Author Topic: [Inactive] strange symptoms and errors with recent registry restoration  (Read 6432 times)

Offline whatiswrong

  • Bronze Member
  • Posts: 27
Hi.
There may be several things going on with my computer, as the symptoms have been snowballing for about eight months.  Three days ago, I rebooted and got a notice that my registry had to be restored.  The computer is  very slow, clicking while on the internet is sometimes non-responsive, sometimes the cursor jumps all over the screen, two days ago 27 windows of the same site began to open and I could not control what was happening, and I haven't been able to run a defrag in a year because chkdsk needs to run first.  when I run checkdsk, I still cannot run a defrag.  My internet favorites reorganized themselves, and I get error messages that state that there is no disck in the e:drive and I can't make them go away easily.  I wasn't tryin to use the e: drive.  Does this sound like maleware? 

Anything you can lend will be appreciated.



Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27043
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: strange symptoms and errors with recent registry restoration
« Reply #1 on: December 09, 2013, 10:58:22 AM »
Well there are several possibilities. First is that your harddrive can be failing in sections. Second is that you are infected as you suggest. Third, your harddrives computer card could be causing issues. There is something I can look at to narrow it down a bit. I need a look at your event viewer logs. The instructions below are for windows 7 and vista. If you are using XP the instructions are similar but you will be saving them as EVT files.

I need you to go to the administration tools in Vista / Windows 7. They are in the Control Panel. Open the Admin tools, then open the event viewer. Over on the left hand side expand the window category and then click on  System. Then up at the top click on Action and then click on Save Events As, type in system as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Over on the left hand side and click on Application. Then up at the top click on Action and then click on Save Events As, type in application as the file name,  make sure file type EVTX is selected, and then navigate so it will save the file to your desktop, then click save. Zip them both up into a single zip file, post them back here in your next reply as attachments.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline whatiswrong

  • Bronze Member
  • Posts: 27
Re: strange symptoms and errors with recent registry restoration
« Reply #2 on: December 10, 2013, 01:11:59 AM »
Hi Hoov.
Huge thanks for your directions. 

Please note that I AM running Windows XP (SP3), so these are EVT, but I assumed that "save log file as" was what you wanted here, as there was nothing in actions titled "save events as." 

If I have done this incorrectly, please let me know.

Many thanks.

Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27043
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: strange symptoms and errors with recent registry restoration
« Reply #3 on: December 10, 2013, 07:38:58 AM »
I am going to move this over to the malware removal forum. Your logs have a few entries, but nothing indicative of the problems you are describing.
Before we get to cleaning your computer I must ask you to do a few things for me.

First, tell me everything that you have done (other than what you have told me already), if anything, to try and fix this problem.Also tell me any other problems you are having, no matter how small or long you have been dealing with them.

Second, please only use 1 forum to help clear up your problem. Posting on more than 1 and following instructions from more than 1 forum will cause those helping you to pull out thier hair.

Third, follow my instructions - If you can't for some reason, or if you don't understand something, please tell me. If you deviate from my instructions, tell me, it may make a difference on where we go.

Fourth, Have faith. I will do all I can to get your computer working, and if I can't - someone else here will know something else to try.

Fifth, if we start this fix, I need you to stick with me until the end. Just because your computer is running better does not mean it is fixed.

Before we start trying to fix your computer, you need to make sure your data is backed up.

One last thing, I need you to tell me if this computer belongs to a school or to a company or orginization of some kind. If it does, please let me know. Also tell me if there is an IT department responsible for this computer.

Now onto trying to fix your computer.


We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Please copy and paste both logs into your next response. You may need more than one response.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet. 

Information on A/V control HERE

Please run ccleaner to remove temporary files from your system, and to improve the scanning time of the other scans we may be running. Then please run Malwarebytes'' Anti-Malware to check for malware. Both sets of instructions are below

1.Download and scan with CCleaner
When you get to the website, there is a dark grey box on the left side with two tabs along the top. Inside this Dark Grey box is a light grey box. Below that light grey box is where the download links are at. The pay amount is for paid support.
2. Before first use, select Options > Advanced and UNCHECK "Only delete files in Windows Temp folder older than 48 hours"
3. Then select the items you wish to clean up.
In the Windows Tab:

    • Clean all entries in the "Internet Explorer" section except Cookies if you want to keep those.
    • Clean all the entries in the "Windows Explorer" section.
    • Clean all entries in the "System" section.
    • Clean all entries in the "Advanced" section.
    • Clean any others that you choose.


    In the Applications Tab
      • Clean all except cookies in the Firefox/Mozilla section if you use it.
      • Clean all in the Opera section if you use it.
      • Clean Sun Java in the Internet Section.
      • Clean any others that you choose.


      4. Click the "Run Cleaner" button.
      5. A pop up box will appear advising this process will permanently delete files from your system.
      6. Click "OK" and it will scan and clean your system.
      7. Click "exit" when done.


      Please download Malwarebytes Anti-Malware and save it to your desktop.
      alternate download link 1
      alternate download link 2

      MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot''s Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
      • Make sure you are connected to the Internet.
      • Double-click on mbam-setup.exe to install the application.
      • When the installation begins, follow the prompts and do not make any changes to default settings.
      • When installation has finished, make sure you leave both of these checked:
        • Update Malwarebytes'' Anti-Malware
        • Launch Malwarebytes'' Anti-Malware
        • Then click Finish.
        MBAM will automatically start and you will be asked to update the program before performing a scan.
        • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
        • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
        On the Scanner tab:
        • Make sure the "Perform Quick Scan" option is selected.
        • Then click on the Scan button.
        • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
        • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
        • When the scan is finished, a message box will say "The scan completed successfully. Click ''Show Results'' to display all objects found".
        • Click OK to close the message box and continue with the removal process.
        Back at the main Scanner screen:
        • Click on the Show Results button to see a list of any malware that was found.
        • Make sure that everything is checked, and click Remove Selected.
        • When removal is completed, a log report will open in Notepad.
        • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
        • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM''s database version and your operating system.
        • Exit MBAM when done.
        Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.

        Former Consumer Security MVP
        2011-2014

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline whatiswrong

        • Bronze Member
        • Posts: 27
        Re: [In Progress] strange symptoms and errors with recent registry restoration
        « Reply #4 on: December 10, 2013, 03:55:05 PM »
        Hi Hoov.
        This computer is owned by me and there is no IT team. 

        I backed up everything important, including my drivers

        Chkdsk has been an issue for almost 2 years.
        I troubleshot that issue a long time ago (via google), and was able to get it to respond by runing chkdsk /r, but that only worked a few times and is no longer a work-around.  That is the only thing I have tried to remedy my inability to run a defrag, and it is still an issue.

        OTHER PROBLEMS:
        Cursor wanders across page while I am reading
        Clicking on a link and cursor jumps away or does not respond
        occasional flicking screens on certain sites
        six to ten second delay between screens on internet
        non-responsive clicking when browsing the web
        Errors on bootup about some kind of entry point
        errors on bootup about missinng files for Itunes
        impassable errors about no disc in the E drive - wasn't trying to use the e drive
        and most recently - uncontrollable multiple windows opening of the same site
        Adobe PS6 help (and I didn't choose to go to that site, it just opened and started multiplying)

        The above issues have been snowballing and I have done nothing to try to remedy them.  the final straw was the multiple windows of the same site opening without my request.

        I am now going to go carry out the CCleaner through MBAM directions you gave me.  Meanwhile, the DDS Notepad info is below.

        Thanks Hoov.

