2011-12-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF HKLM\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: No Name - C:\Program Files\McAfee\MSK [2011-12-15]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []

Chrome:
=======
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: http://search.yahoo.com/search?fr=mcafee&type=A211US0&p={searchTerms}
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-23]
CHR Extension: (Google Drive) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-23]
CHR Extension: (PasswordBox) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bdgldefdgecfggjdniencbihfhfnenke [2013-11-23]
CHR Extension: (YouTube) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-25]
CHR Extension: (Google Search) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-25]
CHR Extension: (SiteAdvisor) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2012-06-25]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-02-05]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (Gmail) - C:\Documents and Settings\Donny\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-25]
CHR HKCU\...\Chrome\Extension: [bdgldefdgecfggjdniencbihfhfnenke] - C:\Documents and Settings\Donny\Local Settings\Application Data\PasswordBox\Chrome\extension [2013-04-27]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2013-02-05]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

R2 HomeNetSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 iRacingService; C:\Program Files\iRacing\iRacingService.exe [527016 2013-01-25] (iRacing.com Motorsport Simulations, LLC
Bedford, MA 01730)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe [167784 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [145568 2014-04-25] (McAfee, Inc.)
U2 mcbootdelaystartsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [471592 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S2 McrdSvc; C:\WINDOWS\ehome\mcrdsvc.exe [99328 2005-08-05] (Microsoft Corporation)
R2 MemeoBackgroundService; C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe [25824 2011-05-04] (Memeo)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [655936 2014-03-18] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [169800 2014-04-03] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [179600 2014-04-03] (McAfee, Inc.)
R2 MOBKbackup; C:\Program Files\McAfee Online Backup\MOBKbackup.exe [229688 2010-04-13] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe [281560 2013-07-30] (McAfee, Inc.)
S4 PasswordBox; C:\Program Files\PasswordBox\pbbtnService.exe [67584 2013-03-01] (PasswordBox, Inc.)
S4 SeagateDashboardService; C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe [14088 2011-06-01] (Memeo)
S4 ZuneBusEnum; c:\Program Files\Zune\ZuneBusEnum.exe [57056 2011-08-05] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

R3 Apowersoft_AudioDevice; C:\WINDOWS\System32\drivers\Apowersoft_AudioDevice.sys [26080 2012-10-08] (Wondershare)
S3 AR9271; C:\WINDOWS\System32\DRIVERS\athuw.sys [1759584 2010-09-30] (Atheros Communications, Inc.)
R0 atapi; C:\WINDOWS\System32\DRIVERS\atapi.sys [96512 2008-04-13] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 cfwids; C:\WINDOWS\System32\drivers\cfwids.sys [61400 2014-04-03] (McAfee, Inc.)
R2 DLABOIOM; C:\WINDOWS\System32\DLA\DLABOIOM.SYS [25628 2005-11-07] (Sonic Solutions)
R1 DLACDBHM; C:\WINDOWS\System32\Drivers\DLACDBHM.SYS [5660 2005-11-18] (Sonic Solutions)
R2 DLADResN; C:\WINDOWS\System32\DLA\DLADResN.SYS [2496 2005-11-07] (Sonic Solutions)
R2 DLAIFS_M; C:\WINDOWS\System32\DLA\DLAIFS_M.SYS [86652 2005-11-07] (Sonic Solutions)
R2 DLAOPIOM; C:\WINDOWS\System32\DLA\DLAOPIOM.SYS [14684 2005-11-07] (Sonic Solutions)
R2 DLAPoolM; C:\WINDOWS\System32\DLA\DLAPoolM.SYS [6364 2005-11-07] (Sonic Solutions)
R1 DLARTL_N; C:\WINDOWS\System32\Drivers\DLARTL_N.SYS [22684 2005-11-18] (Sonic Solutions)
R2 DLAUDFAM; C:\WINDOWS\System32\DLA\DLAUDFAM.SYS [94332 2005-11-07] (Sonic Solutions)
R2 DLAUDF_M; C:\WINDOWS\System32\DLA\DLAUDF_M.SYS [87036 2005-11-07] (Sonic Solutions)
R2 DRVNDDM; C:\WINDOWS\System32\Drivers\DRVNDDM.SYS [40544 2005-08-12] (Sonic Solutions)
S3 HipShieldK; C:\WINDOWS\System32\drivers\HipShieldK.sys [147912 2013-09-23] (McAfee, Inc.)
S3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2009-05-18] (HP)
S3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2009-05-18] (HP)
S3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2009-05-18] (HP)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [110296 2014-05-22] (Malwarebytes Corporation)
R3 mfeapfk; C:\WINDOWS\System32\drivers\mfeapfk.sys [134600 2014-04-03] (McAfee, Inc.)
R3 mfeavfk; C:\WINDOWS\System32\drivers\mfeavfk.sys [236672 2014-04-03] (McAfee, Inc.)
S3 mfebopk; C:\WINDOWS\System32\drivers\mfebopk.sys [66408 2014-04-03] (McAfee, Inc.)
R3 mfefirek; C:\WINDOWS\System32\drivers\mfefirek.sys [367776 2014-04-03] (McAfee, Inc.)
R0 mfehidk; C:\WINDOWS\System32\drivers\mfehidk.sys [574576 2014-04-03] (McAfee, Inc.)
R3 mfencbdc; C:\WINDOWS\System32\DRIVERS\mfencbdc.sys [345584 2014-03-18] (McAfee, Inc.)
S3 mfencrk; C:\WINDOWS\System32\DRIVERS\mfencrk.sys [81264 2014-03-18] (McAfee, Inc.)
S3 mfendisk; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [86120 2014-04-03] (McAfee, Inc.)
R3 mfendiskmp; C:\WINDOWS\System32\DRIVERS\mfendisk.sys [86120 2014-04-03] (McAfee, Inc.)
R1 mfetdi2k; C:\WINDOWS\System32\drivers\mfetdi2k.sys [92216 2014-04-03] (McAfee, Inc.)
R1 MOBKFilter; C:\WINDOWS\System32\DRIVERS\MOBK.sys [54776 2010-04-13] (Mozy, Inc.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R0x01000000 papycpu2; C:\WINDOWS\System32\DRIVERS\papycpu2.sys [1984 2003-01-17] ()
R0x01000000 papyjoy; C:\WINDOWS\System32\DRIVERS\papyjoy.sys [1856 2003-01-17] ()
R2 RVIEG01; C:\Program Files\Roland\Virtual Sound Canvas DXi\RVIEg01.sys [187992 2001-04-13] (Roland)
R3 STHDA; C:\WINDOWS\System32\drivers\sthda.sys [1156648 2006-03-20] (SigmaTel, Inc.)
R3 WmBEnum; C:\WINDOWS\System32\drivers\WmBEnum.sys [22856 2010-04-27] (Logitech Inc.)
S3 WmFilter; C:\WINDOWS\System32\drivers\WmFilter.sys [37704 2010-04-27] (Logitech Inc.)
S3 WmHidLo; C:\WINDOWS\System32\drivers\WmHidLo.sys [31816 2010-04-27] (Logitech Inc.)
S3 WmVirHid; C:\WINDOWS\System32\drivers\WmVirHid.sys [15048 2010-04-27] (Logitech Inc.)
R3 WmXlCore; C:\WINDOWS\System32\drivers\WmXlCore.sys [66632 2010-04-27] (Logitech Inc.)
R2 zumbus; C:\WINDOWS\System32\DRIVERS\zumbus.sys [41472 2011-08-05] (Microsoft Corporation)
S4 IntelIde; No ImagePath
U0 mfewfpk;
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================

NETSVC: MHN -> C:\Windows\System32\mhn.dll (Microsoft Corporation)

