Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

system and freezing issue.


  • This topic is locked This topic is locked
26 replies to this topic

#1 snoopy24

snoopy24

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 16 May 2014 - 04:48 AM

Hello

   

A few months ago I ran malewarebytes and removed what it asked me too from my system and ever since my computer has not run properly, ive tried to fix it with small succes and am needing help. Which brings me too problem number two, in the last few days my computer seems to be freezing and i cant figure out why.

 

I ran a FRST scan which is posted below.

 

Some help in the form of a fixlist would be greatly appreciated, thanks for your time.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by G (administrator) on GEOFF on 16-05-2014 02:37:25
Running from C:\Documents and Settings\G\My Documents\Downloads
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
(Cyberlink Corp.) C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
(PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NVMixerTray] => C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [131072 2004-10-07] (NVIDIA Corporation)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [32768 2003-12-08] (Cyberlink Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [307200 2011-06-14] (PowerISO Computing, Inc.)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2013-04-24] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1960408961-602609370-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1960408961-602609370-839522115-1004\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [86960 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1960408961-602609370-839522115-1004\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1960408961-602609370-839522115-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3481408 2012-02-13] (DT Soft Ltd)
HKU\S-1-5-21-1960408961-602609370-839522115-1004\...\Run: [uTorrent] => C:\Documents and Settings\G\Application Data\uTorrent\uTorrent.exe [1268560 2014-05-09] (BitTorrent Inc.)
HKU\S-1-5-21-1960408961-602609370-839522115-1004\...\MountPoints2: {a199aef9-c336-11e0-8796-00016cb7e8c7} - G:\Setup.exe
Startup: C:\Documents and Settings\G\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9946F9D6-6229-4055-B34B-F9AC1A6A5893&q={searchTerms}&SSPV=
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\G\Application Data\Mozilla\Firefox\Profiles\1cw8fh31.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.0.198 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Documents and Settings\G\Application Data\Mozilla\Firefox\Profiles\1cw8fh31.default\searchplugins\conduit-search.xml
FF Extension: TVU Web Player - C:\Documents and Settings\G\Application Data\Mozilla\Firefox\Profiles\1cw8fh31.default\Extensions\firefox@tvunetworks.com [2011-08-24]
FF Extension: QuickStores-Toolbar - C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2014-05-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
CHR HomePage: http:\/\/www.google.com
CHR RestoreOnStartup: ""
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (YouTube) - C:\Documents and Settings\G\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-10]
CHR Extension: (Google Search) - C:\Documents and Settings\G\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-10]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\G\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-01-10]
CHR Extension: (Gmail) - C:\Documents and Settings\G\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-10]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]

========================== Services (Whitelisted) =================

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S3 Roxio UPnP Renderer 11; "C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" [X]
S2 RoxLiveShare10; "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]
S2 SessionLauncher; C:\DOCUME~1\G\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

R3 A3AB; C:\WINDOWS\System32\DRIVERS\A3AB.sys [547744 2007-05-23] (D-Link Corporation)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2012-02-24] (DT Soft Ltd)
R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl14dd76b6; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EF85EC1-CAEB-458B-B901-B69E79ECB9F3}\MpKsl14dd76b6.sys [39464 2014-05-16] (Microsoft Corporation)
R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [82816 2004-09-02] (NVIDIA Corporation)
R3 nvax; C:\WINDOWS\System32\drivers\nvax.sys [53376 2005-07-26] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
R3 nvnforce; C:\WINDOWS\System32\drivers\nvapu.sys [415360 2005-07-26] (NVIDIA Corporation)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-12-05] (Padus, Inc.)
R1 RapportCerberus_68261; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_68261.sys [358008 2014-05-15] ()
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [473656 2012-02-21] (Duplex Secure Ltd.)
U3 a0br1tyu; C:\WINDOWS\system32\Drivers\a0br1tyu.sys [0 ] (NVIDIA Corporation)
S3 FXDRV; \??\E:\Fxdrv.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
S3 WDC_SAM; system32\DRIVERS\wdcsam.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-16 02:37 - 2014-05-16 02:37 - 00000000 ____D () C:\FRST
2014-05-15 13:00 - 2014-05-16 02:27 - 00000270 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1960408961-602609370-839522115-1004.job
2014-05-09 13:36 - 2014-05-09 13:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 12:17 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-05-09 12:17 - 2014-04-14 19:47 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-05-09 12:16 - 2014-05-09 12:16 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
2014-05-09 12:16 - 2014-05-09 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-05-09 12:16 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-05-09 12:16 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-05-09 12:16 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-05-06 20:53 - 2006-09-25 17:58 - 00014640 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2014-05-06 20:52 - 2008-04-13 17:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2014-05-03 22:55 - 2014-05-03 22:55 - 00123512 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-05-03 03:00 - 2014-05-03 03:00 - 00005486 _____ () C:\WINDOWS\KB2964358-IE8.log

==================== One Month Modified Files and Folders =======

2014-05-16 02:38 - 2011-08-10 01:15 - 02072803 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-16 02:37 - 2014-05-16 02:37 - 00000000 ____D () C:\FRST
2014-05-16 02:36 - 2014-04-03 03:11 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-05-16 02:31 - 2011-08-13 11:56 - 00000000 ____D () C:\Documents and Settings\G\Application Data\uTorrent
2014-05-16 02:28 - 2011-08-15 17:55 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-05-16 02:27 - 2014-05-15 13:00 - 00000270 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1960408961-602609370-839522115-1004.job
2014-05-16 02:27 - 2013-04-24 21:55 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1960408961-602609370-839522115-1004.job
2014-05-16 02:27 - 2011-10-12 15:04 - 00000270 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-602609370-839522115-1004.job
2014-05-16 02:27 - 2011-08-10 02:58 - 00000872 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-16 02:27 - 2011-08-09 18:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-16 02:26 - 2014-03-12 20:29 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-16 02:26 - 2011-08-10 01:19 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-16 02:26 - 2011-08-09 18:07 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-05-16 02:24 - 2011-08-10 02:58 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-16 01:26 - 2012-04-10 11:10 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-15 19:12 - 2011-08-10 01:19 - 00032464 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-15 18:31 - 2011-08-10 02:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956802$
2014-05-15 18:31 - 2011-08-10 01:20 - 00000178 ___SH () C:\Documents and Settings\G\ntuser.ini
2014-05-15 18:31 - 2011-08-10 01:20 - 00000000 ____D () C:\Documents and Settings\G
2014-05-15 13:19 - 2011-08-11 00:33 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 13:18 - 2011-08-10 20:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-15 13:09 - 2013-08-28 03:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2014-05-15 12:52 - 2004-08-04 05:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-14 21:46 - 2011-08-25 14:52 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-602609370-839522115-1004.job
2014-05-14 11:29 - 2011-08-10 02:58 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-05-14 10:26 - 2012-04-10 11:10 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-14 10:26 - 2011-08-11 00:34 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-14 03:04 - 2013-08-15 03:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 03:00 - 2011-08-10 01:52 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-10 22:41 - 2012-03-02 22:36 - 00000000 ____D () C:\Program Files\Call of Duty
2014-05-09 20:45 - 2012-04-26 18:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-09 13:38 - 2014-05-09 13:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 13:23 - 2011-08-10 02:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977914$
2014-05-09 12:16 - 2014-05-09 12:16 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
2014-05-09 12:16 - 2014-05-09 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-05-09 12:16 - 2013-06-23 21:11 - 00000000 ____D () C:\Program Files\Java
2014-05-09 12:14 - 2014-03-12 20:29 - 00000208 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-06 22:04 - 2011-08-13 12:33 - 00114688 _____ () C:\Documents and Settings\G\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-06 21:47 - 2011-08-10 01:12 - 00124390 _____ () C:\WINDOWS\wmsetup.log
2014-05-06 21:44 - 2011-08-10 01:50 - 00126873 _____ () C:\WINDOWS\spupdsvc.log
2014-05-06 20:53 - 2012-01-11 04:00 - 00482827 _____ () C:\WINDOWS\setupapi.log
2014-05-06 20:53 - 2011-08-10 02:41 - 00032748 _____ () C:\WINDOWS\wmp11.log
2014-05-06 20:53 - 2011-08-10 02:41 - 00006207 _____ () C:\WINDOWS\MSCompPackV1.log
2014-05-06 20:53 - 2011-08-10 01:20 - 00000788 _____ () C:\Documents and Settings\G\Start Menu\Programs\Windows Media Player.lnk
2014-05-06 20:53 - 2011-08-10 01:15 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
2014-05-06 20:52 - 2011-08-10 02:41 - 00000000 ____D () C:\Program Files\Windows Media Connect 2
2014-05-06 20:52 - 2011-08-10 01:16 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-05-06 20:52 - 2011-08-10 01:16 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-05-06 20:51 - 2011-08-10 02:40 - 00055279 _____ () C:\WINDOWS\WMFDist11.log
2014-05-06 20:50 - 2011-08-10 01:50 - 00249379 _____ () C:\WINDOWS\updspapi.log
2014-05-06 20:49 - 2011-08-10 02:40 - 00011953 _____ () C:\WINDOWS\Wudf01000Inst.log
2014-05-06 16:31 - 2011-08-09 18:05 - 00522376 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-03 22:55 - 2014-05-03 22:55 - 00123512 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-05-03 03:00 - 2014-05-03 03:00 - 00005486 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-05-03 03:00 - 2011-08-09 18:05 - 02071072 _____ () C:\WINDOWS\FaxSetup.log
2014-05-03 03:00 - 2011-08-09 18:05 - 00998795 _____ () C:\WINDOWS\ocgen.log
2014-05-03 03:00 - 2011-08-09 18:05 - 00794498 _____ () C:\WINDOWS\tsoc.log
2014-05-03 03:00 - 2011-08-09 18:05 - 00581577 _____ () C:\WINDOWS\comsetup.log
2014-05-03 03:00 - 2011-08-09 18:05 - 00350942 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-03 03:00 - 2011-08-09 18:05 - 00326895 _____ () C:\WINDOWS\iis6.log
2014-05-03 03:00 - 2011-08-09 18:05 - 00103782 _____ () C:\WINDOWS\msgsocm.log
2014-05-03 03:00 - 2011-08-09 18:05 - 00095565 _____ () C:\WINDOWS\ocmsn.log
2014-05-03 03:00 - 2011-08-09 18:05 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-30 01:13 - 2004-08-04 05:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 01:13 - 2004-08-04 05:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-28 16:55 - 2011-08-11 00:31 - 00000000 ____D () C:\Documents and Settings\G\Local Settings\Application Data\Adobe