        DDS NOTEPAD FILES:

        DDS (Ver_2012-11-20.01) - NTFS_x86
        Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.45.2
        Run by Woof at 15:32:42 on 2013-12-10
        Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3069.2257 [GMT -6:00]
        .
        AV: Trend Micro Titanium Internet Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
        .
        ============== Running Processes ================
        .
        C:\WINDOWS\system32\spoolsv.exe
        C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
        C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiWatchDog.exe
        C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe
        C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
        C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
        C:\Program Files\Bonjour\mDNSResponder.exe
        C:\Program Files\Java\jre7\bin\jqs.exe
        C:\WINDOWS\system32\nvsvc32.exe
        C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
        C:\WINDOWS\system32\PnkBstrA.exe
        C:\WINDOWS\system32\PnkBstrB.exe
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
        C:\WINDOWS\System32\alg.exe
        C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
        C:\WINDOWS\Explorer.EXE
        C:\WINDOWS\RTHDCPL.EXE
        C:\Program Files\EPSON\Creativity Suite\Event Manager\EEventManager.exe
        C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy.exe
        C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
        C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
        C:\WINDOWS\system32\RunDLL32.exe
        C:\WINDOWS\OEM03Mon.exe
        C:\Program Files\Box Sync\BoxSyncHelper.exe
        C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
        C:\Program Files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe
        C:\Program Files\Common Files\Java\Java Update\jusched.exe
        C:\Program Files\iTunes\iTunesHelper.exe
        C:\WINDOWS\system32\ctfmon.exe
        C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
        C:\Program Files\Messenger\msmsgs.exe
        C:\Program Files\Skype\Phone\Skype.exe
        C:\Program Files\iPod\bin\iPodService.exe
        C:\Program Files\Box Sync\BoxSync.exe
        C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
        C:\Documents and Settings\Woof\Application Data\Dropbox\bin\Dropbox.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\WinZip\WZQKPICK32.EXE
        C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\Program Files\Internet Explorer\iexplore.exe
        C:\WINDOWS\system32\wbem\wmiprvse.exe
        C:\WINDOWS\System32\svchost.exe -k netsvcs
        C:\WINDOWS\system32\svchost.exe -k NetworkService
        C:\WINDOWS\system32\svchost.exe -k LocalService
        C:\WINDOWS\system32\svchost.exe -k LocalService
        C:\WINDOWS\system32\svchost.exe -k imgsvc
        .
        ============== Pseudo HJT Report ===============
        .
        uStart Page = hxxp://www.google.com/
        uSearch Bar = hxxp://www.google.com/ie
        uSearch Page = hxxp://www.google.com
        uDefault_Search_URL = hxxp://www.google.com/ie
        uSearchAssistant = hxxp://www.google.com/ie
        uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
        BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -
        BHO: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll
        BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
        BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
        BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
        BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
        BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.9012.1008\swg.dll
        BHO: TmBpIeBHO Class: {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
        BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
        BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
        TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
        TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
        TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
        TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
        uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
        uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
        uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
        uRun: [Evecpoqac] "c:\documents and settings\woof\application data\qirif\idok.exe"
        uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
        mRun: [RTHDCPL] RTHDCPL.EXE
        mRun: [Alcmtr] ALCMTR.EXE
        mRun: [EEventManager] c:\program files\epson\creativity suite\event manager\EEventManager.exe
        mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop elements 4.0\apdproxy.exe"
        mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
        mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
        mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
        mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
        mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
        mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
        mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
        mRun: [Trend Micro Client Framework] "c:\program files\trend micro\uniclient\uifrmwrk\UIWatchDog.exe"
        mRun: [Trend Micro Titanium] c:\program files\trend micro\titanium\uiframework\uiWinMgr.exe -set Silent "1" SplashURL ""
        mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
        mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
        mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
        mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
        mRun: [amd_dc_opt] c:\program files\amd\dual-core optimizer\amd_dc_opt.exe
        mRun: [OEM03Mon.exe] c:\windows\OEM03Mon.exe
        mRun: [BoxSyncHelper] "c:\program files\box sync\BoxSyncHelper.exe"
        mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
        mRun: [SwitchBoard] c:\program files\common files\adobe\switchboard\SwitchBoard.exe
        mRun: [AdobeCS6ServiceManager] "c:\program files\common files\adobe\cs6servicemanager\CS6ServiceManager.exe" -launchedbylogin
        mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 10.0\acrobat\Acrobat_sl.exe"
        mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 10.0\acrobat\Acrotray.exe"
        mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
        mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
        mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
        StartupFolder: c:\docume~1\woof\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\woof\application data\dropbox\bin\Dropbox.exe
        StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\boxsyn~1.lnk - c:\program files\box sync\BoxSync.exe
        StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.8.130\SSScheduler.exe
        StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK32.EXE
        uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
        mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
        mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
        IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
        IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
        IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
        IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
        IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
        IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
        IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
        IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
        IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
        IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
        DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
        DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
        DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1357943712823
        TCP: NameServer = 192.168.1.1
        TCP: Interfaces\{A8008E39-983F-41AF-9345-391E6DA871C4} : DHCPNameServer = 192.168.1.1
        Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
        Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - c:\program files\trend micro\amsp\module\20002\6.6.1010\6.6.1010\TmBpIe32.dll
        Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - c:\program files\trend micro\amsp\module\20004\1.5.1464\6.6.1077\TmIEPlg.dll
        SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
        mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
        .
        ================= FIREFOX ===================
        .
        FF - ProfilePath - c:\documents and settings\woof\application data\mozilla\firefox\profiles\6nevyhe3.default\
        FF - plugin: c:\program files\adobe\acrobat 10.0\acrobat\air\nppdf32.dll
        FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
        FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
        FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
        FF - plugin: c:\program files\java\jre7\bin\dtplugin\npdeployJava1.dll
        FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
        FF - plugin: c:\program files\mcafee security scan\3.8.130\npMcAfeeMSS.dll
        FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
        FF - plugin: c:\program files\mozilla firefox\plugins\npRLCT4Player.dll
        FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
        .
        ============= SERVICES / DRIVERS ===============
        .
        R2 Amsp;Trend Micro Solution Platform;c:\program files\trend micro\amsp\coreServiceShell.exe [2011-9-30 196320]
        R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\common files\intuit\update service v4\IntuitUpdateService.exe [2012-8-23 13672]
        R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-9-30 64784]
        R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [2008-12-24 80256]
        R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [2008-12-16 70016]
        R3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\drivers\OEM03Afx.sys [2013-4-16 141376]
        R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [2013-4-16 7424]
        R3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [2013-4-16 235808]
        R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [2013-3-23 31616]
        S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
        S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
        S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.8.130\McCHSvc.exe [2013-9-6 235216]
        S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [2008-8-21 18688]
        S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [2008-8-21 8320]
        S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
        S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
        S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
        .
        =============== Created Last 30 ================
        .
        2013-12-10 06:49:23   --------   d-----w-   c:\documents and settings\woof\local settings\application data\WinZip
        2013-11-20 13:49:23   --------   d-----w-   c:\program files\iPod
        2013-11-20 13:49:19   --------   d-----w-   c:\program files\iTunes
        2013-11-20 13:49:19   --------   d-----w-   c:\documents and settings\all users\application data\188F1432-103A-4ffb-80F1-36B633C5C9E1
        .
        ==================== Find3M  ====================
        .
        2013-11-13 23:45:51   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
        2013-11-13 23:45:51   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
        2013-10-13 07:25:38   920064   ----a-w-   c:\windows\system32\wininet.dll
        2013-10-13 07:25:08   43520   ----a-w-   c:\windows\system32\licmgr10.dll
        2013-10-13 07:25:02   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
        2013-10-13 07:24:17   18944   ----a-w-   c:\windows\system32\corpol.dll
        2013-10-13 06:57:59   385024   ----a-w-   c:\windows\system32\html.iec
        2013-10-12 15:56:19   278528   ----a-w-   c:\windows\system32\oakley.dll
        2013-10-09 13:12:48   287744   ----a-w-   c:\windows\system32\gdi32.dll
        2013-10-08 12:50:41   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
        2013-10-08 12:29:36   145408   ----a-w-   c:\windows\system32\javacpl.cpl
        2013-10-07 10:59:21   603136   ----a-w-   c:\windows\system32\crypt32.dll
        2013-10-05 01:14:01   7168   ----a-w-   c:\windows\system32\xpsp4res.dll
        .
        ============= FINISH: 15:33:23.83 ===============