==================== One Month Created Files and Folders ========

2014-05-22 17:41 - 2014-05-22 18:06 - 00023304 _____ () C:\Documents and Settings\Donny\Desktop\FRST.txt
2014-05-22 17:39 - 2014-05-22 17:39 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-22 17:39 - 2014-05-22 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-22 17:39 - 2014-05-22 17:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-22 17:39 - 2014-05-12 07:26 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-22 17:39 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-22 17:33 - 2014-05-22 17:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Donny\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-22 17:30 - 2014-05-22 17:30 - 01056768 _____ (Farbar) C:\Documents and Settings\Donny\Desktop\FRST.exe
2014-05-21 12:16 - 2014-05-21 12:16 - 00016419 _____ () C:\Documents and Settings\Donny\Desktop\MVTHealthCheck_Deviation.html
2014-05-21 11:56 - 2014-05-21 11:56 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\McAfee
2014-05-21 11:42 - 2014-05-22 17:21 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-05-20 14:40 - 2014-05-20 16:47 - 00000000 ____D () C:\AdwCleaner
2014-05-19 17:45 - 2014-05-19 17:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\d6862443a053af2
2014-05-17 03:52 - 2014-05-17 03:52 - 00000000 ____D () C:\Program Files\ESET
2014-05-16 14:04 - 2014-05-16 14:04 - 00000000 _____ () C:\prefs.js
2014-05-16 13:28 - 2014-05-22 18:02 - 00000000 ____D () C:\FRST
2014-05-16 13:24 - 2014-05-22 17:41 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 12:14 - 2014-05-16 12:14 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\4D27306B.sys
2014-05-15 01:06 - 2014-05-15 12:13 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\09EB3FCF.sys
2014-05-15 00:34 - 2014-05-16 12:13 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-05-12 14:12 - 2014-05-12 14:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Sun
2014-05-12 14:12 - 2014-05-12 14:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-05-12 14:08 - 2014-05-12 14:08 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-05-10 14:56 - 2014-05-10 14:56 - 00000000 ___HD () C:\WINDOWS\PIF
2014-05-08 12:36 - 2014-05-08 12:36 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2014-05-07 16:05 - 2014-05-08 18:29 - 00000664 _____ () C:\Documents and Settings\Donny\Local Settings\Application Data\d3d9caps.dat
2014-05-07 08:58 - 2014-03-12 06:48 - 00993280 _____ (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\kolwlrk.dll
2014-05-06 20:12 - 2014-05-14 16:36 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-05-06 19:25 - 2014-05-06 19:25 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-05-06 15:01 - 2014-05-14 17:35 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-05-06 15:01 - 2014-05-12 14:08 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-05-06 15:01 - 2011-12-18 16:40 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Macromedia
2014-05-06 15:01 - 2011-12-12 01:59 - 00001599 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-05-06 15:01 - 2011-12-12 01:59 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-05-03 03:00 - 2014-05-03 03:01 - 00014234 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-04-25 13:41 - 2014-05-13 10:41 - 00000414 _____ () C:\WINDOWS\Tasks\At3.job
2014-04-25 13:39 - 2014-04-25 13:39 - 00001967 _____ () C:\Documents and Settings\All Users\Desktop\Free YouTube to MP3 Converter.lnk
2014-04-22 13:29 - 2014-04-22 13:29 - 00000000 ____D () C:\Documents and Settings\Donny\Start Menu\Programs\Verizon

==================== One Month Modified Files and Folders =======

2014-05-22 18:06 - 2014-05-22 17:41 - 00023304 _____ () C:\Documents and Settings\Donny\Desktop\FRST.txt
2014-05-22 18:02 - 2014-05-16 13:28 - 00000000 ____D () C:\FRST
2014-05-22 17:41 - 2014-05-16 13:24 - 00110296 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-22 17:39 - 2014-05-22 17:39 - 00000777 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-22 17:39 - 2014-05-22 17:39 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-22 17:39 - 2014-05-22 17:39 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-22 17:33 - 2014-05-22 17:33 - 17292760 _____ (Malwarebytes Corporation ) C:\Documents and Settings\Donny\Desktop\mbam-setup-2.0.2.1012.exe
2014-05-22 17:30 - 2014-05-22 17:30 - 01056768 _____ (Farbar) C:\Documents and Settings\Donny\Desktop\FRST.exe
2014-05-22 17:21 - 2014-05-21 11:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
2014-05-22 17:20 - 2011-12-12 01:58 - 01553585 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-22 14:44 - 2004-08-10 07:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-21 12:16 - 2014-05-21 12:16 - 00016419 _____ () C:\Documents and Settings\Donny\Desktop\MVTHealthCheck_Deviation.html
2014-05-21 11:56 - 2014-05-21 11:56 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\McAfee
2014-05-21 11:55 - 2011-12-15 03:35 - 00000000 ____D () C:\Program Files\McAfee
2014-05-21 11:55 - 2011-12-15 03:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\McAfee
2014-05-20 17:58 - 2013-09-19 23:09 - 00488971 _____ () C:\WINDOWS\setupapi.log
2014-05-20 17:47 - 2011-12-15 03:36 - 00000000 ____D () C:\Program Files\Common Files\Mcafee
2014-05-20 16:47 - 2014-05-20 14:40 - 00000000 ____D () C:\AdwCleaner
2014-05-20 12:11 - 2012-03-05 19:54 - 00000000 ____D () C:\Documents and Settings\NetworkService\Local Settings\Application Data\BitTorrentBar
2014-05-19 17:45 - 2014-05-19 17:45 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\d6862443a053af2
2014-05-17 03:52 - 2014-05-17 03:52 - 00000000 ____D () C:\Program Files\ESET
2014-05-16 14:04 - 2014-05-16 14:04 - 00000000 _____ () C:\prefs.js
2014-05-16 12:14 - 2014-05-16 12:14 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\4D27306B.sys
2014-05-16 12:13 - 2014-05-15 00:34 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\48230029.sys
2014-05-16 12:10 - 2014-03-20 21:16 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\Malwarebytes
2014-05-16 00:25 - 2013-11-23 13:43 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-05-15 20:44 - 2013-12-06 13:00 - 00000000 ____D () C:\Documents and Settings\Donny\My Documents\888PokerNJ
2014-05-15 19:55 - 2013-07-14 11:33 - 00000144 ___RH () C:\Documents and Settings\Donny\Desktop\Stinger.opt
2014-05-15 19:55 - 2013-07-14 09:00 - 00000000 ____D () C:\Program Files\stinger
2014-05-15 19:51 - 2013-07-14 09:03 - 00000000 ____D () C:\Stinger_Quarantine
2014-05-15 19:31 - 2011-12-15 12:17 - 00000000 ____D () C:\Program Files\Microsoft Works
2014-05-15 12:50 - 2011-12-15 13:08 - 00000000 ____D () C:\Program Files\Java
2014-05-15 12:13 - 2014-05-15 01:06 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\09EB3FCF.sys
2014-05-15 01:14 - 2012-12-25 13:13 - 00000000 ____D () C:\WINDOWS\pss
2014-05-15 01:14 - 2011-12-11 20:43 - 00000209 ___SH () C:\boot.ini
2014-05-15 01:14 - 2004-08-10 07:00 - 00000542 _____ () C:\WINDOWS\win.ini
2014-05-15 01:14 - 2004-08-10 07:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-05-15 00:30 - 2014-03-20 21:15 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-05-14 17:35 - 2014-05-06 15:01 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-05-14 16:36 - 2014-05-06 20:12 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-05-14 02:33 - 2011-12-12 02:05 - 00000178 ___SH () C:\Documents and Settings\Donny\ntuser.ini
2014-05-14 01:29 - 2011-12-12 02:02 - 00032582 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-14 01:29 - 2011-12-12 02:02 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-14 01:29 - 2011-12-11 20:47 - 00000216 _____ () C:\WINDOWS\wiadebug.log
2014-05-14 01:17 - 2011-12-11 20:47 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-05-14 01:15 - 2014-03-21 22:50 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-14 01:15 - 2011-12-17 16:10 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-13 10:41 - 2014-04-25 13:41 - 00000414 _____ () C:\WINDOWS\Tasks\At3.job
2014-05-13 10:40 - 2011-12-17 16:10 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-12 14:19 - 2014-03-16 17:43 - 00000079 _____ () C:\WINDOWS\system32\knjx.pzm
2014-05-12 14:12 - 2014-05-12 14:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Sun
2014-05-12 14:12 - 2014-05-12 14:12 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-05-12 14:08 - 2014-05-12 14:08 - 00000000 __SHD () C:\Documents and Settings\Administrator\IETldCache
2014-05-12 14:08 - 2014-05-06 15:01 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-05-12 07:26 - 2014-05-22 17:39 - 00053208 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-22 17:39 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-10 15:18 - 2013-03-07 16:18 - 00000418 _____ () C:\WINDOWS\Tasks\At2.job
2014-05-10 15:18 - 2013-02-11 16:18 - 00000412 _____ () C:\WINDOWS\Tasks\At1.job
2014-05-10 14:56 - 2014-05-10 14:56 - 00000000 ___HD () C:\WINDOWS\PIF
2014-05-10 14:30 - 2011-12-12 01:56 - 00000000 ____D () C:\WINDOWS\Registration
2014-05-09 22:39 - 2011-12-11 20:39 - 00000000 ____D () C:\WINDOWS\Help
2014-05-09 22:26 - 2011-12-12 01:57 - 00000000 ____D () C:\WINDOWS\system32\Restore
2014-05-08 18:29 - 2014-05-07 16:05 - 00000664 _____ () C:\Documents and Settings\Donny\Local Settings\Application Data\d3d9caps.dat
2014-05-08 17:19 - 2011-12-12 02:02 - 00000178 ___SH () C:\Documents and Settings\LocalService\ntuser.ini
2014-05-08 17:18 - 2011-12-12 02:02 - 00000178 ___SH () C:\Documents and Settings\NetworkService\ntuser.ini
2014-05-08 17:18 - 2011-12-12 02:02 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-05-08 17:05 - 2014-03-21 22:50 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-08 13:01 - 2012-12-02 18:30 - 01703936 _____ () C:\WINDOWS\system32\config\WindowsPowerShell.evt
2014-05-08 12:36 - 2014-05-08 12:36 - 00000000 ____D () C:\Documents and Settings\NetworkService\Application Data\Apple Computer
2014-05-08 02:01 - 2011-12-24 03:45 - 00000342 _____ () C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-DONNY-8E17D58B6-Donny.job
2014-05-07 17:44 - 2011-12-15 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB980232$
2014-05-07 04:21 - 2011-12-15 03:00 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB978601$
2014-05-06 19:25 - 2014-05-06 19:25 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-05-06 19:25 - 2011-12-12 02:05 - 00000000 ____D () C:\Documents and Settings\Donny
2014-05-06 14:23 - 2011-12-11 20:39 - 00000000 ____D () C:\WINDOWS\msagent
2014-05-05 18:54 - 2011-12-28 19:15 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-05-04 00:41 - 2013-12-18 16:18 - 00000061 _____ () C:\Documents and Settings\NetworkService\Application Data\WB.CFG
2014-05-03 03:18 - 2014-02-04 17:35 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\VERIZON
2014-05-03 03:01 - 2014-05-03 03:00 - 00014234 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-05-03 03:01 - 2011-12-15 03:15 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-05-03 03:01 - 2011-12-12 02:11 - 00260722 _____ () C:\WINDOWS\updspapi.log
2014-05-03 03:01 - 2011-12-11 20:45 - 02305584 _____ () C:\WINDOWS\FaxSetup.log
2014-05-03 03:01 - 2011-12-11 20:45 - 01107717 _____ () C:\WINDOWS\ocgen.log
2014-05-03 03:01 - 2011-12-11 20:45 - 01055887 _____ () C:\WINDOWS\tsoc.log
2014-05-03 03:01 - 2011-12-11 20:45 - 00708854 _____ () C:\WINDOWS\msmqinst.log
2014-05-03 03:01 - 2011-12-11 20:45 - 00655660 _____ () C:\WINDOWS\comsetup.log
2014-05-03 03:01 - 2011-12-11 20:45 - 00509748 _____ () C:\WINDOWS\iis6.log
2014-05-03 03:01 - 2011-12-11 20:45 - 00417299 _____ () C:\WINDOWS\netfxocm.log
2014-05-03 03:01 - 2011-12-11 20:45 - 00395517 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-03 03:01 - 2011-12-11 20:45 - 00259605 _____ () C:\WINDOWS\plusoc.log
2014-05-03 03:01 - 2011-12-11 20:45 - 00247692 _____ () C:\WINDOWS\MedCtrOC.log
2014-05-03 03:01 - 2011-12-11 20:45 - 00124500 _____ () C:\WINDOWS\ehOCGen.log
2014-05-03 03:01 - 2011-12-11 20:45 - 00116831 _____ () C:\WINDOWS\tabletoc.log
2014-05-03 03:01 - 2011-12-11 20:45 - 00115354 _____ () C:\WINDOWS\msgsocm.log
2014-05-03 03:01 - 2011-12-11 20:45 - 00107750 _____ () C:\WINDOWS\ocmsn.log
2014-05-03 03:01 - 2011-12-11 20:45 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-05-01 00:13 - 2012-02-04 23:24 - 00000000 ____D () C:\Documents and Settings\All Users\PMS
2014-04-30 04:13 - 2006-03-23 13:32 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 04:13 - 2006-03-23 13:32 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-25 13:39 - 2014-04-25 13:39 - 00001967 _____ () C:\Documents and Settings\All Users\Desktop\Free YouTube to MP3 Converter.lnk
2014-04-25 13:39 - 2013-02-05 10:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\DVDVideoSoft
2014-04-25 13:39 - 2013-02-05 10:50 - 00000000 ____D () C:\Program Files\DVDVideoSoft
2014-04-25 13:39 - 2013-02-05 10:50 - 00000000 ____D () C:\Documents and Settings\Donny\Application Data\DVDVideoSoft
2014-04-25 13:37 - 2013-02-05 10:50 - 00000000 ____D () C:\Program Files\Common Files\DVDVideoSoft
2014-04-22 13:29 - 2014-04-22 13:29 - 00000000 ____D () C:\Documents and Settings\Donny\Start Menu\Programs\Verizon