Some content of TEMP:
====================
C:\Documents and Settings\G\Local Settings\Temp\AutoRun.exe
C:\Documents and Settings\G\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\G\Local Settings\Temp\c95226da4a6df6dcb165ba3a3d73fccb.exe
C:\Documents and Settings\G\Local Settings\Temp\CmdLineExt02.dll
C:\Documents and Settings\G\Local Settings\Temp\drm_dialogs.dll
C:\Documents and Settings\G\Local Settings\Temp\drm_dyndata_7400009.dll
C:\Documents and Settings\G\Local Settings\Temp\firefoxjre_exe.exe
C:\Documents and Settings\G\Local Settings\Temp\FP_PL_PFS_INSTALLER-1.exe
C:\Documents and Settings\G\Local Settings\Temp\FP_PL_PFS_INSTALLER-2.exe
C:\Documents and Settings\G\Local Settings\Temp\FP_PL_PFS_INSTALLER.exe
C:\Documents and Settings\G\Local Settings\Temp\installerdll144086375.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll144091468.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll144107281.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll749796.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll764781.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll795859.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll810656.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll82157312.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll82162937.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll82178453.dll
C:\Documents and Settings\G\Local Settings\Temp\iPodVoiceOverSetup.exe
C:\Documents and Settings\G\Local Settings\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Documents and Settings\G\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\G\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\G\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\G\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\G\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\G\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\G\Local Settings\Temp\OriginLauncher144086375.exe
C:\Documents and Settings\G\Local Settings\Temp\OriginLauncher82157312.exe
C:\Documents and Settings\G\Local Settings\Temp\QuickStores_Unlocker.exe
C:\Documents and Settings\G\Local Settings\Temp\rootsupd.exe
C:\Documents and Settings\G\Local Settings\Temp\Setup.exe
C:\Documents and Settings\G\Local Settings\Temp\Shockwave_Installer_FF.exe
C:\Documents and Settings\G\Local Settings\Temp\SIntf16.dll
C:\Documents and Settings\G\Local Settings\Temp\SIntf32.dll
C:\Documents and Settings\G\Local Settings\Temp\SIntfNT.dll
C:\Documents and Settings\G\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\G\Local Settings\Temp\vcredist_x64.exe
C:\Documents and Settings\G\Local Settings\Temp\vcredist_x86.exe
C:\Documents and Settings\G\Local Settings\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-bade39d7.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Also it gave me an addition list, also posted below.

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-05-2014
Ran by G at 2014-05-16 02:39:48
Running from C:\Documents and Settings\G\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
100% Free Chess 7.42 (HKLM\...\FreeChess) (Version: 7.42 - DreamQuest)
888poker (HKLM\...\888poker) (Version:  - )
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.582-090203a-075908C-ATI - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty (HKLM\...\Call of Duty) (Version:  - )
Call of Duty® 2 (HKLM\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision)
Call of Duty® 2 (Version: 1.00.0000 - Activision) Hidden
Combined Community Codec Pack 2010-10-10 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2010.10.10.0 - CCCP Project)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd)
Diablo (HKCU\...\Diablo) (Version:  - )
Diablo (HKLM\...\Diablo) (Version:  - )
DirectXInstallService (Version: 9.0.0 - Roxio) Hidden
DVD Solution (HKLM\...\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}) (Version:  - )
EMC 10 Content (HKLM\...\{FDB46DE7-9045-47BB-970A-3E4ED5369E03}) (Version: 1.0.015 - Roxo, Inc.)
EMC 11 Content (HKLM\...\{21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}) (Version: 1.1.019 - Roxo, Inc.)
FIFA 10 (HKLM\...\{11202615-E557-4ECF-9B86-F59C81E52909}) (Version: 1.0.0.0 - Electronic Arts)
Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.43.1.WIN.FullTilt.COM - )
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Grand Theft Auto Vice City (HKCU\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Launcher (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version:  - )
Nero 7 Ultra Edition (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NvMixer (HKLM\...\{D7A6C517-11F2-419F-B5BB-27772B939698}) (Version:  - )
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PowerISO (HKLM\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version:  - )
QuickStores-Toolbar 1.1.0 (HKLM\...\QuickStores-Toolbar_is1) (Version: 1.1.0 - AB-Tools.com) <==== ATTENTION
Rapport (Version: 3.5.1307.76 - Trusteer) Hidden
RealDownloader (Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version:  - RealNetworks)
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Risk (HKLM\...\Risk) (Version:  - )
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.00.62.00 - Samsung Electronics Co., Ltd.)
Samsung ML-1670 Series (HKLM\...\Samsung ML-1670 Series) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
SopCast 3.4.0 (HKLM\...\SopCast) (Version: 3.4.0 - www.sopcast.com)
Star Wars Battlefront II (HKLM\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Battle for Middle-earth ™ (HKLM\...\{962E05CF-3394-496D-0091-850CF1762F6B}) (Version:  - )
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1307.76 - Trusteer)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Windows (KB971513) (HKLM\...\KB971513) (Version:  - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Restore Points  =========================