        .
        UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
        IF REQUESTED, ZIP IT UP & ATTACH IT
        .
        DDS (Ver_2012-11-20.01)
        .
        Microsoft Windows XP Professional
        Boot Device: \Device\HarddiskVolume1
        Install Date: 12/27/2010 1:37:41 PM
        System Uptime: 12/5/2013 7:13:41 PM (116 hours ago)
        .
        Motherboard: Dell Inc |  | 0PP150
        Processor: Intel(R) Core(TM)2 Quad CPU    Q6600  @ 2.40GHz | Socket 775 | 2399/1066mhz
        .
        ==== Disk Partitions =========================
        .
        C: is FIXED (NTFS) - 233 GiB total, 103.869 GiB free.
        D: is CDROM ()
        E: is CDROM (CDFS)
        F: is FIXED (NTFS) - 932 GiB total, 865.409 GiB free.
        G: is FIXED (FAT32) - 931 GiB total, 650.746 GiB free.
        .
        ==== Disabled Device Manager Items =============
        .
        ==== System Restore Points ===================
        .
        RP577: 9/12/2013 1:19:50 AM - System Checkpoint
        RP578: 9/12/2013 3:00:23 AM - Software Distribution Service 3.0
        RP579: 9/13/2013 3:00:26 AM - Software Distribution Service 3.0
        RP580: 9/14/2013 3:13:43 AM - System Checkpoint
        RP581: 9/15/2013 3:14:25 AM - System Checkpoint
        RP582: 9/15/2013 6:36:14 PM - Restore Operation
        RP583: 9/16/2013 10:10:53 PM - System Checkpoint
        RP584: 9/17/2013 10:29:22 PM - System Checkpoint
        RP585: 9/18/2013 10:46:49 PM - System Checkpoint
        RP586: 9/19/2013 11:21:33 PM - System Checkpoint
        RP587: 9/21/2013 12:21:49 AM - System Checkpoint
        RP588: 9/22/2013 2:08:08 AM - System Checkpoint
        RP589: 9/23/2013 2:21:30 AM - System Checkpoint
        RP590: 9/24/2013 3:21:25 AM - System Checkpoint
        RP591: 9/25/2013 2:47:51 AM - Removed Java 7 Update 15
        RP592: 9/25/2013 2:48:16 AM - Installed Java 7 Update 40
        RP593: 9/26/2013 3:01:41 AM - System Checkpoint
        RP594: 9/27/2013 3:10:58 AM - System Checkpoint
        RP595: 9/28/2013 3:37:54 AM - System Checkpoint
        RP596: 9/29/2013 5:15:36 AM - System Checkpoint
        RP597: 9/30/2013 5:37:23 AM - System Checkpoint
        RP598: 10/1/2013 6:37:37 AM - System Checkpoint
        RP599: 10/5/2013 6:24:25 PM - System Checkpoint
        RP600: 10/6/2013 9:26:24 PM - System Checkpoint
        RP601: 10/7/2013 10:12:31 PM - System Checkpoint
        RP602: 10/8/2013 11:23:27 PM - System Checkpoint
        RP603: 10/9/2013 3:00:21 AM - Software Distribution Service 3.0
        RP604: 10/10/2013 3:57:33 AM - System Checkpoint
        RP605: 10/11/2013 4:15:25 AM - System Checkpoint
        RP606: 10/15/2013 8:37:03 PM - System Checkpoint
        RP607: 10/16/2013 3:00:17 AM - Software Distribution Service 3.0
        RP608: 10/17/2013 3:38:42 AM - System Checkpoint
        RP609: 10/18/2013 4:25:07 AM - System Checkpoint
        RP610: 10/19/2013 5:24:58 AM - System Checkpoint
        RP611: 10/20/2013 6:24:58 AM - System Checkpoint
        RP612: 10/20/2013 12:06:44 PM - Installed Java 7 Update 45
        RP613: 10/21/2013 12:22:48 PM - System Checkpoint
        RP614: 10/22/2013 12:24:59 PM - System Checkpoint
        RP615: 10/23/2013 1:18:58 PM - System Checkpoint
        RP616: 10/24/2013 1:24:10 PM - System Checkpoint
        RP617: 10/24/2013 3:53:43 PM - Installed Windows XP --  Software Updates KB952011.
        RP618: 10/25/2013 4:08:54 PM - System Checkpoint
        RP619: 10/27/2013 2:17:05 AM - System Checkpoint
        RP620: 10/28/2013 2:39:44 AM - System Checkpoint
        RP621: 10/29/2013 3:39:45 AM - System Checkpoint
        RP622: 10/30/2013 4:39:15 AM - System Checkpoint
        RP623: 10/31/2013 5:39:15 AM - System Checkpoint
        RP624: 11/1/2013 6:39:17 AM - System Checkpoint
        RP625: 11/2/2013 7:39:17 AM - System Checkpoint
        RP626: 11/3/2013 7:39:20 AM - System Checkpoint
        RP627: 11/4/2013 8:39:25 AM - System Checkpoint
        RP628: 11/5/2013 10:27:22 AM - System Checkpoint
        RP629: 11/6/2013 10:37:17 AM - System Checkpoint
        RP630: 11/7/2013 10:53:33 AM - System Checkpoint
        RP631: 11/8/2013 12:22:26 PM - System Checkpoint
        RP632: 11/9/2013 12:41:57 PM - System Checkpoint
        RP633: 11/10/2013 1:41:50 PM - System Checkpoint
        RP634: 11/11/2013 2:41:49 PM - System Checkpoint
        RP635: 11/12/2013 3:25:19 PM - System Checkpoint
        RP636: 11/13/2013 3:41:44 PM - System Checkpoint
        RP637: 11/14/2013 3:00:18 AM - Software Distribution Service 3.0
        RP638: 11/15/2013 3:32:26 AM - System Checkpoint
        RP639: 11/16/2013 3:36:44 AM - System Checkpoint
        RP640: 11/17/2013 4:02:14 AM - System Checkpoint
        RP641: 11/18/2013 5:02:27 AM - System Checkpoint
        RP642: 11/19/2013 6:02:12 AM - System Checkpoint
        RP643: 11/20/2013 7:01:42 AM - System Checkpoint
        RP644: 11/21/2013 8:01:41 AM - System Checkpoint
        RP645: 11/22/2013 8:47:09 AM - System Checkpoint
        RP646: 11/23/2013 9:46:53 AM - System Checkpoint
        RP647: 11/24/2013 10:46:41 AM - System Checkpoint
        RP648: 11/25/2013 11:46:48 AM - System Checkpoint
        RP649: 11/26/2013 12:46:43 PM - System Checkpoint
        RP650: 11/27/2013 1:03:19 PM - System Checkpoint
        RP651: 11/28/2013 1:44:49 PM - System Checkpoint
        RP652: 11/29/2013 2:44:44 PM - System Checkpoint
        RP653: 11/30/2013 3:44:17 PM - System Checkpoint
        RP654: 12/1/2013 3:56:40 PM - System Checkpoint
        RP655: 12/2/2013 4:44:11 PM - System Checkpoint
        RP656: 12/3/2013 5:44:11 PM - System Checkpoint
        RP657: 12/4/2013 7:57:49 PM - System Checkpoint
        RP658: 12/5/2013 8:18:29 PM - System Checkpoint
        RP659: 12/6/2013 9:18:23 PM - System Checkpoint
        RP660: 12/8/2013 2:15:18 AM - System Checkpoint
        RP661: 12/9/2013 2:18:30 AM - System Checkpoint
        RP662: 12/10/2013 2:45:23 AM - System Checkpoint
        .
        ==== Installed Programs ======================
        .
        ABBYY FineReader 6.0 Sprint
        Adobe Acrobat X Pro - English, Français, Deutsch
        Adobe AIR
        Adobe Creative Suite 6 Design Standard
        Adobe Flash Player 11 ActiveX
        Adobe Flash Player 11 Plugin
        Adobe Help Center 2.0
        Adobe Help Manager
        Adobe Photoshop Elements 4.0
        Adobe Reader XI (11.0.04)
        Advanced Audio FX Engine
        Advanced Video FX Engine
        Age of Empires III
        Apple Application Support
        Apple Mobile Device Support
        Apple Software Update
        Batman: Arkham City™
        Bonjour
        Box Sync
        Corel Applications
        Dell Resource CD
        Dell Support Center
        DELL Webcam Center
        DELL Webcam Manager
        Dropbox
        Dual-Core Optimizer
        EPSON Attach To Email
        EPSON Copy Utility 3
        EPSON Event Manager
        EPSON Perfection V500 Photo Scanner Driver Update
        EPSON Perfection V500P User's Guide
        EPSON Scan
        EPSON Scan Assistant
        Far Cry 2
        Google Chrome
        Google Toolbar for Internet Explorer
        Google Update Helper
        High Definition Audio Driver Package - KB888111
        Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
        Hotfix for Windows XP (KB2443685)
        Hotfix for Windows XP (KB2570791)
        Hotfix for Windows XP (KB2633952)
        Hotfix for Windows XP (KB2756822)
        Hotfix for Windows XP (KB2779562)
        Hotfix for Windows XP (KB952287)
        Hotfix for Windows XP (KB954550-v5)
        Hotfix for Windows XP (KB961118)
        Hotfix for Windows XP (KB981793)
        hp deskjet 970c series
        hp deskjet 970c series (Remove only)
        iTunes
        Java 7 Update 45
        Java Auto Updater
        Live! Cam Avatar Creator
        Live! Cam Avatar v1.0
        McAfee Security Scan Plus
        Microsoft .NET Framework 2.0 Service Pack 2
        Microsoft .NET Framework 3.0 Service Pack 2
        Microsoft .NET Framework 3.5 SP1
        Microsoft .NET Framework 4 Client Profile
        Microsoft .NET Framework 4 Extended
        Microsoft Age of Empires Gold
        Microsoft Age of Empires II
        Microsoft Age of Empires II: The Conquerors Expansion
        Microsoft Compression Client Pack 1.0 for Windows XP
        Microsoft Games for Windows - LIVE Redistributable
        Microsoft Games for Windows Marketplace
        Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
        Microsoft Office 2007 Service Pack 3 (SP3)
        Microsoft Office Excel MUI (English) 2007
        Microsoft Office File Validation Add-In
        Microsoft Office Home and Student 2007
        Microsoft Office OneNote MUI (English) 2007
        Microsoft Office PowerPoint MUI (English) 2007