Files to move or delete:
====================
C:\Windows\Tasks\At1.job
C:\Windows\Tasks\At2.job
C:\Windows\Tasks\At3.job

Some content of TEMP:
====================
C:\Documents and Settings\Donny\Local Settings\Temp\BearShare_setup.exe
C:\Documents and Settings\Donny\Local Settings\Temp\CmdLineExt02.dll
C:\Documents and Settings\Donny\Local Settings\Temp\GoogleToolbarInstaller_en32_signed.exe
C:\Documents and Settings\Donny\Local Settings\Temp\Installhelper.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna1699849133620055802.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna2038750351447211198.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna2242689136865375979.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna2597544463898009698.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna2901320563378939545.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna3162458390719647257.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna3924942368337710952.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna4248713642862826653.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna474708303171153103.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna4910608968922229294.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna4975153855161580461.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna5032718631298830907.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna5095235301004012983.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna636686742432317838.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna6399144160377212158.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna6416414153751485963.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna6695243107542341978.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna7044677504744725665.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna7199012154177157621.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna791688451077377964.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna8106629457905029711.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna8196011731201775924.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna8222583446543413584.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna8276456982533541843.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna8365891544647109781.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jna8862259213779771948.dll
C:\Documents and Settings\Donny\Local Settings\Temp\jre-7u15-windows-i586-iftw.exe
C:\Documents and Settings\Donny\Local Settings\Temp\jre-7u21-windows-i586-iftw.exe
C:\Documents and Settings\Donny\Local Settings\Temp\jre-7u7-windows-i586-iftw.exe
C:\Documents and Settings\Donny\Local Settings\Temp\jre-7u9-windows-i586-iftw.exe
C:\Documents and Settings\Donny\Local Settings\Temp\MemeoSupport.exe
C:\Documents and Settings\Donny\Local Settings\Temp\ntrck0ninstall.exe
C:\Documents and Settings\Donny\Local Settings\Temp\ntrck1ninstall.exe
C:\Documents and Settings\Donny\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\Donny\Local Settings\Temp\setup.exe
C:\Documents and Settings\Donny\Local Settings\Temp\setup_wm.exe
C:\Documents and Settings\Donny\Local Settings\Temp\SIInvoker.exe
C:\Documents and Settings\Donny\Local Settings\Temp\SIntf16.dll
C:\Documents and Settings\Donny\Local Settings\Temp\SIntf32.dll
C:\Documents and Settings\Donny\Local Settings\Temp\SIntfNT.dll
C:\Documents and Settings\Donny\Local Settings\Temp\SRAssetsHelper.dll
C:\Documents and Settings\Donny\Local Settings\Temp\utt271.tmp.exe
C:\Documents and Settings\Donny\Local Settings\Temp\utt43C.tmp.exe

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-05-2014
Ran by Donny at 2014-05-22 18:07:34
Running from C:\Documents and Settings\Donny\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