16-02-2014 06:55:08 Software Distribution Service 3.0
16-02-2014 10:11:20 Software Distribution Service 3.0
17-02-2014 06:53:04 Software Distribution Service 3.0
18-02-2014 06:56:15 Software Distribution Service 3.0
19-02-2014 11:09:15 Software Distribution Service 3.0
20-02-2014 12:01:19 System Checkpoint
21-02-2014 12:02:25 System Checkpoint
22-02-2014 12:11:50 System Checkpoint
23-02-2014 12:21:04 System Checkpoint
24-02-2014 13:07:30 System Checkpoint
25-02-2014 13:12:15 System Checkpoint
26-02-2014 13:16:35 System Checkpoint
27-02-2014 13:18:49 System Checkpoint
28-02-2014 13:25:33 System Checkpoint
01-03-2014 05:38:23 Installed Star Wars Battlefront II
01-03-2014 05:44:41 Installed Rapport
01-03-2014 05:45:19 Software Distribution Service 3.0
01-03-2014 08:49:44 Installed Star Wars Battlefront II
02-03-2014 05:52:43 Software Distribution Service 3.0
02-03-2014 10:29:25 Software Distribution Service 3.0
02-03-2014 22:45:05 Installed Star Wars Battlefront II
02-03-2014 23:06:40 Installed Star Wars Battlefront II
03-03-2014 00:06:42 Installed Star Wars Battlefront II
03-03-2014 06:06:23 Software Distribution Service 3.0
04-03-2014 05:51:42 Software Distribution Service 3.0
05-03-2014 06:23:39 Software Distribution Service 3.0
06-03-2014 06:43:11 System Checkpoint
07-03-2014 03:20:34 Software Distribution Service 3.0
08-03-2014 04:08:49 System Checkpoint
08-03-2014 05:33:36 Software Distribution Service 3.0
09-03-2014 06:19:10 System Checkpoint
09-03-2014 07:28:44 Software Distribution Service 3.0
09-03-2014 07:40:25 Software Distribution Service 3.0
10-03-2014 08:18:08 System Checkpoint
11-03-2014 09:17:05 System Checkpoint
12-03-2014 09:35:05 System Checkpoint
12-03-2014 10:00:14 Software Distribution Service 3.0
12-03-2014 10:46:13 Software Distribution Service 3.0
13-03-2014 10:51:13 Software Distribution Service 3.0
14-03-2014 10:45:51 Software Distribution Service 3.0
15-03-2014 10:43:46 Software Distribution Service 3.0
16-03-2014 08:44:50 Software Distribution Service 3.0
16-03-2014 10:44:56 Software Distribution Service 3.0
17-03-2014 10:53:16 System Checkpoint
18-03-2014 00:59:43 Software Distribution Service 3.0
19-03-2014 00:58:39 Software Distribution Service 3.0
19-03-2014 10:00:21 Software Distribution Service 3.0
20-03-2014 00:56:56 Software Distribution Service 3.0
21-03-2014 00:55:44 Software Distribution Service 3.0
22-03-2014 00:54:50 Software Distribution Service 3.0
23-03-2014 00:54:29 Software Distribution Service 3.0
23-03-2014 08:32:15 Software Distribution Service 3.0
23-03-2014 22:14:22 Installed Rapport
24-03-2014 22:22:02 Software Distribution Service 3.0
25-03-2014 22:21:04 Software Distribution Service 3.0
26-03-2014 22:20:11 Software Distribution Service 3.0
27-03-2014 22:19:24 Software Distribution Service 3.0
28-03-2014 22:18:44 Software Distribution Service 3.0
29-03-2014 22:17:50 Software Distribution Service 3.0
30-03-2014 08:42:01 Software Distribution Service 3.0
30-03-2014 22:16:54 Software Distribution Service 3.0
31-03-2014 22:17:17 Software Distribution Service 3.0
01-04-2014 23:12:35 System Checkpoint
02-04-2014 06:19:18 Software Distribution Service 3.0
03-04-2014 06:18:54 Software Distribution Service 3.0
03-04-2014 10:00:15 Software Distribution Service 3.0
04-04-2014 10:11:34 Software Distribution Service 3.0
05-04-2014 10:09:56 Software Distribution Service 3.0
06-04-2014 09:25:12 Software Distribution Service 3.0
07-04-2014 09:42:33 System Checkpoint
07-04-2014 10:08:54 Software Distribution Service 3.0
08-04-2014 07:45:02 Installed Java 7 Update 51
08-04-2014 07:50:25 Software Distribution Service 3.0
08-04-2014 07:53:15 Installed Rapport
09-04-2014 08:03:53 Software Distribution Service 3.0
10-04-2014 08:02:12 Software Distribution Service 3.0
10-04-2014 10:00:14 Software Distribution Service 3.0
11-04-2014 10:10:06 System Checkpoint
11-04-2014 10:19:01 Software Distribution Service 3.0
12-04-2014 17:24:29 Software Distribution Service 3.0
13-04-2014 09:08:04 Software Distribution Service 3.0
13-04-2014 17:21:02 Software Distribution Service 3.0
14-04-2014 17:20:46 Software Distribution Service 3.0
15-04-2014 17:19:34 Software Distribution Service 3.0
16-04-2014 17:21:42 Software Distribution Service 3.0
17-04-2014 17:19:47 Software Distribution Service 3.0
18-04-2014 17:18:28 Software Distribution Service 3.0
19-04-2014 17:17:04 Software Distribution Service 3.0
20-04-2014 09:08:33 Software Distribution Service 3.0
20-04-2014 17:16:26 Software Distribution Service 3.0
21-04-2014 17:15:41 Software Distribution Service 3.0
22-04-2014 17:13:14 Software Distribution Service 3.0
23-04-2014 17:13:08 Software Distribution Service 3.0
24-04-2014 17:38:59 System Checkpoint
25-04-2014 16:38:58 Software Distribution Service 3.0
26-04-2014 16:35:18 Software Distribution Service 3.0
27-04-2014 08:53:28 Software Distribution Service 3.0
27-04-2014 16:34:09 Software Distribution Service 3.0
28-04-2014 00:24:45 Installed Rapport
29-04-2014 00:34:41 Software Distribution Service 3.0
30-04-2014 00:34:24 Software Distribution Service 3.0
01-05-2014 00:53:41 System Checkpoint
01-05-2014 08:59:54 Software Distribution Service 3.0
02-05-2014 09:00:44 Software Distribution Service 3.0
03-05-2014 08:58:01 Software Distribution Service 3.0
03-05-2014 10:00:25 Software Distribution Service 3.0
04-05-2014 09:10:22 Software Distribution Service 3.0
05-05-2014 10:21:40 System Checkpoint
05-05-2014 10:27:23 Software Distribution Service 3.0
06-05-2014 10:26:46 Software Distribution Service 3.0
07-05-2014 03:49:00 Installed Windows Media Player 11
07-05-2014 03:53:25 Installed Windows XP MSCompPackV1.
08-05-2014 04:09:53 System Checkpoint
08-05-2014 05:16:57 Software Distribution Service 3.0
09-05-2014 05:16:04 Software Distribution Service 3.0
09-05-2014 19:15:57 Installed Java 7 Update 55
10-05-2014 19:49:20 System Checkpoint
11-05-2014 03:37:32 Software Distribution Service 3.0
11-05-2014 08:44:56 Software Distribution Service 3.0
12-05-2014 05:30:56 Software Distribution Service 3.0
13-05-2014 05:30:06 Software Distribution Service 3.0
14-05-2014 05:29:41 Software Distribution Service 3.0
14-05-2014 10:00:14 Software Distribution Service 3.0
15-05-2014 05:28:47 Software Distribution Service 3.0
15-05-2014 20:09:07 Installed Rapport

==================== Hosts content: ==========================

2004-08-04 05:00 - 2004-08-04 05:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1960408961-602609370-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1960408961-602609370-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-602609370-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-602609370-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2012-05-20 12:04 - 2014-05-15 13:15 - 01404120 _____ () C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2013-12-24 17:50 - 2011-01-27 01:33 - 00026624 _____ () C:\WINDOWS\system32\ssb7mlm.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-07-04 14:32 - 2010-07-04 14:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2011-08-10 19:34 - 2010-10-09 16:27 - 03827200 _____ () C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ffdshow.ax
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2010-07-04 12:51 - 2010-07-04 12:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2010-12-17 19:12 - 2010-12-17 19:12 - 00332288 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2010-12-17 19:13 - 2010-12-17 19:13 - 00049664 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2013-03-06 02:21 - 2013-03-06 02:21 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-01-17 17:19 - 2004-01-01 01:26 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-05-09 13:36 - 2014-05-09 13:37 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-05-14 10:26 - 2014-05-14 10:26 - 16361136 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2014 01:09:07 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Rapport -- Error 1704. An installation for Adobe Reader X (10.1.10) is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (05/10/2014 10:18:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mpc-hc.exe, version 1.4.2677.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/10/2014 09:21:02 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10502.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/20/2014 04:54:36 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10502.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/31/2014 11:42:44 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10401.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/30/2014 00:37:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mpc-hc.exe, version 1.4.2677.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/30/2014 00:34:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mpc-hc.exe, version 1.4.2677.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/30/2014 00:31:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mpc-hc.exe, version 1.4.2677.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/16/2014 05:49:54 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application MsMpEng.exe, version 4.4.304.0, faulting module mpengine.dll, version 1.1.10302.0, fault address 0x000aaa84.
Error in creating result PEAP-TLV in response to received PEAP-TLV (MsMpEng.exe!ld!)

Error: (03/12/2014 08:30:22 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application MsMpEng.exe, version 4.4.304.0, faulting module mpengine.dll, version 1.1.10302.0, fault address 0x000aaa84.
Error in creating result PEAP-TLV in response to received PEAP-TLV (MsMpEng.exe!ld!)


System errors:
=============
Error: (05/16/2014 02:37:01 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (05/16/2014 02:36:33 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (05/16/2014 02:27:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (05/16/2014 02:26:35 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (05/15/2014 10:26:02 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (05/15/2014 10:16:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (05/15/2014 10:16:04 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (05/15/2014 10:12:15 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (05/15/2014 10:02:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (05/15/2014 10:02:17 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.


Microsoft Office Sessions:
=========================
Error: (05/15/2014 01:09:07 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Rapport -- Error 1704. An installation for Adobe Reader X (10.1.10) is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)

Error: (05/10/2014 10:18:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mpc-hc.exe1.4.2677.0hungapp0.0.0.000000000

Error: (05/10/2014 09:21:02 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10502.0mpengine0unspecifiedNILNILNIL

Error: (04/20/2014 04:54:36 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10502.0mpengine0unspecifiedNILNILNIL

Error: (03/31/2014 11:42:44 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10401.0mpengine0unspecifiedNILNILNIL

Error: (03/30/2014 00:37:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mpc-hc.exe1.4.2677.0hungapp0.0.0.000000000

Error: (03/30/2014 00:34:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mpc-hc.exe1.4.2677.0hungapp0.0.0.000000000

Error: (03/30/2014 00:31:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mpc-hc.exe1.4.2677.0hungapp0.0.0.000000000

Error: (03/16/2014 05:49:54 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: MsMpEng.exe4.4.304.0mpengine.dll1.1.10302.0000aaa84

Error: (03/12/2014 08:30:22 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: MsMpEng.exe4.4.304.0mpengine.dll1.1.10302.0000aaa84


==================== Memory info ===========================

Percentage of memory in use: 91%
Total physical RAM: 1023.48 MB
Available physical RAM: 85.73 MB
Total Pagefile: 2459.74 MB
Available Pagefile: 1624.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:260.86 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:149.04 GB) (Free:142.08 GB) NTFS
Drive e: (BFII_1) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS
Drive g: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:330.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 16F5C76E)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: C007C007)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 1F4E8F77)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 snoopy24

snoopy24
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 16 May 2014 - 04:50 AM

Hello

   

A few months ago I ran malewarebytes and removed what it asked me too from my system and ever since my computer has not run properly, ive tried to fix it with small succes and am needing help. Which brings me too problem number two, in the last few days my computer seems to be freezing and i cant figure out why.