        Microsoft Office Proof (English) 2007
        Microsoft Office Proof (French) 2007
        Microsoft Office Proof (Spanish) 2007
        Microsoft Office Proofing (English) 2007
        Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
        Microsoft Office Shared MUI (English) 2007
        Microsoft Office Shared Setup Metadata MUI (English) 2007
        Microsoft Office Word MUI (English) 2007
        Microsoft Silverlight
        Microsoft Software Update for Web Folders  (English) 12
        Microsoft User-Mode Driver Framework Feature Pack 1.0
        Microsoft Visual C++ 2005 Redistributable
        Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
        Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
        Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
        Microsoft_VC80_CRT_x86
        Microsoft_VC90_CRT_x86
        MobileMe Control Panel
        Monitor Integrated Webcam Driver (1.00.13.0608) 
        Mount & Blade: Warband
        Mount & Blade: With Fire and Sword
        Mozilla Firefox 13.0.1 (x86 en-US)
        Mozilla Maintenance Service
        MSXML 4.0 SP2 (KB954430)
        MSXML 4.0 SP2 (KB973688)
        NetWaiting
        NirSoft BlueScreenView
        NVIDIA Control Panel 285.58
        NVIDIA Drivers
        NVIDIA Graphics Driver 285.58
        NVIDIA Install Application
        NVIDIA nView 135.95
        NVIDIA PhysX
        NVIDIA PhysX System Software 9.11.0621
        NVIDIA Update 1.5.20
        NVIDIA Update Components
        PDF Settings CS6
        Picasa 3
        PunkBuster Services
        QuickTime
        RAF
        Realtek High Definition Audio Driver
        RESIDENT EVIL 5
        Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
        Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
        Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
        Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2832407)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
        Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
        Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
        Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
        Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
        Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
        Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
        Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
        Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
        Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
        Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
        Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
        Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
        Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
        Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
        Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
        Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
        Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition
        Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition
        Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition
        Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition
        Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition
        Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition
        Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
        Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
        Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
        Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition
        Security Update for Microsoft Windows (KB2564958)
        Security Update for Windows Internet Explorer 8 (KB2416400)
        Security Update for Windows Internet Explorer 8 (KB2482017)
        Security Update for Windows Internet Explorer 8 (KB2497640)
        Security Update for Windows Internet Explorer 8 (KB2510531)
        Security Update for Windows Internet Explorer 8 (KB2544521)
        Security Update for Windows Internet Explorer 8 (KB2559049)
        Security Update for Windows Internet Explorer 8 (KB2675157)
        Security Update for Windows Internet Explorer 8 (KB2699988)
        Security Update for Windows Internet Explorer 8 (KB2722913)
        Security Update for Windows Internet Explorer 8 (KB2744842)
        Security Update for Windows Internet Explorer 8 (KB2761465)
        Security Update for Windows Internet Explorer 8 (KB2792100)
        Security Update for Windows Internet Explorer 8 (KB2797052)
        Security Update for Windows Internet Explorer 8 (KB2799329)
        Security Update for Windows Internet Explorer 8 (KB2809289)
        Security Update for Windows Internet Explorer 8 (KB2817183)
        Security Update for Windows Internet Explorer 8 (KB2829530)
        Security Update for Windows Internet Explorer 8 (KB2838727)
        Security Update for Windows Internet Explorer 8 (KB2846071)
        Security Update for Windows Internet Explorer 8 (KB2847204)
        Security Update for Windows Internet Explorer 8 (KB2862772)
        Security Update for Windows Internet Explorer 8 (KB2870699)
        Security Update for Windows Internet Explorer 8 (KB2879017)
        Security Update for Windows Internet Explorer 8 (KB2888505)
        Security Update for Windows Internet Explorer 8 (KB971961)
        Security Update for Windows Internet Explorer 8 (KB981332)
        Security Update for Windows Internet Explorer 8 (KB982381)
        Security Update for Windows Media Player (KB2378111)
        Security Update for Windows Media Player (KB2834904-v2)
        Security Update for Windows Media Player (KB2834904)
        Security Update for Windows Media Player (KB952069)
        Security Update for Windows Media Player (KB954155)
        Security Update for Windows Media Player (KB973540)
        Security Update for Windows Media Player (KB975558)
        Security Update for Windows Media Player (KB978695)
        Security Update for Windows Media Player (KB979402)
        Security Update for Windows XP (KB2079403)
        Security Update for Windows XP (KB2115168)
        Security Update for Windows XP (KB2121546)
        Security Update for Windows XP (KB2229593)
        Security Update for Windows XP (KB2259922)
        Security Update for Windows XP (KB2286198)
        Security Update for Windows XP (KB2296011)
        Security Update for Windows XP (KB2296199)
        Security Update for Windows XP (KB2347290)
        Security Update for Windows XP (KB2360937)
        Security Update for Windows XP (KB2387149)
        Security Update for Windows XP (KB2393802)
        Security Update for Windows XP (KB2412687)
        Security Update for Windows XP (KB2419632)
        Security Update for Windows XP (KB2423089)
        Security Update for Windows XP (KB2436673)
        Security Update for Windows XP (KB2440591)
        Security Update for Windows XP (KB2443105)
        Security Update for Windows XP (KB2476490)
        Security Update for Windows XP (KB2476687)
        Security Update for Windows XP (KB2478960)
        Security Update for Windows XP (KB2478971)
        Security Update for Windows XP (KB2479628)
        Security Update for Windows XP (KB2479943)
        Security Update for Windows XP (KB2481109)
        Security Update for Windows XP (KB2483185)
        Security Update for Windows XP (KB2485376)
        Security Update for Windows XP (KB2485663)
        Security Update for Windows XP (KB2503658)
        Security Update for Windows XP (KB2503665)
        Security Update for Windows XP (KB2506212)
        Security Update for Windows XP (KB2506223)
        Security Update for Windows XP (KB2507618)
        Security Update for Windows XP (KB2507938)
        Security Update for Windows XP (KB2508272)
        Security Update for Windows XP (KB2508429)
        Security Update for Windows XP (KB2509553)
        Security Update for Windows XP (KB2511455)
        Security Update for Windows XP (KB2524375)
        Security Update for Windows XP (KB2535512)
        Security Update for Windows XP (KB2536276-v2)
        Security Update for Windows XP (KB2544893-v2)
        Security Update for Windows XP (KB2544893)
        Security Update for Windows XP (KB2555917)
        Security Update for Windows XP (KB2562937)
        Security Update for Windows XP (KB2566454)
        Security Update for Windows XP (KB2567680)
        Security Update for Windows XP (KB2570222)
        Security Update for Windows XP (KB2570947)
        Security Update for Windows XP (KB2584146)
        Security Update for Windows XP (KB2585542)
        Security Update for Windows XP (KB2592799)
        Security Update for Windows XP (KB2598479)
        Security Update for Windows XP (KB2603381)