==================== Installed Programs ======================

32 Bit HP CIO Components Installer (Version: 7.1.8 - Hewlett-Packard) Hidden
4500_G510gm_Help (Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (Version: 000.0.423.000 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
888pokerNJ (HKLM\...\888pokerNJ) (Version:  - )
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS5 (HKLM\...\{3EB745BA-194F-4475-9164-B20BB2172395}) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Reader X (10.1.2) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.2 - Adobe Systems Incorporated)
Apple Application Support (HKLM\...\{122ADF8C-DDA1-480C-9936-C88F2825B265}) (Version: 2.1.9 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{8153ED9A-C94A-426E-9880-5E6775C08B62}) (Version: 4.0.0.97 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
BorgataPoker (HKLM\...\BorgataPoker) (Version:  - theBorgata)
BovadaPoker (HKLM\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   - )
BufferChm (Version: 130.0.331.000 - Hewlett-Packard) Hidden
CL-Eye Driver (HKLM\...\CL-Eye Driver) (Version: 5.3.0.0341 - Code Laboratories, Inc.)
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Dell Resource CD (HKLM\...\{FCD9CD52-7222-4672-94A0-A722BA702FD0}) (Version: 1.00.0000 - Dell Inc.)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 130.0.372.000 - Hewlett-Packard) Hidden
DocMgr (Version: 130.0.000.000 - Hewlett-Packard) Hidden
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
DVD Flick 1.3.0.7 (HKLM\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
ESPNMotion (HKLM\...\ESPNMotion) (Version: 2.1.6.0011 - ESPN Internet Ventures)
Fax (Version: 130.0.418.000 - Hewlett-Packard) Hidden
Free YouTube to MP3 Converter version 3.12.33.424 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.33.424 - DVDVideoSoft Ltd.)
FrostWire 5.3.8 (HKLM\...\FrostWire 5) (Version: 5.3.8.0 - FrostWire Team)
GemMaster Mystic (HKLM\...\12133444-BF36-4d4e-B7FB-A3424C645DE4) (Version:  - )
GeoComply Browser Plugin (HKLM\...\{31575B33-1F39-46C6-970F-3E2C45EF9DA8}) (Version: 2.1.7.1 - GeoComply)
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
GPBaseService2 (Version: 130.0.371.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000 - Hewlett-Packard) Hidden
High Definition Audio Driver Package - KB835221 (HKLM\...\KB835221WXP) (Version: 20040219.000000 - Microsoft Corporation)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Document Manager 2.0 (HKLM\...\HP Document Manager) (Version: 2.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Product Detection (HKLM\...\{A436F67F-687E-4736-BD2B-537121A804CF}) (Version: 11.14.0001 - HP)
HP Smart Web Printing 4.5 (HKLM\...\HP Smart Web Printing) (Version: 4.5 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM\...\{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}) (Version: 5.003.001.001 - Hewlett-Packard)
HPProductAssistant (Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 130.0.371.000 - Hewlett-Packard) Hidden
InfraRecorder (HKLM\...\InfraRecorder) (Version:  - Christian Kindahl)
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - )
Intel® PRO Network Connections (HKLM\...\{0A0873E1-D9BA-4994-B85D-A0A331EF1F0C}) (Version:  - Dell)
iRacing.com Race Simulation (HKLM\...\{CBBB3C80-76F5-42B5-92A6-C4BF84796DCB}) (Version: 1.01.0383 - iRacing.com Motorsport Simulations)
iTunes (HKLM\...\{B7DBF6E8-0D17-4BE4-853B-ACD6EFBD4A1F}) (Version: 10.5.2.11 - Apple Inc.)
Logitech Gaming Software 5.10 (HKLM\...\{60D32CDC-E3BE-4578-BA10-29322307CDDC}) (Version: 5.10.127 - Logitech)
MAGIX Music Maker 17 Premium Download Version (HKLM\...\MAGIX_MSI_mm17dlx) (Version: 17.0.2.6 - MAGIX AG)
MAGIX Music Maker 17 Premium Download Version (Version: 17.0.2.6 - MAGIX AG) Hidden
MAGIX Screenshare (HKLM\...\{4881B1D9-55E6-4F61-A76E-5836F12D3536}) (Version: 4.3.6.1987 - MAGIX AG)
MAGIX Speed burnR (MSI) (HKLM\...\{FEE404D1-832A-48CA-8E2D-18830DE449CB}) (Version: 7.0.1.27 - MAGIX AG)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (Version: 130.0.374.000 - Hewlett-Packard) Hidden
McAfee Internet Security (HKLM\...\MSC) (Version: 12.8.958 - McAfee, Inc.)
McAfee Online Backup (Version:  - McAfee, Inc.) Hidden
McAfee Online Backup (Version: 1.16.4.0 - McAfee, Inc.) Hidden
McAfee Virtual Technician (HKLM\...\McAfee Virtual Technician) (Version: 7.5.0.3093 - McAfee, Inc.)
Memeo AutoSync (HKLM\...\{75B7F766-7998-44d8-A202-F1EC76A121BA}) (Version:  - Memeo Inc.)
Memeo Instant Backup (HKLM\...\{8E666407-AC41-46a2-9692-6C7BFCBFDD37}) (Version: 4.60.0.7923 - Memeo Inc.)
Microsoft .NET Framework 1.0 Hotfix (KB2572066) (HKLM\...\KB2572066) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2604042) (HKLM\...\KB2604042) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Hotfix (KB2656378) (HKLM\...\KB2656378) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2698035) (HKLM\...\KB2698035) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2742607) (HKLM\...\KB2742607) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2833951) (HKLM\...\KB2833951) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.0 Security Update (KB2904878) (HKLM\...\KB2904878) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Base Smart Card Cryptographic Service Provider Package (HKLM\...\KB909520) (Version:  - Microsoft Corporation)
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Kernel-Mode Driver Framework Feature Pack 1.9 (Version:  - Microsoft Corporation) Hidden
Microsoft Primary Interoperability Assemblies 2005 (HKLM\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WinUsb 2.0 (HKLM\...\winusb0200) (Version:  - Microsoft Corporation)
Microsoft Works (HKLM\...\{6D52C408-B09A-4520-9B18-475B81D393F1}) (Version: 08.05.0818 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (Version: 1.00.0000 - Adobe) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 6.0 Parser (HKLM\...\{EA2D9BC0-75E9-4975-9A0A-DD82198DDC53}) (Version: 6.00.3883.15 - Microsoft Corporation)
NASCAR® Racing 2003 Season (HKLM\...\{ACC2E059-40E9-4464-B18D-C9BDD9A02CED}) (Version:  - Sierra Entertainment)
Network (Version: 130.0.374.000 - Hewlett-Packard) Hidden
nj.partypoker (HKLM\...\partypokerNJ) (Version:  - partyNJ)
NJ.WSOP.com (HKLM\...\NJ.WSOP.com) (Version:  - )
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
Otto (HKLM\...\B3EE3001-DC24-4cd1-8743-5692C716659F) (Version:  - )
PasswordBox (HKLM\...\PasswordBox) (Version: 1.21.3.2423 - PasswordBox, Inc.)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
PG Music DirectX Plugins 1.3.4.1 (HKLM\...\PG Music DirectX Plugins_is1) (Version:  - PG Music Inc.)
Project64 1.6 (HKLM\...\{9559F7CA-5E34-4237-A2D9-D856464AD727}) (Version: 1.6 - Project64)
PS3 Media Server (HKLM\...\PS3 Media Server) (Version: 1.90.0 - PS3 Media Server)
RealDrums Bonus Set (HKLM\...\bb_is1) (Version:  - PG Music Inc.)
Roxio DLA (HKLM\...\{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}) (Version: 5.2.0 - Roxio)
Roxio MyDVD LE (HKLM\...\{21657574-BD54-48A2-9450-EB03B2C7FC29}) (Version: 6.1.6 - Roxio)
Roxio RecordNow Audio (HKLM\...\{AB708C9B-97C8-4AC9-899B-DBF226AC9382}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Copy (HKLM\...\{B12665F4-4E93-4AB4-B7FC-37053B524629}) (Version: 2.0.4 - Roxio)
Roxio RecordNow Data (HKLM\...\{075473F5-846A-448B-BCB3-104AA1760205}) (Version: 2.0.4 - Roxio)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.999 - SAMSUNG Electronics Co., Ltd.)
Scan (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Seagate Dashboard (HKLM\...\{C3A11907-930D-41AC-A135-CC3B12F92011}) (Version: 1.1.0.1421 - Memeo Inc.)
Shared C Run-time for x86 (Version: 10.0.0 - McAfee) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
SigmaTel Audio (HKLM\...\{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}) (Version: 5.10.4803.0 - SigmaTel)
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 130.0.373.000 - Hewlett-Packard) Hidden
Sonic Encoders (HKLM\...\{9941F0AA-B903-4AF4-A055-83A9815CC011}) (Version: 1.00 - Sonic Solutions)
Sonic Update Manager (HKLM\...\{30465B6C-B53F-49A1-9EBA-A3F187AD502E}) (Version: 3.0.0 - Sonic Solutions)
Status (Version: 130.0.373.000 - Hewlett-Packard) Hidden
SuperNZB v4.0.6 (HKLM\...\SuperNZB_is1) (Version:  - )
TempoPerfect Metronome Software (HKLM\...\TempoPerfect) (Version:  - NCH Software)
Tenorshare Photo Recovery  (HKLM\...\Tenorshare Photo Recovery) (Version:  - Tenorshare, Inc.)
Text-To-Speech-Runtime (HKLM\...\{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}) (Version: 1.0.0.0 - Magix Development GmbH)
Toolbox (Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (Version: 130.0.376.000 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Media Player 10 (KB913800) (Version:  - Microsoft Corporation) Hidden
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
Update Rollup 2 for Windows XP Media Center Edition 2005 (HKLM\...\KB900325) (Version:  - Microsoft Corporation)
Verizon Wireless Software Upgrade Assistant - Samsung(ar) (HKLM\...\{3AC82D10-23DD-48F7-9E4A-FBD3792F2655}) (Version: 2.14.0307 - Samsung Electronics Co., Ltd.)
Verizon Wireless Software Utility Application for Android - Samsung (HKLM\...\{B7C5C35E-E750-4D09-BD2E-381D10124CBB}) (Version: 2.14.0305 - Samsung Electronics Co., Ltd.)
Video Download Capture V4.3.5 (HKLM\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.3.5 - Apowersoft)
Virtual Sound Canvas DXi (HKLM\...\{745877DC-8FFE-4E4C-ABBC-589B887A47D1}) (Version:  - )
Visual C++ 9.0 CRT (x86) WinSXS MSM (Version: 9.0 - Microsoft Corporation) Hidden
VLC media player 1.1.11 (HKLM\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
WebReg (Version: 130.0.132.017 - Hewlett-Packard) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Management Framework Core (HKLM\...\KB968930) (Version:  - Microsoft Corporation)
Windows Media Connect (Version:  - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows Media Player Packages (HKCU\...\Windows Media Player Packages) (Version:  - ) <==== ATTENTION
Windows Mobile Device Updater Component (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Windows Search 4.0 (HKLM\...\KB940157) (Version: 04.00.6001.503 - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2502898 (HKLM\...\KB2502898) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2619340 (HKLM\...\KB2619340) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB2628259 (HKLM\...\KB2628259) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB925766 (HKLM\...\KB925766) (Version:  - Microsoft Corporation)
Windows XP Media Center Edition 2005 KB973768 (HKLM\...\KB973768) (Version:  - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)
Zune (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CHT) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (CSY) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DAN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (DEU) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ELL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ESP) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FIN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (FRA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (HUN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (IND) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (ITA) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (JPN) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (KOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (MSL) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NLD) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (NOR) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PLK) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTB) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (PTG) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (RUS) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden
Zune Language Pack (SVE) (Version: 04.08.2345.00 - Microsoft Corporation) Hidden