 

I ran a FRST scan which is posted below.

 

Some help in the form of a fixlist would be greatly appreciated, thanks for your time.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by G (administrator) on GEOFF on 16-05-2014 02:37:25
Running from C:\Documents and Settings\G\My Documents\Downloads
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvMixer\NvMixerTray.exe
(Cyberlink Corp.) C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
(PowerISO Computing, Inc.) C:\Program Files\PowerISO\PWRISOVM.EXE
(Trusteer Ltd.) C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
() C:\Program Files\Unlocker\UnlockerAssistant.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Nero AG) C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\realplay.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NVMixerTray] => C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe [131072 2004-10-07] (NVIDIA Corporation)
HKLM\...\Run: [RemoteControl] => C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe [32768 2003-12-08] (Cyberlink Corp.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PWRISOVM.EXE] => C:\Program Files\PowerISO\PWRISOVM.EXE [307200 2011-06-14] (PowerISO Computing, Inc.)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKLM\...\Run: [TkBellExe] => C:\program files\real\realplayer\update\realsched.exe [295512 2013-04-24] (RealNetworks, Inc.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [153136 2007-03-01] (Nero AG)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [951576 2014-03-11] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [332288 2010-12-17] ()
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-21-1960408961-602609370-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1960408961-602609370-839522115-1004\...\Run: [ISUSScheduler] => C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [86960 2006-09-11] (Macrovision Corporation)
HKU\S-1-5-21-1960408961-602609370-839522115-1004\...\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] => C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [152872 2007-06-27] (Nero AG)
HKU\S-1-5-21-1960408961-602609370-839522115-1004\...\Run: [DAEMON Tools Lite] => C:\Program Files\DAEMON Tools Lite\DTLite.exe [3481408 2012-02-13] (DT Soft Ltd)
HKU\S-1-5-21-1960408961-602609370-839522115-1004\...\Run: [uTorrent] => C:\Documents and Settings\G\Application Data\uTorrent\uTorrent.exe [1268560 2014-05-09] (BitTorrent Inc.)
HKU\S-1-5-21-1960408961-602609370-839522115-1004\...\MountPoints2: {a199aef9-c336-11e0-8796-00016cb7e8c7} - G:\Setup.exe
Startup: C:\Documents and Settings\G\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3314958&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP9946F9D6-6229-4055-B34B-F9AC1A6A5893&q={searchTerms}&SSPV=
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - QuickStores-Toolbar - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - C:\WINDOWS\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.176.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\G\Application Data\Mozilla\Firefox\Profiles\1cw8fh31.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\WINDOWS\system32\TVUAx\npTVUAx.dll (TVU networks)
FF Plugin: @real.com/nppl3260;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpchromebrowserrecordext;version=15.0.0.198 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprphtml5videoshim;version=15.0.0.198 - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=15.0.0.198 - c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.1.18 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nprpplugin.dll (RealPlayer)
FF SearchPlugin: C:\Documents and Settings\G\Application Data\Mozilla\Firefox\Profiles\1cw8fh31.default\searchplugins\conduit-search.xml
FF Extension: TVU Web Player - C:\Documents and Settings\G\Application Data\Mozilla\Firefox\Profiles\1cw8fh31.default\Extensions\firefox@tvunetworks.com [2011-08-24]
FF Extension: QuickStores-Toolbar - C:\Program Files\Mozilla Firefox\extensions\quickstores@quickstores.de [2014-05-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{DAC3F861-B30D-40dd-9166-F4E75327FAC7}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []

Chrome:
=======
CHR HomePage: http:\/\/www.google.com
CHR RestoreOnStartup: ""
CHR DefaultSearchKeyword: conduit.search
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (YouTube) - C:\Documents and Settings\G\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-10]
CHR Extension: (Google Search) - C:\Documents and Settings\G\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-10]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Documents and Settings\G\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-01-10]
CHR Extension: (Gmail) - C:\Documents and Settings\G\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-10]
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-03-06]

========================== Services (Whitelisted) =================

R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2014-04-14] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2014-03-11] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-03-06] ()
S3 Roxio UPnP Renderer 11; "C:\Program Files\Roxio Creator 2009\Digital Home 11\RoxioUPnPRenderer11.exe" [X]
S2 RoxLiveShare10; "C:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxLiveShare10.exe" [X]
S2 SessionLauncher; C:\DOCUME~1\G\LOCALS~1\Temp\DX9\SessionLauncher.exe [X]

==================== Drivers (Whitelisted) ====================

R3 A3AB; C:\WINDOWS\System32\DRIVERS\A3AB.sys [547744 2007-05-23] (D-Link Corporation)
R1 AmdPPM; C:\WINDOWS\System32\DRIVERS\AmdPPM.sys [33792 2007-04-16] (Advanced Micro Devices)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2012-02-24] (DT Soft Ltd)
R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [231960 2014-01-25] (Microsoft Corporation)
R1 MpKsl14dd76b6; c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{7EF85EC1-CAEB-458B-B901-B69E79ECB9F3}\MpKsl14dd76b6.sys [39464 2014-05-16] (Microsoft Corporation)
R0 nvatabus; C:\WINDOWS\System32\DRIVERS\nvatabus.sys [82816 2004-09-02] (NVIDIA Corporation)
R3 nvax; C:\WINDOWS\System32\drivers\nvax.sys [53376 2005-07-26] (NVIDIA Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [54784 2008-08-01] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [22016 2008-08-01] (NVIDIA Corporation)
R3 nvnforce; C:\WINDOWS\System32\drivers\nvapu.sys [415360 2005-07-26] (NVIDIA Corporation)
R3 pfc; C:\WINDOWS\System32\drivers\pfc.sys [10368 2003-12-05] (Padus, Inc.)
R1 RapportCerberus_68261; C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_68261.sys [358008 2014-05-15] ()
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
R0 sptd; C:\WINDOWS\System32\Drivers\sptd.sys [473656 2012-02-21] (Duplex Secure Ltd.)
U3 a0br1tyu; C:\WINDOWS\system32\Drivers\a0br1tyu.sys [0 ] (NVIDIA Corporation)
S3 FXDRV; \??\E:\Fxdrv.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
S3 WDC_SAM; system32\DRIVERS\wdcsam.sys [X]
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-16 02:37 - 2014-05-16 02:37 - 00000000 ____D () C:\FRST
2014-05-15 13:00 - 2014-05-16 02:27 - 00000270 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1960408961-602609370-839522115-1004.job
2014-05-09 13:36 - 2014-05-09 13:38 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 12:17 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\system32\javaws.exe
2014-05-09 12:17 - 2014-04-14 19:47 - 00145408 _____ (Oracle Corporation) C:\WINDOWS\system32\javacpl.cpl
2014-05-09 12:16 - 2014-05-09 12:16 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
2014-05-09 12:16 - 2014-05-09 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-05-09 12:16 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge.dll
2014-05-09 12:16 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\system32\javaw.exe
2014-05-09 12:16 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\system32\java.exe
2014-05-06 20:53 - 2006-09-25 17:58 - 00014640 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsg.dll
2014-05-06 20:52 - 2008-04-13 17:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpns.dll
2014-05-03 22:55 - 2014-05-03 22:55 - 00123512 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-05-03 03:00 - 2014-05-03 03:00 - 00005486 _____ () C:\WINDOWS\KB2964358-IE8.log