        Security Update for Windows XP (KB2618451)
        Security Update for Windows XP (KB2619339)
        Security Update for Windows XP (KB2620712)
        Security Update for Windows XP (KB2621440)
        Security Update for Windows XP (KB2624667)
        Security Update for Windows XP (KB2631813)
        Security Update for Windows XP (KB2633171)
        Security Update for Windows XP (KB2641653)
        Security Update for Windows XP (KB2646524)
        Security Update for Windows XP (KB2647518)
        Security Update for Windows XP (KB2653956)
        Security Update for Windows XP (KB2655992)
        Security Update for Windows XP (KB2659262)
        Security Update for Windows XP (KB2676562)
        Security Update for Windows XP (KB2685939)
        Security Update for Windows XP (KB2686509)
        Security Update for Windows XP (KB2691442)
        Security Update for Windows XP (KB2695962)
        Security Update for Windows XP (KB2698365)
        Security Update for Windows XP (KB2705219)
        Security Update for Windows XP (KB2707511)
        Security Update for Windows XP (KB2709162)
        Security Update for Windows XP (KB2712808)
        Security Update for Windows XP (KB2718523)
        Security Update for Windows XP (KB2719985)
        Security Update for Windows XP (KB2723135)
        Security Update for Windows XP (KB2724197)
        Security Update for Windows XP (KB2727528)
        Security Update for Windows XP (KB2731847)
        Security Update for Windows XP (KB2753842-v2)
        Security Update for Windows XP (KB2753842)
        Security Update for Windows XP (KB2757638)
        Security Update for Windows XP (KB2758857)
        Security Update for Windows XP (KB2761226)
        Security Update for Windows XP (KB2770660)
        Security Update for Windows XP (KB2778344)
        Security Update for Windows XP (KB2779030)
        Security Update for Windows XP (KB2780091)
        Security Update for Windows XP (KB2799494)
        Security Update for Windows XP (KB2802968)
        Security Update for Windows XP (KB2807986)
        Security Update for Windows XP (KB2808735)
        Security Update for Windows XP (KB2813170)
        Security Update for Windows XP (KB2813345)
        Security Update for Windows XP (KB2820197)
        Security Update for Windows XP (KB2820917)
        Security Update for Windows XP (KB2829361)
        Security Update for Windows XP (KB2834886)
        Security Update for Windows XP (KB2839229)
        Security Update for Windows XP (KB2845187)
        Security Update for Windows XP (KB2847311)
        Security Update for Windows XP (KB2849470)
        Security Update for Windows XP (KB2850851)
        Security Update for Windows XP (KB2850869)
        Security Update for Windows XP (KB2859537)
        Security Update for Windows XP (KB2862152)
        Security Update for Windows XP (KB2862330)
        Security Update for Windows XP (KB2862335)
        Security Update for Windows XP (KB2864063)
        Security Update for Windows XP (KB2868038)
        Security Update for Windows XP (KB2868626)
        Security Update for Windows XP (KB2876217)
        Security Update for Windows XP (KB2876315)
        Security Update for Windows XP (KB2876331)
        Security Update for Windows XP (KB2883150)
        Security Update for Windows XP (KB2900986)
        Security Update for Windows XP (KB923561)
        Security Update for Windows XP (KB941569)
        Security Update for Windows XP (KB946648)
        Security Update for Windows XP (KB950762)
        Security Update for Windows XP (KB950974)
        Security Update for Windows XP (KB951376-v2)
        Security Update for Windows XP (KB951748)
        Security Update for Windows XP (KB952004)
        Security Update for Windows XP (KB952954)
        Security Update for Windows XP (KB955069)
        Security Update for Windows XP (KB956572)
        Security Update for Windows XP (KB956744)
        Security Update for Windows XP (KB956802)
        Security Update for Windows XP (KB956803)
        Security Update for Windows XP (KB956844)
        Security Update for Windows XP (KB958644)
        Security Update for Windows XP (KB958869)
        Security Update for Windows XP (KB959426)
        Security Update for Windows XP (KB960225)
        Security Update for Windows XP (KB960803)
        Security Update for Windows XP (KB960859)
        Security Update for Windows XP (KB961501)
        Security Update for Windows XP (KB969059)
        Security Update for Windows XP (KB970238)
        Security Update for Windows XP (KB970430)
        Security Update for Windows XP (KB971468)
        Security Update for Windows XP (KB971657)
        Security Update for Windows XP (KB972270)
        Security Update for Windows XP (KB973507)
        Security Update for Windows XP (KB973869)
        Security Update for Windows XP (KB973904)
        Security Update for Windows XP (KB974112)
        Security Update for Windows XP (KB974318)
        Security Update for Windows XP (KB974392)
        Security Update for Windows XP (KB974571)
        Security Update for Windows XP (KB975025)
        Security Update for Windows XP (KB975467)
        Security Update for Windows XP (KB975560)
        Security Update for Windows XP (KB975561)
        Security Update for Windows XP (KB975562)
        Security Update for Windows XP (KB975713)
        Security Update for Windows XP (KB977816)
        Security Update for Windows XP (KB977914)
        Security Update for Windows XP (KB978037)
        Security Update for Windows XP (KB978338)
        Security Update for Windows XP (KB978542)
        Security Update for Windows XP (KB978601)
        Security Update for Windows XP (KB978706)
        Security Update for Windows XP (KB979309)
        Security Update for Windows XP (KB979482)
        Security Update for Windows XP (KB979559)
        Security Update for Windows XP (KB979683)
        Security Update for Windows XP (KB979687)
        Security Update for Windows XP (KB980195)
        Security Update for Windows XP (KB980218)
        Security Update for Windows XP (KB980232)
        Security Update for Windows XP (KB980436)
        Security Update for Windows XP (KB981322)
        Security Update for Windows XP (KB981852)
        Security Update for Windows XP (KB981997)
        Security Update for Windows XP (KB982132)
        Security Update for Windows XP (KB982214)
        Security Update for Windows XP (KB982665)
        Sid Meier's Civilization V
        Skype™ 6.3
        Steam
        The Battle for Middle-earth (tm)
        The Lord of the Rings: War in the North
        Trend Micro Titanium Internet Security
        Trend Micro™ Titanium™ Internet Security
        TurboTax 2012
        TurboTax 2012 wiliper
        TurboTax 2012 WinPerFedFormset
        TurboTax 2012 WinPerReleaseEngine
        TurboTax 2012 WinPerTaxSupport
        TurboTax 2012 wrapper
        Update for 2007 Microsoft Office System (KB967642)
        Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
        Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
        Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
        Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
        Update for Windows Internet Explorer 8 (KB976662)
        Update for Windows XP (KB2141007)
        Update for Windows XP (KB2345886)
        Update for Windows XP (KB2467659)
        Update for Windows XP (KB2541763)
        Update for Windows XP (KB2641690)
        Update for Windows XP (KB2661254-v2)
        Update for Windows XP (KB2718704)
        Update for Windows XP (KB2736233)
        Update for Windows XP (KB2749655)
        Update for Windows XP (KB2863058)
        Update for Windows XP (KB951978)
        Update for Windows XP (KB955759)
        Update for Windows XP (KB967715)
        Update for Windows XP (KB968389)
        Update for Windows XP (KB971029)
        Update for Windows XP (KB971737)
        Update for Windows XP (KB973687)
        Update for Windows XP (KB973815)
        WebFldrs XP
        Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
        Windows Genuine Advantage Notifications (KB905474)
        Windows Genuine Advantage Validation Tool (KB892130)
        Windows Internet Explorer 8
        Windows Live ID Sign-in Assistant
        Windows Media Format 11 runtime
        Windows Media Player 11
        Windows XP Service Pack 3
        WinZip 17.5
        .
        ==== Event Viewer Messages From Past Week ========
        .
        12/5/2013 7:16:32 PM, error: Ntfs [55]  - The file system structure on the disk is corrupt and unusable. Please run the chkdsk utility on the volume C:.
        .
        ==== End Of File ===========================