==================== Restore Points  =========================

Could not list Restore Points. Check "winmgmt" service or repair WMI.

==================== Hosts content: ==========================

2004-08-10 07:00 - 2004-08-10 07:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\AdobeAAMUpdater-1.0-DONNY-8E17D58B6-Donny.job => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Donny\APPLIC~1\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\NETWOR~1\APPLIC~1\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At3.job => C:\DOCUME~1\Donny\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe

==================== Loaded Modules (whitelisted) =============

2012-02-29 22:36 - 2012-02-29 22:37 - 00036864 _____ () C:\Documents and Settings\Donny\Local Settings\Temp\CmdLineExt02.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-04-13 21:11 - 2010-04-13 21:11 - 00077624 _____ () C:\Program Files\McAfee Online Backup\librs2.dll
2011-05-04 17:04 - 2011-05-04 17:04 - 00325344 _____ () C:\Program Files\Memeo\AutoBackup\InstantBackup.exe
2011-05-04 17:04 - 2011-05-04 17:04 - 02896608 _____ () C:\Program Files\Memeo\AutoBackup\Memeo.Client.UI.dll
2011-05-04 17:04 - 2011-05-04 17:04 - 00027360 _____ () C:\Program Files\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll
2010-03-22 18:59 - 2010-03-22 18:59 - 00504293 _____ () C:\Program Files\Memeo\AutoBackup\sqlite3.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^Donny^Start Menu^Programs^Startup^Verizon Wireless Software Utility Application for Android – Samsung.lnk => C:\WINDOWS\pss\Verizon Wireless Software Utility Application for Android – Samsung.lnkStartup

==================== Faulty Device Manager Devices =============

Could not list Devices. Check "winmgmt" service or repair WMI.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/22/2014 05:15:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422.

Error: (05/22/2014 04:09:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422.

Error: (05/22/2014 03:54:44 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket 38056276.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (05/22/2014 03:54:30 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: Fault bucket -1991825768.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.

Error: (05/22/2014 03:53:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application explorer.exe, version 6.0.2900.5512, faulting module ntdll.dll, version 5.1.2600.6055, fault address 0x000673be.
Processing media-specific event for [explorer.exe!ws!]

Error: (05/22/2014 03:49:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422.

Error: (05/22/2014 03:49:00 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application dllhost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x00002920.
Error in creating result PEAP-TLV in response to received PEAP-TLV (dllhost.exe!ld!)

Error: (05/22/2014 02:59:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application dllhost.exe, version 5.1.2600.5512, faulting module unknown, version 0.0.0.0, fault address 0x00002920.
Processing media-specific event for [dllhost.exe!ws!]

Error: (05/22/2014 02:46:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422.

Error: (05/21/2014 01:10:39 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CoCreateInstance.  hr = 0x80070422.

System errors:
=============
Error: (05/22/2014 06:07:55 PM) (Source: DCOM) (EventID: 10005) (User: DONNY-8E17D58B6)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (05/22/2014 06:07:39 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (05/22/2014 06:07:39 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (05/22/2014 06:07:37 PM) (Source: DCOM) (EventID: 10005) (User: DONNY-8E17D58B6)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (05/22/2014 06:07:34 PM) (Source: DCOM) (EventID: 10005) (User: DONNY-8E17D58B6)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (05/22/2014 06:07:34 PM) (Source: DCOM) (EventID: 10005) (User: DONNY-8E17D58B6)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (05/22/2014 06:07:34 PM) (Source: DCOM) (EventID: 10005) (User: DONNY-8E17D58B6)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (05/22/2014 06:05:39 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (05/22/2014 06:05:39 PM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "%%1058" attempting to start the service winmgmt with arguments ""
in order to run the server:
{8BC3F05E-D86B-11D0-A075-00C04FB68820}

Error: (05/22/2014 06:05:04 PM) (Source: 0) (EventID: 9) (User: )
Description: \Device\Ide\IdePort0

Microsoft Office Sessions:
=========================
Error: (05/22/2014 05:15:00 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422

Error: (05/22/2014 04:09:37 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422

Error: (05/22/2014 03:54:44 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: 38056276

Error: (05/22/2014 03:54:30 PM) (Source: Application Error) (EventID: 1001) (User: )
Description: -1991825768

Error: (05/22/2014 03:53:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.0.2900.5512ntdll.dll5.1.2600.6055000673be

Error: (05/22/2014 03:49:27 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422

Error: (05/22/2014 03:49:00 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: dllhost.exe5.1.2600.5512unknown0.0.0.000002920

Error: (05/22/2014 02:59:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: dllhost.exe5.1.2600.5512unknown0.0.0.000002920

Error: (05/22/2014 02:46:09 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422

Error: (05/21/2014 01:10:39 PM) (Source: VSS) (EventID: 8193) (User: )
Description: CoCreateInstance0x80070422

==================== Memory info ===========================

Percentage of memory in use: 30%
Total physical RAM: 3069.74 MB
Available physical RAM: 2144.04 MB
Total Pagefile: 4432.91 MB
Available Pagefile: 3413.32 MB
Total Virtual: 2047.88 MB
Available Virtual: 1955.4 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:54.27 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 47314730)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:21-05-2014
Ran by Donny at 2014-05-23 00:37:12 Run:3
Running from C:\Documents and Settings\Donny\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKU\S-1-5-21-3287850538-662522702-2252149430-1000\...\MountPoints2: {9089bd59-fd7b-11e1-a068-f04da2fbeef7} - H:\setup.exe -a
HKU\S-1-5-21-3287850538-662522702-2252149430-1000\...\MountPoints2: {e8ddc4a6-8e70-11e3-9d38-f04da2fbeef7} - "G:\WD SmartWare.exe" autoplay=true
HKU\S-1-5-21-3287850538-662522702-2252149430-1000\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume3\Users\Haarstick Repair\AppData\Local\Temp\swqqwmy\sxxntfr\wow.dll ATTENTION! ====> ZeroAccess?
FF DefaultSearchEngine: Conduit Search
FF SelectedSearchEngine: Conduit Search
C:\Users\Haarstick Repair\AppData\Local\Temp\scmrbix\shtrtrq\wow.dll
C:\Users\Haarstick Repair\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe
C:\Users\Haarstick Repair\AppData\Local\Temp\InstallFlashPlayer.exe
End
*****************

HKLM\Software\Classes\CLSID\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InprocServer32\\Default => Value was restored successfully.
HKU\S-1-5-21-3287850538-662522702-2252149430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{9089bd59-fd7b-11e1-a068-f04da2fbeef7} => Key not found.
HKCR\CLSID\{9089bd59-fd7b-11e1-a068-f04da2fbeef7} => Key not found.
HKU\S-1-5-21-3287850538-662522702-2252149430-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{e8ddc4a6-8e70-11e3-9d38-f04da2fbeef7} => Key not found.
HKCR\CLSID\{e8ddc4a6-8e70-11e3-9d38-f04da2fbeef7} => Key not found.
HKU\S-1-5-21-3287850538-662522702-2252149430-1000\Software\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} => Key not found.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
"C:\Users\Haarstick Repair\AppData\Local\Temp\scmrbix\shtrtrq\wow.dll" => File/Directory not found.
"C:\Users\Haarstick Repair\install_flashplayer12x32axau_gtbd_chrd_dn_aaa_aih.exe" => File/Directory not found.
"C:\Users\Haarstick Repair\AppData\Local\Temp\InstallFlashPlayer.exe" => File/Directory not found.