==================== One Month Modified Files and Folders =======

2014-05-16 02:38 - 2011-08-10 01:15 - 02072803 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-16 02:37 - 2014-05-16 02:37 - 00000000 ____D () C:\FRST
2014-05-16 02:36 - 2014-04-03 03:11 - 00000384 ____H () C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2014-05-16 02:31 - 2011-08-13 11:56 - 00000000 ____D () C:\Documents and Settings\G\Application Data\uTorrent
2014-05-16 02:28 - 2011-08-15 17:55 - 00000116 _____ () C:\WINDOWS\NeroDigital.ini
2014-05-16 02:27 - 2014-05-15 13:00 - 00000270 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1960408961-602609370-839522115-1004.job
2014-05-16 02:27 - 2013-04-24 21:55 - 00000278 _____ () C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1960408961-602609370-839522115-1004.job
2014-05-16 02:27 - 2011-10-12 15:04 - 00000270 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-602609370-839522115-1004.job
2014-05-16 02:27 - 2011-08-10 02:58 - 00000872 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-16 02:27 - 2011-08-09 18:07 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-05-16 02:26 - 2014-03-12 20:29 - 00000214 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-05-16 02:26 - 2011-08-10 01:19 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-16 02:26 - 2011-08-09 18:07 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2014-05-16 02:24 - 2011-08-10 02:58 - 00000876 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-16 01:26 - 2012-04-10 11:10 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-05-15 19:12 - 2011-08-10 01:19 - 00032464 _____ () C:\WINDOWS\SchedLgU.Txt
2014-05-15 18:31 - 2011-08-10 02:16 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB956802$
2014-05-15 18:31 - 2011-08-10 01:20 - 00000178 ___SH () C:\Documents and Settings\G\ntuser.ini
2014-05-15 18:31 - 2011-08-10 01:20 - 00000000 ____D () C:\Documents and Settings\G
2014-05-15 13:19 - 2011-08-11 00:33 - 00002347 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader X.lnk
2014-05-15 13:18 - 2011-08-10 20:35 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-05-15 13:09 - 2013-08-28 03:17 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Trusteer Endpoint Protection
2014-05-15 12:52 - 2004-08-04 05:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-05-14 21:46 - 2011-08-25 14:52 - 00000278 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-602609370-839522115-1004.job
2014-05-14 11:29 - 2011-08-10 02:58 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-05-14 10:26 - 2012-04-10 11:10 - 00692400 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-05-14 10:26 - 2011-08-11 00:34 - 00070832 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-05-14 03:04 - 2013-08-15 03:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-14 03:00 - 2011-08-10 01:52 - 90547776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-10 22:41 - 2012-03-02 22:36 - 00000000 ____D () C:\Program Files\Call of Duty
2014-05-09 20:45 - 2012-04-26 18:57 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-09 13:38 - 2014-05-09 13:36 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-09 13:23 - 2011-08-10 02:17 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB977914$
2014-05-09 12:16 - 2014-05-09 12:16 - 00004088 _____ () C:\WINDOWS\system32\jupdate-1.7.0_55-b14.log
2014-05-09 12:16 - 2014-05-09 12:16 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Java
2014-05-09 12:16 - 2013-06-23 21:11 - 00000000 ____D () C:\Program Files\Java
2014-05-09 12:14 - 2014-03-12 20:29 - 00000208 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-05-06 22:04 - 2011-08-13 12:33 - 00114688 _____ () C:\Documents and Settings\G\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-06 21:47 - 2011-08-10 01:12 - 00124390 _____ () C:\WINDOWS\wmsetup.log
2014-05-06 21:44 - 2011-08-10 01:50 - 00126873 _____ () C:\WINDOWS\spupdsvc.log
2014-05-06 20:53 - 2012-01-11 04:00 - 00482827 _____ () C:\WINDOWS\setupapi.log
2014-05-06 20:53 - 2011-08-10 02:41 - 00032748 _____ () C:\WINDOWS\wmp11.log
2014-05-06 20:53 - 2011-08-10 02:41 - 00006207 _____ () C:\WINDOWS\MSCompPackV1.log
2014-05-06 20:53 - 2011-08-10 01:20 - 00000788 _____ () C:\Documents and Settings\G\Start Menu\Programs\Windows Media Player.lnk
2014-05-06 20:53 - 2011-08-10 01:15 - 00000000 __SHD () C:\Documents and Settings\All Users\DRM
2014-05-06 20:52 - 2011-08-10 02:41 - 00000000 ____D () C:\Program Files\Windows Media Connect 2
2014-05-06 20:52 - 2011-08-10 01:16 - 00023392 _____ () C:\WINDOWS\system32\nscompat.tlb
2014-05-06 20:52 - 2011-08-10 01:16 - 00016832 _____ () C:\WINDOWS\system32\amcompat.tlb
2014-05-06 20:51 - 2011-08-10 02:40 - 00055279 _____ () C:\WINDOWS\WMFDist11.log
2014-05-06 20:50 - 2011-08-10 01:50 - 00249379 _____ () C:\WINDOWS\updspapi.log
2014-05-06 20:49 - 2011-08-10 02:40 - 00011953 _____ () C:\WINDOWS\Wudf01000Inst.log
2014-05-06 16:31 - 2011-08-09 18:05 - 00522376 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-03 22:55 - 2014-05-03 22:55 - 00123512 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKELL.sys
2014-05-03 03:00 - 2014-05-03 03:00 - 00005486 _____ () C:\WINDOWS\KB2964358-IE8.log
2014-05-03 03:00 - 2011-08-09 18:05 - 02071072 _____ () C:\WINDOWS\FaxSetup.log
2014-05-03 03:00 - 2011-08-09 18:05 - 00998795 _____ () C:\WINDOWS\ocgen.log
2014-05-03 03:00 - 2011-08-09 18:05 - 00794498 _____ () C:\WINDOWS\tsoc.log
2014-05-03 03:00 - 2011-08-09 18:05 - 00581577 _____ () C:\WINDOWS\comsetup.log
2014-05-03 03:00 - 2011-08-09 18:05 - 00350942 _____ () C:\WINDOWS\ntdtcsetup.log
2014-05-03 03:00 - 2011-08-09 18:05 - 00326895 _____ () C:\WINDOWS\iis6.log
2014-05-03 03:00 - 2011-08-09 18:05 - 00103782 _____ () C:\WINDOWS\msgsocm.log
2014-05-03 03:00 - 2011-08-09 18:05 - 00095565 _____ () C:\WINDOWS\ocmsn.log
2014-05-03 03:00 - 2011-08-09 18:05 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-30 01:13 - 2004-08-04 05:00 - 06022144 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\mshtml.dll
2014-04-30 01:13 - 2004-08-04 05:00 - 06022144 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-04-28 16:55 - 2011-08-11 00:31 - 00000000 ____D () C:\Documents and Settings\G\Local Settings\Application Data\Adobe

Some content of TEMP:
====================
C:\Documents and Settings\G\Local Settings\Temp\AutoRun.exe
C:\Documents and Settings\G\Local Settings\Temp\AutoRunGUI.dll
C:\Documents and Settings\G\Local Settings\Temp\c95226da4a6df6dcb165ba3a3d73fccb.exe
C:\Documents and Settings\G\Local Settings\Temp\CmdLineExt02.dll
C:\Documents and Settings\G\Local Settings\Temp\drm_dialogs.dll
C:\Documents and Settings\G\Local Settings\Temp\drm_dyndata_7400009.dll
C:\Documents and Settings\G\Local Settings\Temp\firefoxjre_exe.exe
C:\Documents and Settings\G\Local Settings\Temp\FP_PL_PFS_INSTALLER-1.exe
C:\Documents and Settings\G\Local Settings\Temp\FP_PL_PFS_INSTALLER-2.exe
C:\Documents and Settings\G\Local Settings\Temp\FP_PL_PFS_INSTALLER.exe
C:\Documents and Settings\G\Local Settings\Temp\installerdll144086375.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll144091468.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll144107281.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll749796.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll764781.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll795859.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll810656.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll82157312.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll82162937.dll
C:\Documents and Settings\G\Local Settings\Temp\installerdll82178453.dll
C:\Documents and Settings\G\Local Settings\Temp\iPodVoiceOverSetup.exe
C:\Documents and Settings\G\Local Settings\Temp\jre-6u30-windows-i586-iftw-rv.exe
C:\Documents and Settings\G\Local Settings\Temp\jre-6u37-windows-i586-iftw.exe
C:\Documents and Settings\G\Local Settings\Temp\jre-7u17-windows-i586-iftw.exe
C:\Documents and Settings\G\Local Settings\Temp\jre-7u25-windows-i586-iftw.exe
C:\Documents and Settings\G\Local Settings\Temp\jre-7u51-windows-i586-iftw.exe
C:\Documents and Settings\G\Local Settings\Temp\jre-7u55-windows-i586-iftw.exe
C:\Documents and Settings\G\Local Settings\Temp\lowproc.exe
C:\Documents and Settings\G\Local Settings\Temp\OriginLauncher144086375.exe
C:\Documents and Settings\G\Local Settings\Temp\OriginLauncher82157312.exe
C:\Documents and Settings\G\Local Settings\Temp\QuickStores_Unlocker.exe
C:\Documents and Settings\G\Local Settings\Temp\rootsupd.exe
C:\Documents and Settings\G\Local Settings\Temp\Setup.exe
C:\Documents and Settings\G\Local Settings\Temp\Shockwave_Installer_FF.exe
C:\Documents and Settings\G\Local Settings\Temp\SIntf16.dll
C:\Documents and Settings\G\Local Settings\Temp\SIntf32.dll
C:\Documents and Settings\G\Local Settings\Temp\SIntfNT.dll
C:\Documents and Settings\G\Local Settings\Temp\stubhelper.dll
C:\Documents and Settings\G\Local Settings\Temp\vcredist_x64.exe
C:\Documents and Settings\G\Local Settings\Temp\vcredist_x86.exe
C:\Documents and Settings\G\Local Settings\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Documents and Settings\NetworkService\Local Settings\Temp\mpam-bade39d7.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

 

Also it gave me an addition list, also posted below.