        Offline whatiswrong

        • Bronze Member
        • Posts: 27
        Re: [In Progress] strange symptoms and errors with recent registry restoration
        « Reply #5 on: December 10, 2013, 10:23:57 PM »
        Hoov, I forgot to mention that this computer will (for six months)no longer boot up witout running a chkdsk; maddening.

        Also, since I ran the scans you suggested, I can't log off without a program hanging up.

        Got these errors when I tried to log off (wasn't using any programs):
        WINWORD.EXE not responding
        Box Sync Helper initialization failed

        Get this error each time I log in ot boot up:
        Apple Sync Notifyer: the procedure entry point for SQLite3_WDL_checkpoint could not be located in the dynamic link library SQLite3.dll

        Internet favorites continues to rearrange itself, despite my best efforts.
        Just FYI

        Offline Hoov

        • Malware Removal Mentors
        • Administrator
        • Diamond Member
        • Posts: 27043
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Re: [In Progress] strange symptoms and errors with recent registry restoration
        « Reply #6 on: December 10, 2013, 10:26:33 PM »
        Chances are you are going to continue to see errors as we clean up the problems. Once we get your computer clean, then we fix the errors.

        Do you have an Malwarebytes' Anti-Malware log? Did it remove anything?

        Former Consumer Security MVP
        2011-2014

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline whatiswrong

        • Bronze Member
        • Posts: 27
        Re: [In Progress] strange symptoms and errors with recent registry restoration
        « Reply #7 on: December 12, 2013, 07:39:28 AM »
        Hi.
        Sorry, it found nothing and I forgot to copy the log, but here it is.

        Malwarebytes Anti-Malware 1.75.0.1300
        http://www.malwarebytes.org

        Database version: v2013.12.10.07

        Windows XP Service Pack 3 x86 NTFS
        Internet Explorer 8.0.6001.18702
        Woof :: MAXSROOM [administrator]

        12/12/2013 7:19:42 AM
        mbam-log-2013-12-12 (07-19-42).txt

        Scan type: Quick scan
        Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
        Scan options disabled: P2P
        Objects scanned: 349428
        Time elapsed: 17 minute(s), 16 second(s)

        Memory Processes Detected: 0
        (No malicious items detected)

        Memory Modules Detected: 0
        (No malicious items detected)

        Registry Keys Detected: 0
        (No malicious items detected)

        Registry Values Detected: 0
        (No malicious items detected)

        Registry Data Items Detected: 0
        (No malicious items detected)

        Folders Detected: 0
        (No malicious items detected)

        Files Detected: 0
        (No malicious items detected)

        (end)

        Offline Hoov

        • Malware Removal Mentors
        • Administrator
        • Diamond Member
        • Posts: 27043
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Re: [In Progress] strange symptoms and errors with recent registry restoration
        « Reply #8 on: December 12, 2013, 07:47:58 AM »
        * Anyone other than the originator of this thread, you would be best advised to not run combofix without guidance from someone trained in its use. It is a very powerful tool that can cause damage to your computer if used wrong.

        Run comboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

        http://www.bleepingcomputer.com/combofix/how-to-use-combofix

        * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Also make sure you close all your browsers just before the instructions tell you to start the scanner.

        Please include the C:\ComboFix.txt in your next reply for further review.

        Note:
        Do not mouseclick combofix''s window while it''s running. That may cause it to stall

        Former Consumer Security MVP
        2011-2014

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline whatiswrong

        • Bronze Member
        • Posts: 27
        Re: [In Progress] strange symptoms and errors with recent registry restoration
        « Reply #9 on: December 12, 2013, 01:14:07 PM »
        Hi Hoov.
        I ran combofix.  Near the beginning of the scan, it did state that log-ons as well as internet explorer were infected.

        In advance, thanks so much for all you are doing.

        The following are the contents of my ComboFix log:

        ComboFix 13-12-12.03 - Woof 12/12/2013  12:40:22.1.4 - x86
        Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3069.2151 [GMT -6:00]
        Running from: c:\documents and settings\Woof\Desktop\ComboFix.exe
        AV: Trend Micro Titanium Internet Security *Disabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
        .
        .
        (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        c:\documents and settings\Max\WINDOWS
        c:\documents and settings\Woof\Application Data\Ysboyv
        c:\documents and settings\Woof\Application Data\Ysboyv\xauzo.abx
        c:\windows\system32\SET33F.tmp
        c:\windows\system32\SET34B.tmp
        c:\windows\system32\SET393.tmp
        G:\autorun.inf
        G:\install.exe
        G:\Setup.exe
        .
        Infected copy of c:\windows\system32\winlogon.exe was found and disinfected
        Restored copy from - c:\windows\ServicePackFiles\i386\winlogon.exe
        .
        Infected copy of c:\windows\system32\svchost.exe was found and disinfected
        Restored copy from - c:\windows\ServicePackFiles\i386\svchost.exe
        .
        c:\windows\explorer.exe . . . is infected!!
        .
        .
        (((((((((((((((((((((((((   Files Created from 2013-11-12 to 2013-12-12  )))))))))))))))))))))))))))))))
        .
        .
        2013-12-10 22:23 . 2013-12-10 22:23   --------   d-----w-   c:\program files\Malwarebytes' Anti-Malware
        2013-12-10 22:23 . 2013-04-04 20:50   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
        2013-12-10 22:11 . 2013-12-10 22:11   --------   d-----w-   c:\program files\CCleaner
        2013-12-10 06:49 . 2013-12-10 06:49   --------   d-----w-   c:\documents and settings\Woof\Local Settings\Application Data\WinZip
        2013-12-10 06:48 . 2013-12-10 06:49   --------   d-----w-   c:\documents and settings\All Users\Application Data\WinZip
        2013-11-20 13:49 . 2013-11-20 13:49   --------   d-----w-   c:\program files\iPod
        2013-11-20 13:49 . 2013-11-20 13:50   --------   d-----w-   c:\program files\iTunes
        2013-11-20 13:49 . 2013-11-20 13:50   --------   d-----w-   c:\documents and settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
        .
        .
        .
        ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        2013-12-11 01:46 . 2012-04-17 12:04   692616   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
        2013-12-11 01:46 . 2011-08-06 03:32   71048   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
        2013-11-13 02:59 . 2004-08-04 10:00   150528   ----a-w-   c:\windows\system32\imagehlp.dll
        2013-11-07 05:38 . 2004-08-04 10:00   591360   ----a-w-   c:\windows\system32\rpcrt4.dll
        2013-11-06 01:03 . 2010-12-28 21:55   7168   ----a-w-   c:\windows\system32\xpsp4res.dll
        2013-10-30 02:26 . 2004-08-04 10:00   1879040   ----a-w-   c:\windows\system32\win32k.sys
        2013-10-29 07:57 . 2006-03-04 03:33   920064   ----a-w-   c:\windows\system32\wininet.dll
        2013-10-29 07:57 . 2004-08-04 10:00   43520   ----a-w-   c:\windows\system32\licmgr10.dll
        2013-10-29 07:57 . 2004-08-04 10:00   18944   ----a-w-   c:\windows\system32\corpol.dll
        2013-10-29 07:57 . 2004-08-04 10:00   1469440   ----a-w-   c:\windows\system32\inetcpl.cpl
        2013-10-29 00:45 . 2004-08-04 10:00   385024   ----a-w-   c:\windows\system32\html.iec
        2013-10-23 23:45 . 2004-08-04 10:00   172032   ----a-w-   c:\windows\system32\scrrun.dll
        2013-10-12 15:56 . 2004-08-04 10:00   278528   ----a-w-   c:\windows\system32\oakley.dll
        2013-10-09 13:12 . 2004-08-04 10:00   287744   ----a-w-   c:\windows\system32\gdi32.dll
        2013-10-08 12:50 . 2013-10-20 17:07   94632   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
        2013-10-08 12:29 . 2013-10-20 17:07   145408   ----a-w-   c:\windows\system32\javacpl.cpl
        2013-10-07 10:59 . 2004-08-04 10:00   603136   ----a-w-   c:\windows\system32\crypt32.dll
        2006-06-16 01:33 . 2013-03-23 21:34   233472   ----a-w-   c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
        2006-05-25 23:43 . 2013-03-23 21:34   204895   ----a-w-   c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
        2005-09-29 19:41 . 2013-03-23 21:34   77824   ----a-w-   c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
        2006-06-19 18:10 . 2013-03-23 21:34   426081   ----a-w-   c:\program files\mozilla firefox\plugins\ctplayerobject.dll
        2005-02-02 17:19 . 2013-03-23 21:33   458752   ----a-w-   c:\program files\mozilla firefox\plugins\imagickrt.dll
        2006-04-10 23:35 . 2013-03-23 21:34   139264   ----a-w-   c:\program files\mozilla firefox\plugins\rlcontentclass.dll
        2005-11-09 16:10 . 2013-03-23 21:33   204800   ----a-w-   c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
        2005-11-09 16:42 . 2013-03-23 21:33   106496   ----a-w-   c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
        2006-01-04 16:22 . 2013-03-23 21:33   212992   ----a-w-   c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
        2006-01-04 16:21 . 2013-03-23 21:33   167936   ----a-w-   c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
        2012-06-14 22:20 . 2012-02-03 20:13   85472   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
        .
        .
        ------- Sigcheck -------
        Note: Unsigned files aren't necessarily malware.
        .
        [-] 2012-01-20 . 5734B653679D380EE55C910C9AC5C0C9 . 1033728 . . [6.00.2900.5512] . . c:\windows\explorer.exe
        [7] 2008-04-14 . 12896823FB95BFB3DC9B46BCAEDC9923 . 1033728 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
        [7] 2004-08-04 . A0732187050030AE399B241436565E64 . 1032192 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
        .
        (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
        .
        .
        *Note* empty entries & legit default entries are not shown
        REGEDIT4
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopFileLocked]
        @="{C253B817-3A00-475f-A5A3-6F2DD704B48D}"
        [HKEY_CLASSES_ROOT\CLSID\{C253B817-3A00-475f-A5A3-6F2DD704B48D}]
        2009-11-07 06:07   297808   ----a-w-   c:\windows\system32\mscoree.dll
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSynced]
        @="{19ACC806-F7AA-46AA-A80A-726A07CA6637}"
        [HKEY_CLASSES_ROOT\CLSID\{19ACC806-F7AA-46AA-A80A-726A07CA6637}]
        2009-11-07 06:07   297808   ----a-w-   c:\windows\system32\mscoree.dll
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopNotSyncedCollabs]
        @="{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}"
        [HKEY_CLASSES_ROOT\CLSID\{337D9DE0-3F8B-4430-AF0F-FFC24A95AE8F}]
        2009-11-07 06:07   297808   ----a-w-   c:\windows\system32\mscoree.dll
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSynced]
        @="{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}"
        [HKEY_CLASSES_ROOT\CLSID\{B7AC9C6D-F15B-4B1A-A88D-F518D13861D9}]
        2009-11-07 06:07   297808   ----a-w-   c:\windows\system32\mscoree.dll
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\000BoxDesktopSyncedCollab]
        @="{9E48C232-F601-4E41-BB3E-16CBAF317AA4}"
        [HKEY_CLASSES_ROOT\CLSID\{9E48C232-F601-4E41-BB3E-16CBAF317AA4}]
        2009-11-07 06:07   297808   ----a-w-   c:\windows\system32\mscoree.dll
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
        @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
        [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
        2013-04-10 05:37   130736   ----a-w-   c:\documents and settings\Woof\Application Data\Dropbox\bin\DropboxExt.19.dll
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
        @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
        [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
        2013-04-10 05:37   130736   ----a-w-   c:\documents and settings\Woof\Application Data\Dropbox\bin\DropboxExt.19.dll
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
        @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
        [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
        2013-04-10 05:37   130736   ----a-w-   c:\documents and settings\Woof\Application Data\Dropbox\bin\DropboxExt.19.dll
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
        @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
        [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
        2013-04-10 05:37   130736   ----a-w-   c:\documents and settings\Woof\Application Data\Dropbox\bin\DropboxExt.19.dll
        .
        [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-03 39408]
        "Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
        .
        [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
        "RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
        "EEventManager"="c:\program files\EPSON\Creativity Suite\Event Manager\EEventManager.exe" [2006-10-12 102400]
        "Adobe Photo Downloader"="c:\program files\Adobe\Photoshop Elements 4.0\apdproxy.exe" [2005-09-16 57344]
        "IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
        "MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
        "PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
        "PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
        "HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-11-29 196608]
        "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
        "AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
        "Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-09-30 112632]
        "Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-09-30 1119392]
        "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
        "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-10-08 16744256]
        "NvMediaCenter"="NvMCTray.dll" [2011-10-08 203072]
        "nwiz"="c:\program files\NVIDIA Corporation\nview\nwiz.exe" [2011-10-08 1632360]
        "amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
        "OEM03Mon.exe"="c:\windows\OEM03Mon.exe" [2007-05-18 36864]
        "BoxSyncHelper"="c:\program files\Box Sync\BoxSyncHelper.exe" [2013-06-08 393216]
        "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
        "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
        "AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
        "Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-09-03 41336]
        "Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-09-03 840568]
        "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2013-05-01 421888]
        "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
        "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-11-02 152392]
        .
        c:\documents and settings\Woof\Start Menu\Programs\Startup\
        Dropbox.lnk - c:\documents and settings\Woof\Application Data\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
        .
        c:\documents and settings\All Users\Start Menu\Programs\Startup\
        Box Sync.lnk - c:\program files\Box Sync\BoxSync.exe -hidden [2013-6-7 7959552]
        McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 273296]
        WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK32.EXE [2013-7-15 685936]
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
        "DisableMonitoring"=dword:00000001
        .
        [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