==== End of Fixlog ====

 

To date following a similar thread here I've had no results in solving this. Thanks for any help.

 

I've scanned it with Malwarebytes a couple of weeks back and had it remove what it found and since that time, it now finds nothing.  However, the entire time it's scanning I have to keep shutting down the multiple dllhost.exe's along with the tons of iexplore.exe's that keep cropping up faster than I can shut them down. A real pain in the neck.

 

thanks,

Brownie

[B-boy/StyLe/]

Hello,

 

Hello! Welcome to Malwarebytes Forums!
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

• I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
• The logs can take some time to research, so please be patient with me.
• Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
• Instructions that I give are for your system only!
• Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
• Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
• Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

I've scanned it with Malwarebytes a couple of weeks back and had it remove what it found and since that time, it now finds nothing.  However, the entire time it's scanning I have to keep shutting down the multiple dllhost.exe's along with the tons of iexplore.exe's that keep cropping up faster than I can shut them down. A real pain in the neck.

 

You are are going down on the danger road by doing things on your own. Doing so can severely cripple or render your computer. Please refrain from doing so.
Keep calm, removing malware isn't a quick process.

 

 

 

Please download the following file => fixlist.txt and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Also let me know how are things now.

 

 

 

Regards,

Georgi

[Brownie]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:21-05-2014
Ran by Donny at 2014-05-23 10:26:46 Run:4
Running from C:\Documents and Settings\Donny\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
start
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
File: C:\WINDOWS\System32\DRIVERS\atapi.sys
C:\Documents and Settings\All Users\Application Data\kolwlrk.dll
C:\Documents and Settings\NetworkService\Local Settings\Application Data\BitTorrentBar
Folder: C:\Documents and Settings\All Users\Application Data\d6862443a053af2
C:\Documents and Settings\All Users\Application Data\d6862443a053af2
C:\WINDOWS\system32\knjx.pzm
C:\WINDOWS\Tasks\At3.job
C:\WINDOWS\Tasks\At2.job
C:\WINDOWS\Tasks\At1.job
Task: C:\WINDOWS\Tasks\At1.job => C:\DOCUME~1\Donny\APPLIC~1\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At2.job => C:\DOCUME~1\NETWOR~1\APPLIC~1\DealPly\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\WINDOWS\Tasks\At3.job => C:\DOCUME~1\Donny\APPLIC~1\MYSEAR~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Folder: C:\Stinger_Quarantine
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
Reg: reg query "hklm\SYSTEM\CurrentControlSet\services\Winmgmt" /s
Reg: reg query "hklm\SYSTEM\CurrentControlSet\services\atapi" /s
C:\Documents and Settings\Donny\Local Settings\Temp
end
*****************

HKLM\SOFTWARE\Policies\Google => Key deleted successfully.

========================= File: C:\WINDOWS\System32\DRIVERS\atapi.sys ========================

MD5: 29ccbe8684d7dcbc533c3796798f0c87
Creation and modification date: 2004-08-10 07:00 - 2008-04-13 14:40
Size: 0096512
Attributes: ----A
Company Name:
Internal Name:
Original Name:
Product Name:
Description:
File Version:
Product Version:
Copyright:

====== End Of File: ======

C:\Documents and Settings\All Users\Application Data\kolwlrk.dll => Moved successfully.
C:\Documents and Settings\NetworkService\Local Settings\Application Data\BitTorrentBar => Moved successfully.

========================= Folder: C:\Documents and Settings\All Users\Application Data\d6862443a053af2 ========================

2014-05-19 17:45 - 2014-05-19 17:45 - 0000565 _____ () C:\Documents and Settings\All Users\Application Data\d6862443a053af2\242c2fd4536773facaef197253bc0406.ini
2014-05-19 17:45 - 2014-05-19 17:45 - 0000396 _____ () C:\Documents and Settings\All Users\Application Data\d6862443a053af2\3ed03cfb56800283caef197253bc0406.ini

====== End of Folder: ======

C:\Documents and Settings\All Users\Application Data\d6862443a053af2 => Moved successfully.
C:\WINDOWS\system32\knjx.pzm => Moved successfully.
C:\WINDOWS\Tasks\At3.job => Moved successfully.
C:\WINDOWS\Tasks\At2.job => Moved successfully.
C:\WINDOWS\Tasks\At1.job => Moved successfully.
C:\WINDOWS\Tasks\At1.job not found.
C:\WINDOWS\Tasks\At2.job not found.
C:\WINDOWS\Tasks\At3.job not found.

========================= Folder: C:\Stinger_Quarantine ========================

2013-07-14 09:03 - 2014-05-15 19:51 - 0012288 ____N () C:\Stinger_Quarantine\Quarantine.db
2014-05-15 15:59 - 2014-05-15 19:51 - 0000000 ____D () C:\Stinger_Quarantine\quarantine

====== End of Folder: ======

C:\Documents and Settings\All Users\Application Data\TEMP => ":373E1720" ADS removed successfully.

========= reg query "hklm\SYSTEM\CurrentControlSet\services\Winmgmt" /s =========

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt
    Type REG_DWORD 0x20
    Start REG_DWORD 0x4
    ErrorControl REG_DWORD 0x0
    ImagePath REG_EXPAND_SZ %systemroot%\system32\svchost.exe -k netsvcs
    DisplayName REG_SZ Windows Management Instrumentation
    DependOnService REG_MULTI_SZ RPCSS\0\0
    DependOnGroup REG_MULTI_SZ \0
    ObjectName REG_SZ LocalSystem
    FailureActions REG_BINARY 8051010000000000000000000200000041004D000100000060EA00000100000060EA0000
    Description REG_SZ Provides a common interface and object model to access management information about operating system, devices, applications and services. If this service is stopped, most Windows-based software will not function properly. If this service is disabled, any services that explicitly depend on it will fail to start.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters
    ServiceDll REG_EXPAND_SZ %SystemRoot%\system32\wbem\WMIsvc.dll
    ServiceMain REG_SZ ServiceMain

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Security
    Security REG_BINARY 01001480900000009C000000140000003000000002001C000100000002801400FF010F00010100000000000100000000020060000400000000001400FD01020001010000000000051200000000001800FF010F0001020000000000052000000020020000000014008D01020001010000000000050B00000000001800FD01020001020000000000052000000023020000010100000000000512000000010100000000000512000000

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Enum
    0 REG_SZ Root\LEGACY_WINMGMT\0000
    Count REG_DWORD 0x1
    NextInstance REG_DWORD 0x1

========= End of Reg: =========

========= reg query "hklm\SYSTEM\CurrentControlSet\services\atapi" /s =========

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\atapi
    ErrorControl REG_DWORD 0x1
    Group REG_SZ SCSI miniport
    Start REG_DWORD 0x0
    Tag REG_DWORD 0x19
    Type REG_DWORD 0x1
    DisplayName REG_SZ Standard IDE/ESDI Hard Disk Controller
    ImagePath REG_EXPAND_SZ system32\DRIVERS\atapi.sys