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-05-2014
Ran by G at 2014-05-16 02:39:48
Running from C:\Documents and Settings\G\My Documents\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Disabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.4.1.31139 - BitTorrent Inc.)
100% Free Chess 7.42 (HKLM\...\FreeChess) (Version: 7.42 - DreamQuest)
888poker (HKLM\...\888poker) (Version:  - )
Adobe Acrobat 5.0 (HKLM\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader X (10.1.10) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AA1000000001}) (Version: 10.1.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM\...\Adobe Shockwave Player) (Version: 11.6.1.629 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E14ADE0E-75F3-4A46-87E5-26692DD626EC}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.582-090203a-075908C-ATI - )
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty (HKLM\...\Call of Duty) (Version:  - )
Call of Duty® 2 (HKLM\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision)
Call of Duty® 2 (Version: 1.00.0000 - Activision) Hidden
Combined Community Codec Pack 2010-10-10 (HKLM\...\Combined Community Codec Pack_is1) (Version: 2010.10.10.0 - CCCP Project)
Common Desktop Agent (Version: 1.53.0 - OEM) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.45.3.0297 - DT Soft Ltd)
Diablo (HKCU\...\Diablo) (Version:  - )
Diablo (HKLM\...\Diablo) (Version:  - )
DirectXInstallService (Version: 9.0.0 - Roxio) Hidden
DVD Solution (HKLM\...\{B97CF5C3-0487-11D8-A36E-0050BAE317E1}) (Version:  - )
EMC 10 Content (HKLM\...\{FDB46DE7-9045-47BB-970A-3E4ED5369E03}) (Version: 1.0.015 - Roxo, Inc.)
EMC 11 Content (HKLM\...\{21ABEA96-CCAB-4C40-8699-6BDFEC5FD63C}) (Version: 1.1.019 - Roxo, Inc.)
FIFA 10 (HKLM\...\{11202615-E557-4ECF-9B86-F59C81E52909}) (Version: 1.0.0.0 - Electronic Arts)
Full Tilt Poker (HKLM\...\{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}) (Version: 4.43.1.WIN.FullTilt.COM - )
Google Chrome (HKLM\...\Google Chrome) (Version: 34.0.1847.137 - Google Inc.)
Google Update Helper (Version: 1.3.24.7 - Google Inc.) Hidden
Grand Theft Auto Vice City (HKCU\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
iTunes (HKLM\...\{268278CF-FB69-4D98-B70E-BFEC1CDCA225}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2698023) (HKLM\...\M2698023) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Security Client (Version: 4.5.0216.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.5.216.0 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 29.0.1 (x86 en-US)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Multimedia Launcher (HKLM\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version:  - )
Nero 7 Ultra Edition (HKLM\...\{CF097717-F174-4144-954A-FBC4BF301033}) (Version: 7.02.9753 - Nero AG)
neroxml (Version: 1.0.0 - Nero AG) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version:  - )
NvMixer (HKLM\...\{D7A6C517-11F2-419F-B5BB-27772B939698}) (Version:  - )
OpenOffice.org 3.3 (HKLM\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
Origin (HKLM\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)
PowerDVD (HKLM\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version:  - )
PowerISO (HKLM\...\PowerISO) (Version: 4.8 - PowerISO Computing, Inc.)
PowerProducer (HKLM\...\{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version:  - )
QuickStores-Toolbar 1.1.0 (HKLM\...\QuickStores-Toolbar_is1) (Version: 1.1.0 - AB-Tools.com) <==== ATTENTION
Rapport (Version: 3.5.1307.76 - Trusteer) Hidden
RealDownloader (Version: 1.3.1 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 15.0) (Version:  - RealNetworks)
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Risk (HKLM\...\Risk) (Version:  - )
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Samsung Easy Printer Manager (HKLM\...\Samsung Easy Printer Manager) (Version: 1.00.62.00 - Samsung Electronics Co., Ltd.)
Samsung ML-1670 Series (HKLM\...\Samsung ML-1670 Series) (Version:  - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version:  - Samsung Electronics Co., Ltd.)
SopCast 3.4.0 (HKLM\...\SopCast) (Version: 3.4.0 - www.sopcast.com)
Star Wars Battlefront II (HKLM\...\{3D374523-CFDE-461A-827E-2A102E2AB365}) (Version: 1.0 - LucasArts)
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
The Battle for Middle-earth ™ (HKLM\...\{962E05CF-3394-496D-0091-850CF1762F6B}) (Version:  - )
Trusteer Endpoint Protection (HKLM\...\Rapport_msi) (Version: 3.5.1307.76 - Trusteer)
Unlocker 1.9.1 (HKLM\...\Unlocker) (Version: 1.9.1 - Cedrick Collomb)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Windows (KB971513) (HKLM\...\KB971513) (Version:  - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2632503) (HKLM\...\KB2632503-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2492386) (HKLM\...\KB2492386) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2541763) (HKLM\...\KB2541763) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2607712) (HKLM\...\KB2607712) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2616676) (HKLM\...\KB2616676) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2641690) (HKLM\...\KB2641690) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2718704) (HKLM\...\KB2718704) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2808679) (HKLM\...\KB2808679) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (HKLM\...\KB951978) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB967715) (HKLM\...\KB967715) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971737) (HKLM\...\KB971737) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973687) (HKLM\...\KB973687) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\KB892130) (Version:  - Microsoft Corporation)
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)

==================== Restore Points  =========================

16-02-2014 06:55:08 Software Distribution Service 3.0
16-02-2014 10:11:20 Software Distribution Service 3.0
17-02-2014 06:53:04 Software Distribution Service 3.0
18-02-2014 06:56:15 Software Distribution Service 3.0
19-02-2014 11:09:15 Software Distribution Service 3.0
20-02-2014 12:01:19 System Checkpoint
21-02-2014 12:02:25 System Checkpoint
22-02-2014 12:11:50 System Checkpoint
23-02-2014 12:21:04 System Checkpoint
24-02-2014 13:07:30 System Checkpoint
25-02-2014 13:12:15 System Checkpoint
26-02-2014 13:16:35 System Checkpoint
27-02-2014 13:18:49 System Checkpoint
28-02-2014 13:25:33 System Checkpoint
01-03-2014 05:38:23 Installed Star Wars Battlefront II
01-03-2014 05:44:41 Installed Rapport
01-03-2014 05:45:19 Software Distribution Service 3.0
01-03-2014 08:49:44 Installed Star Wars Battlefront II
02-03-2014 05:52:43 Software Distribution Service 3.0
02-03-2014 10:29:25 Software Distribution Service 3.0
02-03-2014 22:45:05 Installed Star Wars Battlefront II
02-03-2014 23:06:40 Installed Star Wars Battlefront II
03-03-2014 00:06:42 Installed Star Wars Battlefront II
03-03-2014 06:06:23 Software Distribution Service 3.0
04-03-2014 05:51:42 Software Distribution Service 3.0
05-03-2014 06:23:39 Software Distribution Service 3.0
06-03-2014 06:43:11 System Checkpoint
07-03-2014 03:20:34 Software Distribution Service 3.0
08-03-2014 04:08:49 System Checkpoint
08-03-2014 05:33:36 Software Distribution Service 3.0
09-03-2014 06:19:10 System Checkpoint
09-03-2014 07:28:44 Software Distribution Service 3.0
09-03-2014 07:40:25 Software Distribution Service 3.0
10-03-2014 08:18:08 System Checkpoint
11-03-2014 09:17:05 System Checkpoint
12-03-2014 09:35:05 System Checkpoint
12-03-2014 10:00:14 Software Distribution Service 3.0
12-03-2014 10:46:13 Software Distribution Service 3.0
13-03-2014 10:51:13 Software Distribution Service 3.0
14-03-2014 10:45:51 Software Distribution Service 3.0
15-03-2014 10:43:46 Software Distribution Service 3.0
16-03-2014 08:44:50 Software Distribution Service 3.0
16-03-2014 10:44:56 Software Distribution Service 3.0
17-03-2014 10:53:16 System Checkpoint
18-03-2014 00:59:43 Software Distribution Service 3.0
19-03-2014 00:58:39 Software Distribution Service 3.0
19-03-2014 10:00:21 Software Distribution Service 3.0
20-03-2014 00:56:56 Software Distribution Service 3.0
21-03-2014 00:55:44 Software Distribution Service 3.0
22-03-2014 00:54:50 Software Distribution Service 3.0
23-03-2014 00:54:29 Software Distribution Service 3.0
23-03-2014 08:32:15 Software Distribution Service 3.0
23-03-2014 22:14:22 Installed Rapport
24-03-2014 22:22:02 Software Distribution Service 3.0
25-03-2014 22:21:04 Software Distribution Service 3.0
26-03-2014 22:20:11 Software Distribution Service 3.0
27-03-2014 22:19:24 Software Distribution Service 3.0
28-03-2014 22:18:44 Software Distribution Service 3.0
29-03-2014 22:17:50 Software Distribution Service 3.0
30-03-2014 08:42:01 Software Distribution Service 3.0
30-03-2014 22:16:54 Software Distribution Service 3.0
31-03-2014 22:17:17 Software Distribution Service 3.0
01-04-2014 23:12:35 System Checkpoint
02-04-2014 06:19:18 Software Distribution Service 3.0
03-04-2014 06:18:54 Software Distribution Service 3.0
03-04-2014 10:00:15 Software Distribution Service 3.0
04-04-2014 10:11:34 Software Distribution Service 3.0
05-04-2014 10:09:56 Software Distribution Service 3.0
06-04-2014 09:25:12 Software Distribution Service 3.0
07-04-2014 09:42:33 System Checkpoint
07-04-2014 10:08:54 Software Distribution Service 3.0
08-04-2014 07:45:02 Installed Java 7 Update 51
08-04-2014 07:50:25 Software Distribution Service 3.0
08-04-2014 07:53:15 Installed Rapport
09-04-2014 08:03:53 Software Distribution Service 3.0
10-04-2014 08:02:12 Software Distribution Service 3.0
10-04-2014 10:00:14 Software Distribution Service 3.0
11-04-2014 10:10:06 System Checkpoint
11-04-2014 10:19:01 Software Distribution Service 3.0
12-04-2014 17:24:29 Software Distribution Service 3.0
13-04-2014 09:08:04 Software Distribution Service 3.0
13-04-2014 17:21:02 Software Distribution Service 3.0
14-04-2014 17:20:46 Software Distribution Service 3.0
15-04-2014 17:19:34 Software Distribution Service 3.0
16-04-2014 17:21:42 Software Distribution Service 3.0
17-04-2014 17:19:47 Software Distribution Service 3.0
18-04-2014 17:18:28 Software Distribution Service 3.0
19-04-2014 17:17:04 Software Distribution Service 3.0
20-04-2014 09:08:33 Software Distribution Service 3.0
20-04-2014 17:16:26 Software Distribution Service 3.0
21-04-2014 17:15:41 Software Distribution Service 3.0
22-04-2014 17:13:14 Software Distribution Service 3.0
23-04-2014 17:13:08 Software Distribution Service 3.0
24-04-2014 17:38:59 System Checkpoint
25-04-2014 16:38:58 Software Distribution Service 3.0
26-04-2014 16:35:18 Software Distribution Service 3.0
27-04-2014 08:53:28 Software Distribution Service 3.0
27-04-2014 16:34:09 Software Distribution Service 3.0
28-04-2014 00:24:45 Installed Rapport
29-04-2014 00:34:41 Software Distribution Service 3.0
30-04-2014 00:34:24 Software Distribution Service 3.0
01-05-2014 00:53:41 System Checkpoint
01-05-2014 08:59:54 Software Distribution Service 3.0
02-05-2014 09:00:44 Software Distribution Service 3.0
03-05-2014 08:58:01 Software Distribution Service 3.0
03-05-2014 10:00:25 Software Distribution Service 3.0
04-05-2014 09:10:22 Software Distribution Service 3.0
05-05-2014 10:21:40 System Checkpoint
05-05-2014 10:27:23 Software Distribution Service 3.0
06-05-2014 10:26:46 Software Distribution Service 3.0
07-05-2014 03:49:00 Installed Windows Media Player 11
07-05-2014 03:53:25 Installed Windows XP MSCompPackV1.
08-05-2014 04:09:53 System Checkpoint
08-05-2014 05:16:57 Software Distribution Service 3.0
09-05-2014 05:16:04 Software Distribution Service 3.0
09-05-2014 19:15:57 Installed Java 7 Update 55
10-05-2014 19:49:20 System Checkpoint
11-05-2014 03:37:32 Software Distribution Service 3.0
11-05-2014 08:44:56 Software Distribution Service 3.0
12-05-2014 05:30:56 Software Distribution Service 3.0
13-05-2014 05:30:06 Software Distribution Service 3.0
14-05-2014 05:29:41 Software Distribution Service 3.0
14-05-2014 10:00:14 Software Distribution Service 3.0
15-05-2014 05:28:47 Software Distribution Service 3.0
15-05-2014 20:09:07 Installed Rapport