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\atapi\Parameters
    LegacyDetection REG_DWORD 0x1
    GhostSlave REG_MULTI_SZ SunDisk \0\0
    UseCheckPowerForFlush REG_MULTI_SZ SAMSUNG WNR-31601A (1600MB)             \0SAMSUNG WNR-31601A (1.6GB)              \0IBM-DTCA-24090                          TC6OAA2A\0IBM-DTCA-24090                          TC6IAA2A\0IBM-DPLA-25120                          PL8OAA2A\0IBM-DPLA-25120                          PL8IAA2A\0IBM-DPLA-25120                          PL8IAA4A\0IBM-DTCA-23240                          TC5OAA2A\0IBM-DTCA-23240                          TC5IAA2A\0IBM-DPLA-24480                          PL7OAA2A\0IBM-DPLA-24480                          PL7IAA2A\0\0
    NoFlushDevice REG_MULTI_SZ QUANTUM_LPS525A                         \0SCR-730                                 \0\0
    PioOnlyDevice REG_MULTI_SZ     Conner Peripherals 425MB - CFS425A  \0MATSHITA CR-581                         \0FX600S                                  \0CD-44E                                  \0QUANTUM TRB850A                         \0QUANTUM MARVERICK 540A                  \0 MAXTOR MXT-540  AT                     \0Maxtor 71260 AT                         \0Maxtor 7850 AV                          \0Maxtor 7540 AV                          \0Maxtor 7213 AT                          \0Maxtor 7345                             \0Maxtor 7245 AT                          \0Maxtor 7245                             \0Maxtor 7211AU                           \0Maxtor 7171 AT                          \0CD-316E                                 \0SAMSUNG_SCR-2430\0CR-2801TE\0\0
    NonRemovableMedia REG_MULTI_SZ Kingston Technology DataPak 340         \0SunDisk SDP5A-10                        \0SunDisk SDCFB-10                        \0SunDisk SDP3B-20                        \0SunDisk SDP3B-175                       \0SunDisk SDP5-2.5                        \0Calluna Technology CT260MC              \0BN-S004AC-S 1.00\0Calluna Technology CT520RM\0Hitachi CV 5.1.1\0      ATA_FLASH \0Mitsubishi ATA Card \0LEXAR ATA_FLASH\0Micron MTCF004A\0Micron MTCF008A\0SunDisk SDP3B-110\0SunDisk SDCFB-4\0BN-CAB-T\0MEMORYSTICK\0MEMORYSTICK   8M  8K\0\0
    NoPowerDownDevice REG_MULTI_SZ RD-DRC001-M                             \0CS-R37 0                                \0\0
    AutoEjectZipDevice REG_MULTI_SZ IOMEGA  ZIP 100       ATAPI             23.D    \0IOMEGA  ZIP 100       ATAPI             21.D    \0IOMEGA  ZIP 100       ATAPI             20.D    \0IOMEGA  ZIP 100       ATAPI             91.D    \0IOMEGA  ZIP 100                         B.29    \0IOMEGA  ZIP 100                         B.22    \0\0
    NeedIdentDevice REG_MULTI_SZ QUANTUM FIREBALL\0\0
    DefaultPioAtapiDevice REG_MULTI_SZ TORiSAN DVD-ROM DRD-N216\0IDE-CD R/RW 2x2x24\0\0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\atapi\Enum
    0 REG_SZ PCIIDE\IDEChannel\4&3b592699&0&0
    Count REG_DWORD 0x4
    NextInstance REG_DWORD 0x4
    1 REG_SZ PCIIDE\IDEChannel\4&3b592699&0&1
    2 REG_SZ PCIIDE\IDEChannel\4&8170305&0&0
    3 REG_SZ PCIIDE\IDEChannel\4&8170305&0&1

========= End of Reg: =========

C:\Documents and Settings\Donny\Local Settings\Temp => Moved successfully.

==== End of Fixlog ====

[Brownie]

_{At the moment there are 10 iexplore.exe's running in Task Manager 11 svchost's running. However at this moment there is only one dllhost.exe running.  CPU usage is down to an average of 75 t0 80 % for the moment. The only program I have open is IE, and this page.}

[B-boy/StyLe/]

Hello,

 

 

 

STEP 1

 

 

• Please download RogueKiller.exe and save to the desktop.
• Close all windows and browsers
• Right-click the program and select 'Run as Administrator'
• Press the scan button.
• A report opens on the desktop named - RKreport.txt
• Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 2
 

 

Please download the latest version of TDSSKiller from here and save it to your Desktop.

• Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
   
• Put a checkmark beside loaded modules.
  
• A reboot will be needed to apply the changes. Do it.
• TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
• Then click on Change parameters in TDSSKiller.
• Check all boxes then click OK.
   
• Click the Start Scan button.
   
• The scan should take no longer than 2 minutes.
• If a suspicious object is detected, the default action will be Skip, click on Continue.
  
• If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
  
  Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
• A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3

 

 

Please download Malwarebytes Anti-Malware to your desktop.
 

• Double-click mbam-setup-2.0.2.1012.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
• Click Finish.
• On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits'.
• Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.
• A Threat Scan will begin.
• With some infections, you may see this message box.
  • 'Could not load DDA driver'
• Click 'Yes' to this message, to allow the driver to load after a restart.
• Allow the computer to restart. Continue with the rest of these instructions.
• When the scan is complete, click Apply Actions.
• Wait for the prompt to restart the computer to appear, then click on Yes.
• After the restart once you are back at your desktop, open MBAM once more.
• Click on the History tab > Application Logs.
• Double click on the scan log which shows the Date and time of the scan just performed.
• Click 'Copy to Clipboard'
• Paste the contents of the clipboard into your reply.

 

 

Regards,

Georgi

[Brownie]

Hey Georgi,  I didn't want you thinking I've been doing nothing.  I've not yet been able to get past the 1st step of running "RogueKiller.exe"  During the prescan, (before it even gets to where you check the box to accept the agreement) etc, it found a:  Generic Host file running and stopped it. Then the agreement comes up to check the box to accept it. Then after I click on the Scan button, it quickly finds 4 files... The four files are:

 

PUM   HJPOL

PUM   HJPOL

Pum    HJ

PUM   HJDESK

 

Then shortly after that, a box pops up saying:

 

Anti Malware Tool

 

Anti Malware Tool has encountered a problem and needs to close.  We are sorry for the inconvenience.

 

From that point on, the system locks up.

 

I noticed on the Desktop it had made (after it found the Generic Host file) a folder called Quarantine, but the folder is empty. After getting the computer to restart, I again tried running it and it made it a little farther, but then the same thing happens.  Also during this process, I've got to continually be stopping all of the:  dllhost.exe files along with iexplore.exe in order to free the memory.

 

I'll await your advice before going any farther.

 

Of Note:  I did stop the Live Real Time scanning of both, McAfee and MBAM before running: "RogueKiller"

 

I hope the above helps you in some way. That was the best I could do for now. Awaiting farther instructions from you.

 

Thanks,

Brownie

[B-boy/StyLe/]

Hello Brownie,

 

Please skip RogueKiller for now and continue with the rest of the steps. I noticed that atapi.sys is probably patched and may need to be replaced with a clean copy. TDSSKiller may bring some light on the issue.

 

 

Regards,

Georgi

[Brownie]

Hi Georgi,

 

Ok, I'll do steps: 2 TDSSKiller & then 3 Malwarebytes.      Thanks, I'll let you know how that goes.

 

Brownie

[Brownie]

Hi Georgi,

 

I followed your instructions right to the letter of the Step 2 process.  It got finished scanning and had a big list of things it found. Included are Root Kits, and a whole lot more. After that a box came up with Reboot now in order to perform the "Cure" which I did.  After the computer restarted:

 

A DOS Window opened, along with a Windows:

 

Open File - Security Warning

 

C:\Windows\System32\cmd.exe

Name: CB884EF2-0B90-4578-B623-C238FEE223ID.exe

Publisher: Kaspersky Lab

Type: Application

From: C:\DOCUME~1\Donny\Locals~1\Temp

                              Run (box)      Cancel (box)

 

This is right where I'm at. Nothing else has loaded yet as it's awaiting me to click on "Run" or "Cancel"  and since I don't feel as if I should click on that RUN, I left the computer running as it now is...

 

I'll wait for a reply back before going any farther.   I'll leave the computer running where it's at awaiting a response from me.

 

Thanks,

 

Brownie

[B-boy/StyLe/]

Hello,

 

That's very odd...you probably have brand new variant on board. Please click on the run button and let me know about the results. Do you have UAC activated at the moment?

 

 

Regards,

Georgi

[Brownie]

Hi Georgi,

 

Yes! You are right. It definitely needed me to click on the run, so it could finish up the job it was performing. I checked the digital signature on the certificate to be sure it was legit before I clicked on the "Run" and the certificate was good until April, 2015. It ran flawlessly. Here is what you wanted me to post after doing "Step 3" wiith MBAM:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/25/2014
Scan Time: 3:53:42 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.25.01
Rootkit Database: v2014.05.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Donny

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 296158
Time Elapsed: 4 hr, 20 min, 16 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, No Action By User, [8e81aca8e794b383ad412465b949b848],
PUP.Optional.DealPly.A, HKU\S-1-5-21-1644491937-1220945662-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, No Action By User, [fc13f85cde9d280ea946672228da857b],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

PS: The computer seems to be running great now. No more of those numerous IE's nor dllhost.exe's running and the: CPU Usage is well down (now) to where it belongs.

 

I still have to post the results of the scan to the Site Link you gave me. However I have a question first. There are Three Log files of the scan in the C:\folder titled: TDSSKilller with Version-Date-Time.  Do you want me to post each of them on: Pastebin.com? 

 

And yes, the instructions for the TDSSKiller were very similar to what you had showing with only a few differences. I think they might have made it a bit more user friendly as to the actions, etc, since one of the things different was, it automatically went to the CURE procedure. As well as, possibly doing the System32 DOS Scan and Cleanup?  Regardless, it really seemed to do it's job.. 

 

PS: Is UAC activated at the moment?  No it's not.  Sorry!

 

 

I realize there's a bit more to do, so I'll await your reply before going any farther.