==================== Hosts content: ==========================

2004-08-04 05:00 - 2004-08-04 05:00 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1960408961-602609370-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1960408961-602609370-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-1960408961-602609370-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-1960408961-602609370-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe

==================== Loaded Modules (whitelisted) =============

2012-05-20 12:04 - 2014-05-15 13:15 - 01404120 _____ () C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2013-12-24 17:50 - 2011-01-27 01:33 - 00026624 _____ () C:\WINDOWS\system32\ssb7mlm.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-11-02 00:26 - 2011-11-02 00:26 - 01242472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2010-07-04 14:32 - 2010-07-04 14:32 - 00004608 _____ () C:\Program Files\Unlocker\UnlockerHook.dll
2011-08-10 19:34 - 2010-10-09 16:27 - 03827200 _____ () C:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ffdshow.ax
2012-06-27 15:09 - 2012-06-27 15:09 - 00557056 _____ () C:\Program Files\Trusteer\Rapport\bin\js32.dll
2010-07-04 12:51 - 2010-07-04 12:51 - 00017408 _____ () C:\Program Files\Unlocker\UnlockerAssistant.exe
2010-12-17 19:12 - 2010-12-17 19:12 - 00332288 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2010-12-17 19:13 - 2010-12-17 19:13 - 00049664 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2013-03-06 02:21 - 2013-03-06 02:21 - 00039056 _____ () C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
2011-01-17 17:19 - 2004-01-01 01:26 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-05-09 13:36 - 2014-05-09 13:37 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-05-14 10:26 - 2014-05-14 10:26 - 16361136 _____ () C:\WINDOWS\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/15/2014 01:09:07 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Rapport -- Error 1704. An installation for Adobe Reader X (10.1.10) is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?

Error: (05/10/2014 10:18:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mpc-hc.exe, version 1.4.2677.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (05/10/2014 09:21:02 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10502.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (04/20/2014 04:54:36 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10502.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/31/2014 11:42:44 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: EventType mptelemetry, P1 80070490, P2 remediation, P3 remediationfailuretelemetry, P4 1.1.10401.0, P5 mpengine, P6 0, P7 unspecified, P8 NIL, P9 mptelemetry0, P10 mptelemetry1.

Error: (03/30/2014 00:37:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mpc-hc.exe, version 1.4.2677.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/30/2014 00:34:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mpc-hc.exe, version 1.4.2677.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/30/2014 00:31:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Hanging application mpc-hc.exe, version 1.4.2677.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (03/16/2014 05:49:54 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application MsMpEng.exe, version 4.4.304.0, faulting module mpengine.dll, version 1.1.10302.0, fault address 0x000aaa84.
Error in creating result PEAP-TLV in response to received PEAP-TLV (MsMpEng.exe!ld!)

Error: (03/12/2014 08:30:22 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: Faulting application MsMpEng.exe, version 4.4.304.0, faulting module mpengine.dll, version 1.1.10302.0, fault address 0x000aaa84.
Error in creating result PEAP-TLV in response to received PEAP-TLV (MsMpEng.exe!ld!)


System errors:
=============
Error: (05/16/2014 02:37:01 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (05/16/2014 02:36:33 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (05/16/2014 02:27:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (05/16/2014 02:26:35 AM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (05/15/2014 10:26:02 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (05/15/2014 10:16:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (05/15/2014 10:16:04 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (05/15/2014 10:12:15 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.

Error: (05/15/2014 10:02:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The SessionLauncher service failed to start due to the following error:
%%2

Error: (05/15/2014 10:02:17 PM) (Source: Microsoft Antimalware) (EventID: 2041) (User: )
Description: The support for your operating system has expired. Running %%860 on an out of support operating system is not an adequate solution to protect against threats.


Microsoft Office Sessions:
=========================
Error: (05/15/2014 01:09:07 PM) (Source: MsiInstaller) (EventID: 11704) (User: NT AUTHORITY)
Description: Product: Rapport -- Error 1704. An installation for Adobe Reader X (10.1.10) is currently suspended. You must undo the changes made by that installation to continue. Do you want to undo those changes?(NULL)(NULL)(NULL)

Error: (05/10/2014 10:18:54 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mpc-hc.exe1.4.2677.0hungapp0.0.0.000000000

Error: (05/10/2014 09:21:02 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10502.0mpengine0unspecifiedNILNILNIL

Error: (04/20/2014 04:54:36 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10502.0mpengine0unspecifiedNILNILNIL

Error: (03/31/2014 11:42:44 PM) (Source: MPSampleSubmission) (EventID: 5000) (User: )
Description: mptelemetry80070490remediationremediationfailuretelemetry1.1.10401.0mpengine0unspecifiedNILNILNIL

Error: (03/30/2014 00:37:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mpc-hc.exe1.4.2677.0hungapp0.0.0.000000000

Error: (03/30/2014 00:34:23 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mpc-hc.exe1.4.2677.0hungapp0.0.0.000000000

Error: (03/30/2014 00:31:56 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: mpc-hc.exe1.4.2677.0hungapp0.0.0.000000000

Error: (03/16/2014 05:49:54 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: MsMpEng.exe4.4.304.0mpengine.dll1.1.10302.0000aaa84

Error: (03/12/2014 08:30:22 PM) (Source: Application Error) (EventID: 1004) (User: )
Description: MsMpEng.exe4.4.304.0mpengine.dll1.1.10302.0000aaa84


==================== Memory info ===========================

Percentage of memory in use: 91%
Total physical RAM: 1023.48 MB
Available physical RAM: 85.73 MB
Total Pagefile: 2459.74 MB
Available Pagefile: 1624.27 MB
Total Virtual: 2047.88 MB
Available Virtual: 1951.63 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:260.86 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive d: (Data) (Fixed) (Total:149.04 GB) (Free:142.08 GB) NTFS
Drive e: (BFII_1) (CDROM) (Total:0.66 GB) (Free:0 GB) CDFS
Drive g: (TOSHIBA EXT) (Fixed) (Total:931.51 GB) (Free:330.29 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 16F5C76E)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 149 GB) (Disk ID: C007C007)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or Vista) (Size: 932 GB) (Disk ID: 1F4E8F77)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#3 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 16 May 2014 - 04:56 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

 

 

 

 

You told us that you removed several items with Malwarebytes´ Antimalware. This tool creates a log on every run and we need to see them.


  • The logs can be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Zip any and all of these logs and attach the file to your next reply.


Edited by TB-Psychotic, 16 May 2014 - 04:57 AM.

Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#4 snoopy24

snoopy24
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 16 May 2014 - 09:10 PM

I will run the first process but iam afraid some of my malewarebytes files may be gone, I had to wipe my computer after the scan and removal my computer barley worked and that was the only course of action I could think of, it worked better after that but it was never quite the same as I think some software was damaged or removed and again lately i have the freezing problem, but I will include the logs I currently have.



#5 snoopy24

snoopy24
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 17 May 2014 - 03:32 AM

question will a fixlist for my Frst scan work, I was hoping thats all I was needing??



#6 snoopy24

snoopy24
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 18 May 2014 - 12:16 AM

So I ran the Gmer scan exactly as you told me and it shut down my computer by bringing it to a blue screen where I then had to restart my computer. What do I do now???



#7 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 20 May 2014 - 02:23 AM

Please reboot and try again. If it fails another time, skip gmer and do the following instrad:

 

 

Scan with aswMBR

Please download aswMBR ( 4.5MB ) to your desktop.

  • Double click the aswMBR.exe icon, and click Run.
  • There will be a short delay before the next dialog box comes up. Please just wait a minute or two.
  • When asked if you'd like to "download the latest Avast! virus definitions", click Yes.
  • Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.
  • Click the Scan button to start the scan once the update has finished downloading
  • On completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply.

Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record).

 

 

Please post the MBAM logs as requested.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#8 snoopy24

snoopy24
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 20 May 2014 - 10:55 PM

Here are My scan results from aswMBR

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2014-05-20 01:33:36
-----------------------------
01:33:36.781    OS Version: Windows 5.1.2600 Service Pack 3
01:33:36.781    Number of processors: 1 586 0x2F00
01:33:36.781    ComputerName: GEOFF  UserName: G
01:33:41.890    Initialize success
01:38:34.500    AVAST engine defs: 14052001
01:48:15.875    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000006f
01:48:15.875    Disk 0 Vendor: WDC_WD5000AAKB-00H8A0 05.04E05 Size: 476940MB BusType: 3
01:48:15.875    Disk 1  \Device\Harddisk1\DR1 -> \Device\00000072
01:48:15.875    Disk 1 Vendor: ST3160812AS 2AAA Size: 152627MB BusType: 3
01:48:15.875    Device \Driver\nvatabus -> MajorFunction 86d991e8
01:48:15.890    Disk 0 MBR read successfully
01:48:15.890    Disk 0 MBR scan
01:48:16.625    Disk 0 Windows XP default MBR code
01:48:16.656    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS       476937 MB offset 63
01:48:17.359    Disk 0 scanning sectors +976768065
01:48:17.796    Disk 0 scanning C:\WINDOWS\system32\drivers
01:49:00.843    Service scanning
01:49:38.421    Service MpKslc56517aa c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AD36A8DD-5CC6-4C0F-BEB5-EB73A8E1B6A8}\MpKslc56517aa.sys **LOCKED** 32
01:49:59.937    Modules scanning
01:50:13.921    Disk 0 trace - called modules:
01:50:13.937    ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x86d991e8]<<
01:50:13.937    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d61ab8]
01:50:13.937    3 CLASSPNP.SYS[f767cfd7] -> nt!IofCallDriver -> \Device\00000071[0x86d14b98]
01:50:13.937    5 ACPI.sys[f73d8620] -> nt!IofCallDriver -> \Device\0000006f[0x86c8f030]
01:50:13.937    \Driver\nvatabus[0x86d0fb38] -> IRP_MJ_CREATE -> 0x86d991e8
01:50:16.609    AVAST engine scan C:\WINDOWS
01:50:44.828    AVAST engine scan C:\WINDOWS\system32
01:55:46.406    AVAST engine scan C:\WINDOWS\system32\drivers
01:56:15.687    AVAST engine scan C:\Documents and Settings\G
02:16:32.859    AVAST engine scan C:\Documents and Settings\All Users
02:21:06.062    Scan finished successfully
05:18:06.031    Disk 0 MBR has been saved successfully to "C:\Documents and Settings\G\Desktop\MBR.dat"
05:18:06.031    The log file has been saved successfully to "C:\Documents and Settings\G\Desktop\aswMBR.txt"

 



#9 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 21 May 2014 - 04:30 AM

Again, please post the MBAM logs as requested. I cannot help you properly without knwoing what was removed.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#10 snoopy24

snoopy24
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 21 May 2014 - 03:19 PM

As I have already explained I don't have them, I followed your instructions and I have no log files. I don't know why. Is there any other way to find out what I am missing???



#11 snoopy24

snoopy24
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 22 May 2014 - 12:00 AM

I've noticed my computer mainly freezes when trying to access a media file or opening folders. Really need help with the freezing issue please.



#12 snoopy24

snoopy24
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 22 May 2014 - 12:02 AM

POSTED BELOW ARE THE ONLY TO LOGS I STILL HAVE.

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.05.09.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
G :: GEOFF [administrator]

09/05/2014 12:28:52 PM
mbam-log-2014-05-09 (12-28-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 245095
Time elapsed: 35 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 12
C:\Documents and Settings\G\Local Settings\Temp\nsa7B1.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\G\Local Settings\Temp\nsi916.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\G\Local Settings\Temp\nsm7B4.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\G\Local Settings\Temp\nsn7BD.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\G\Local Settings\Temp\nsu7B9.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\G\Local Settings\Temp\nsw7C0.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\G\Local Settings\Temp\nsy7AE.exe (PUP.Optional.SearchProtect.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\G\Local Settings\Temp\utt79B.tmp.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\G\Local Settings\Temp\DTLite4453-0297.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Documents and Settings\G\Local Settings\Temporary Internet Files\Content.IE5\0TX0N79Z\spstub[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\G\Local Settings\Temporary Internet Files\Content.IE5\WS4UX0VX\SPSetup[1].exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Documents and Settings\G\Local Settings\TempDIR\BetterInstaller.exe (PUP.Optional.BundleInstaller) -> Quarantined and deleted successfully.

(end)
 

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.05.09.11

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
G :: GEOFF [administrator]

15/05/2014 1:12:04 PM
mbam-log-2014-05-15 (13-12-04).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 446906
Time elapsed: 1 hour(s), 54 minute(s), 26 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\G\Local Settings\Temp\CT3318857 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 5
C:\Documents and Settings\G\Desktop\deviance\KeyGen\dev-cod.exe (RiskWare.Tool.CK) -> No action taken.
C:\Documents and Settings\G\My Documents\Downloads\Nero 7.10.1.0\Keygen.exe (RiskWare.Tool.CK) -> No action taken.
C:\System Volume Information\_restore{936E97FE-4E13-43CF-A683-4702738EF461}\RP1199\A2783376.exe (PUP.Optional.Installcore) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{936E97FE-4E13-43CF-A683-4702738EF461}\RP1199\A2783377.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Documents and Settings\G\Local Settings\Temp\CT3318857\ddt.csf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)
 



#13 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 22 May 2014 - 06:40 AM

Your logs show obvious signs of having cracked software on your system. This is the main reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Referring to the Forum Rules which you should have read at the time of Registering at this forum, this forum does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine

Having said that we can help you clean your machine this time BUT this would be a ONCE ONLY offer on the understanding that all cracks are removed. This would apply not only here but at many other Malware Support forums if you were to appear again with cracks onboard, as many of us analysts work at multiple support sites. Please remove all cracked software and illegally obtained copyrighted material you have on the system so we may continue with the clean up.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)

#14 snoopy24

snoopy24
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 22 May 2014 - 10:41 PM

Thank you very much for letting me know I have that on my computer my former roommate about a year ago used to download things all the time, I wasn't aware it was illegal software he was downloading. I haven't been through my programs list or my computer since he moved out, I will of course identify and remove it immediately, I can assure you it wont happen again. I was curious too know what those two things were in my Mbam I kept ignoring them because I didn't know what they were and thought they may be important I will remove them immediately.

 

Thank you for helping me



#15 TB-Psychotic

TB-Psychotic

  • Malware Response Team
  • 6,349 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:46 AM

Posted 23 May 2014 - 04:23 AM

Add-/remove programms

Click on start-->control panel.

Vista/7: Open Programs and Features
XP: Open add/remove programs

Search for and remove the following programs

QuickStores-Toolbar 1.1.0

µTorrent

 

 

 

Combofix

Download ComboFix from one of these locations:

Link 1
Link 2


* IMPORTANT- Save ComboFix.exe to your Desktop

====================================================


Disable your AntiVirus and AntiSpyware applications as they will interfere with our tools and the removal. If you are unsure how to do this, please refer to our sticky topic How to disable your security applications


====================================================


Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


RC_update.png


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


cfRC_screen_2.png


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.

Close the window.


Proud Member of UNITE & TB
 
My help is free, however, if you want to support my fight against malware, click here --> btn_donate_SM.gif <--(no worries, every little bit helps)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users