 

 

Thanks

 

Brownie

[B-boy/StyLe/]

Hello Brownie,

 

 

Lol MBAM took 4 hr to complete??? Did you delete the entries because the log shows that currently no actions are performed:

 

PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, No Action By User, [8e81aca8e794b383ad412465b949b848],
PUP.Optional.DealPly.A, HKU\S-1-5-21-1644491937-1220945662-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, No Action By User, [fc13f85cde9d280ea946672228da857b], Registry Values: 0

 

As for the TDSSKiller please upload only the one with the biggest size at pastebin and post the link to the log in your next reply.

 

 

Regards,

Georgi

[Brownie]

Hello Georgi,

 

Yes!  MBAM got up to around 46,000 and for some reason or other, it seemed as if it was never going to get any farther. I checked, and there was nothing else running, and no signs whatsoever of the other two IE's nor dllhost.exe's running. So I patiently waited and watched to make sure the other two things were NO longer running or coming back. I finally fell asleep and when I woke up, it was only up to 70,000 and then it took off and started scanning as it should have been previously. What really took the most time, was when it was scanning each of the Net Framework files and the updates to Net Framework. That was a fresh update for the premium addition, but!  I did installed it while the computer still had those huge problems. So possibly something isn't as it should be with the scanning engine?  However, it's a whole lot better than some of the other scans that took it as long as 14 hrs., to complete...... lol

 

Actually, I did tell it to NOT delete those two files, but to Quarantine those two entries which it said it had done. I'll check to see if there is another Log I may have missed showing that action performed. I was a bit sleepy at the time.. lol

 

I'll say this, it's Really good to have come this far along. I couldn't believe I didn't have to keep shutting down those two running entries in Task Manager any longer.... Wow!  Absolutely Awesome!  Guess you can tell I'm starting to get excited now. So bear with me, I'm 72 years old and don't always get things done too fast anymore... lol

 

Wow!  When you said to send them the largest of those three Log Files, I can tell you it's going to be a real large file for only being a .txt file.

 

I'll get that log file on their site, and post the link to it for you.  I'll also see where that quarantine file is and get it on here for you as well.

 

Thanks for putting up with me... lol

 

Your friend,

Brownie

 

 

 

Your Great Georgi.

[B-boy/StyLe/]

Hi Brownie,

 

Let me know about the link to the TDSSKiller log when possible. Thanks!

 

 

Regards,

Georgi

[Brownie]

Hi Georgi,

 

Sorry for the delay but here is the scan result for the MBAM.  I re-scanned it and this time, I definitely quarantined those two items that (evidently) I only thought I'd quarantined in the previous scan. Knowing if I had, they sure wouldn't be picked up again on this scan. So since they were picked up, I made sure this time that they were quarantined. So now we're back on track. Here is the result:

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/26/2014
Scan Time: 3:37:13 AM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.05.26.01
Rootkit Database: v2014.05.21.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Donny

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 296291
Time Elapsed: 4 hr, 51 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.DealPly.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, Quarantined, [3dd2a9ab730816201ab6f991679bbc44],
PUP.Optional.DealPly.A, HKU\S-1-5-21-1644491937-1220945662-725345543-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\gaiilaahiahdejapggenmdmafpmbipje, Quarantined, [907f73e1f58660d6cd04f79340c254ac],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

How's that?  I hope this came out right for you this time around.

 

Now to get totally back on track I need to know how to handle that Pastebin.com deal.  I went to their site and attempted to past the text in and as soon as it was pasted in, a new window came up saying, "Sorry your pasted in files were canceled due to exceeding the 500 KB size limit.

 

Here is the scoop on that file. It's size is:  1,449 KB  (as I'd said, quite large for a text file).

 

Is there a size limit on here?  As I know after you see that, it will put us back on track again.  Or, is it ok for me to break it down into 3 or 4 smaller files and past them (In order) on the: pastebin.com site?

 

Thanks again,

 

Brownie

 

[Brownie]

Hey Georgi,

 

Problem solved in how to get that text listed on Pastebin.  I opened up a Pro user acct.  "I'm no longer limited to the 500 KB".  I'll now  (once again) attempt to get that file pasted on Pastebin.  Wish me luck.

 

Brownie

 

 

[Brownie]

Hi Georgi,

 

Here is what you asked for:  http://pastebin.com/DCr6pr71

 

I sure hope it works ok for you.  Let me know if you get it ok.  If you do, now we're back up to date on things. lol

 

Best Regards,

 

Brownie

[B-boy/StyLe/]

Hi Brownie,

 

Thank you for following my instructions perfectly. You are doing well!

 

I need to see all of the logs created by TDSSKiller because I didn't notice anything malicious in the log above but now atapi.sys is with a different MD5 and I guess that TDSSKiller replaced the file with a clean copy.

 

Before TDSSKiller (from the fixlog.txt):

 

========================= File: C:\WINDOWS\System32\DRIVERS\atapi.sys ========================

MD5: 29ccbe8684d7dcbc533c3796798f0c87

 

 

After TDSSkiller (from the TDSSKiller log)

 

02:49:27.0796 0x0dcc  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys

 

Can you please upload all of the logs at pastebin and paste the links to the logs in your next reply.

 

In the meantime can you run RogueKiller one more time to see if it starts fine now?

 

Thanks!

 

 

Regards,

Georgi

[Brownie]

Hi Georgi,

 

Yes, I sure can. I'll get those other (2) files to:  "pastebin"  now, and then attempt another try at running: "Roguekiller"

 

Thanks again, I'll let you know how it goes..

 

Brownie

[Brownie]

Hi Georgi,

 

Here is one of the other (2) TDSS Log Files..  http://pastebin.com/qddYN5fk  The file that's marked as Last is: a file that is:  499 KB and that is the one that shows what it found and what it's actions were.

 

I tried holding this aside so I could post the Links to both of them in this one, but something didn't go as planned. lol   I'll get the other one now.

 

Thanks,

 

Brownie

[Brownie]

Hi Again Georgi,

 

This one should be the one you're really interested in seeing:  http://pastebin.com/psR4Hwf8

 

Let me know if I messed up and you wasn't able to get all (3) of them.

 

Again, Thanks

 

Brownie

[Brownie]

Ok Georgi,

 

I'm now going to give the:  "Roguekiller" another try to see how things go.  I'll be sure to get back to you on what took place, etc.  Hopefully it all goes well this time around. lol

 

Thanks,

 

Brownie

[Brownie]

Hi Georgi,

 

Well I tried and once again it got darn close to the end, but then the very same thing happened. But! This time I took a bit more notice of what was going on.  It was all the way across to where it was Scanning the Master Boot Record (MBR) when the same notice as I posted in the last try.  The Microsoft send error report come up. Then immediately after that, a "Dr Watson" error report comes up. That one then locks up that window totally. To get it off I have to drop down on the taskbar and right click then select Close. Then it goes off the screen and the computer is no longer locked up.

 

Now this time around I did get two reports in a:  "RK_Quarantine folder"  they consist of:  "drwtsn32" (Dr Watson)  and a: "debug file".  The "debug text" doc is 1,068 KB is size, and the:  "drwtsn32 text doc" is 16 KB in size.

 

Those two are the only things in the folder, since it didn't have a chance to finish the scan to complete a log file of the scan itself.

 

My question is: Would you still want me to post these two items on the: "pastebin" site?  I gave up years back on Microsoft knowing much of anything when it comes down to those error numbers. I was told that unless they get enough of the same reports to make it worth their while, they simply pass those reports to a trash bin... lol

 

Sorry I tried it twice and got the same results both times now.

 

I'll await a reply back before posting them into pastebin.

 

Sorry for the bad news though..

 

Thanks,

Brownie  

[B-boy/StyLe/]

Hi Brownie,

 

Thank you for the detailed explanations. I reported the issue to the RogueKiller developer.

Also I was able to see the logs from TDSSKiller...lol TDSSKiller cured two MBR rootkits

 

Rootkit.Boot.SST.a

Rootkit.Boot.Cidox.b

 

 

• Can you double-click on TDSSKiller.exe to run the application, then click on Change parameters.
• Put a checkmark beside Detect TDLFS file system .
• Click the Start Scan button.
• The scan should take no longer than 2 minutes.
• From the drop-down menu choose delete ONLY for TDSS File System (if present):
  
• Post the log at pastebin and post the link to the log in your next reply.

 

Regards,

Georgi

[Brownie]

_{Hello Georgi,}

 

_{I did as you asked.  Everything checked OK, right on down the list.  It must not have found any TDSS file system.  I read down the alphabetical list and there wasn't any mentioned.  I posted the scan log on pastebin as you asked.   Here is the link to this Log:}

_{http://pastebin.com/bk9utzc0}

 

_{After you get through with this one, I'll tell you a couple of things I found out this morning that may or may not help is some small way. But I want you to know the exact things that I checked and my finding/s.  That way, there's no secrets..  lol}

 

_{Thanks Georgi, I know this has to be getting rough on you too.}

 

_{Your friend,}

_Brownie