        "%windir%\\system32\\sessmgr.exe"=
        "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
        "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
        "c:\\Program Files\\Steam\\Steam.exe"=
        "c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX9.EXE"=
        "c:\\Program Files\\CAPCOM\\RESIDENT EVIL 5\\RE5DX10.EXE"=
        "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
        "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
        "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
        "c:\\Program Files\\NVIDIA Corporation\\NVIDIA Updatus\\daemonu.exe"=
        "c:\\WINDOWS\\system32\\dplaysvr.exe"=
        "c:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"=
        "c:\\Program Files\\Steam\\steamapps\\common\\war in the north\\witn.exe"=
        "c:\\Program Files\\Steam\\steamapps\\common\\batman2\\Binaries\\Win32\\BatmanAC.exe"=
        "c:\\Program Files\\Steam\\steamapps\\common\\batman2\\RunLauncher.bat"=
        "c:\\Program Files\\Microsoft Games\\Age of Empires II\\age2_x1\\AGE2_X1.ICD"=
        "c:\\Program Files\\Steam\\steamapps\\common\\mount & blade with fire and sword\\mb_wfas.exe"=
        "c:\\Program Files\\Steam\\steamapps\\common\\mountblade warband\\mb_warband.exe"=
        "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
        "c:\\Documents and Settings\\Woof\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
        "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
        "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
        "c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
        "c:\\Program Files\\EA GAMES\\The Battle for Middle-earth (tm)\\game.dat"=
        "c:\\Program Files\\Steam\\steamapps\\common\\Sid Meier's Civilization V\\Launcher.exe"=
        "c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
        "c:\\Program Files\\iTunes\\iTunes.exe"=
        .
        R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe [9/30/2011 7:55 AM 196320]
        R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 12:37 PM 13672]
        R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [12/10/2013 4:23 PM 418376]
        R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [12/10/2013 4:23 PM 701512]
        R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [9/30/2011 7:56 AM 64784]
        R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [12/10/2013 4:23 PM 22856]
        R3 NmPar;PCI Parallel Port;c:\windows\system32\drivers\NmPar.sys [12/24/2008 5:40 AM 80256]
        R3 nmserial;PCI Serial Port;c:\windows\system32\drivers\NmSerial.sys [12/16/2008 6:10 AM 70016]
        R3 OEM03Afx;Provides a software interface to control audio effects of OEM003 camera.;c:\windows\system32\drivers\OEM03Afx.sys [4/16/2013 2:03 PM 141376]
        R3 OEM03Vfx;Creative Camera OEM003 Video VFX Driver;c:\windows\system32\drivers\OEM03Vfx.sys [4/16/2013 2:03 PM 7424]
        R3 OEM03Vid;Creative Camera OEM003 Driver;c:\windows\system32\drivers\OEM03Vid.sys [4/16/2013 2:03 PM 235808]
        R3 RLDesignVirtualAudioCableWdm;Live! Cam Virtual;c:\windows\system32\drivers\livecamv.sys [3/23/2013 3:32 PM 31616]
        S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2/28/2013 5:45 PM 161384]
        S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.130\McCHSvc.exe [9/6/2013 11:29 AM 235216]
        S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\drivers\motccgp.sys [8/21/2008 10:49 PM 18688]
        S3 motccgpfl;MotCcgpFlService;c:\windows\system32\drivers\motccgpfl.sys [8/21/2008 10:49 PM 8320]
        S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
        S3 SwitchBoard;Adobe SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2/19/2010 12:37 PM 517096]
        .
        --- Other Services/Drivers In Memory ---
        .
        *NewlyCreated* - WS2IFSL
        .
        [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
        2013-12-05 07:36   1210320   ----a-w-   c:\program files\Google\Chrome\Application\31.0.1650.63\Installer\chrmstp.exe
        .
        Contents of the 'Scheduled Tasks' folder
        .
        2013-12-12 c:\windows\Tasks\Adobe Flash Player Updater.job
        - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-17 01:46]
        .
        2013-12-12 c:\windows\Tasks\AdobeAAMUpdater-1.0-MAXSROOM-Woof.job
        - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-07-19 11:09]
        .
        2013-12-11 c:\windows\Tasks\AppleSoftwareUpdate.job
        - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 22:57]
        .
        2013-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
        - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 23:12]
        .
        2013-12-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
        - c:\program files\Google\Update\GoogleUpdate.exe [2011-01-03 23:12]
        .
        .
        ------- Supplementary Scan -------
        .
        uStart Page = hxxp://www.google.com/
        uDefault_Search_URL = hxxp://www.google.com/ie
        uSearchAssistant = hxxp://www.google.com/ie
        uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
        IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
        IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
        IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
        IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
        IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
        IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
        TCP: DhcpNameServer = 192.168.1.1
        DPF: Garmin Communicator Plug-In - hxxps://static.garmincdn.com/gcp/ie/4.0.1.0/GarminAxControl_32.CAB
        FF - ProfilePath - c:\documents and settings\Woof\Application Data\Mozilla\Firefox\Profiles\6nevyhe3.default\
        .
        - - - - ORPHANS REMOVED - - - -
        .
        HKCU-Run-Evecpoqac - c:\documents and settings\Woof\Application Data\Qirif\idok.exe
        .
        .
        .
        **************************************************************************
        .
        catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
        Rootkit scan 2013-12-12 12:56
        Windows 5.1.2600 Service Pack 3 NTFS
        .
        scanning hidden processes ... 
        .
        scanning hidden autostart entries ...
        .
        scanning hidden files ... 
        .
        scan completed successfully
        hidden files: 0
        .
        **************************************************************************
        .
        [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
        "ImagePath"="c:\windows\system32\GameMon.des -service"
        .
        --------------------- LOCKED REGISTRY KEYS ---------------------
        .
        [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
        @Denied: (A 2) (Everyone)
        @="FlashBroker"
        "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
        .
        [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
        "Enabled"=dword:00000001
        .
        [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
        @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
        .
        [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
        .
        [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
        @Denied: (A 2) (Everyone)
        @="IFlashBroker5"
        .
        [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
        @="{00020424-0000-0000-C000-000000000046}"
        .
        [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
        @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
        "Version"="1.0"
        .
        --------------------- DLLs Loaded Under Running Processes ---------------------
        .
        - - - - - - - > 'explorer.exe'(2644)
        c:\windows\system32\WININET.dll
        c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
        c:\program files\Box Sync\BoxIconOverlayHandler.dll
        c:\program files\Box Sync\BoxUtils.dll
        c:\documents and settings\Woof\Application Data\Dropbox\bin\DropboxExt.19.dll
        c:\windows\system32\ieframe.dll
        c:\windows\system32\webcheck.dll
        c:\windows\system32\WPDShServiceObj.dll
        c:\program files\Box Sync\BoxCopyHookHandler.dll
        c:\windows\system32\PortableDeviceTypes.dll
        c:\windows\system32\PortableDeviceApi.dll
        .
        ------------------------ Other Running Processes ------------------------
        .
        c:\program files\Trend Micro\AMSP\coreFrameworkHost.exe
        c:\program files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
        c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
        c:\program files\Bonjour\mDNSResponder.exe
        c:\program files\Java\jre7\bin\jqs.exe
        c:\windows\system32\nvsvc32.exe
        c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
        c:\windows\system32\PnkBstrA.exe
        c:\windows\system32\PnkBstrB.exe
        c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
        c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
        c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
        c:\windows\RTHDCPL.EXE
        c:\program files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe
        c:\windows\system32\RunDLL32.exe
        c:\program files\Box Sync\BoxSync.exe
        c:\documents and settings\Woof\Application Data\Dropbox\bin\Dropbox.exe
        c:\program files\iPod\bin\iPodService.exe
        .
        **************************************************************************
        .
        Completion time: 2013-12-12  13:02:07 - machine was rebooted
        ComboFix-quarantined-files.txt  2013-12-12 19:02
        .
        Pre-Run: 111,675,445,248 bytes free
        Post-Run: 112,527,855,616 bytes free
        .
        WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
        [boot loader]
        timeout=2
        default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
        [operating systems]
        c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
        UnsupportedDebug="do not select this" /debug
        multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect /usepmtimer
        .
        - - End Of File - - 60F5F7900D49C95454F9AAA7526B7352
        8F558EB6672622401DA993E1E865C861

        Offline Hoov

        • Malware Removal Mentors
        • Administrator
        • Diamond Member
        • Posts: 27043
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Re: [In Progress] strange symptoms and errors with recent registry restoration
        « Reply #10 on: December 12, 2013, 01:26:06 PM »
        While I am going thru your log, has anything changed in the way your computer is running?

        The logon and explorer issue you sited were repaired. The logon problem was actually winlogon.exe.

        Also please follow the instructions below and run TDSSKiller.

        Please read carefully and follow these steps.
        • Download TDSSKiller and save it to your Desktop.
        • Extract its contents to your desktop.
        • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on click on the change parameters option.




        • Once you are in there, check all four boxes and then click on the OK button.



        • Now click the Start Scan button.



        • This is what you will see during the scan,


        • and this is what you will see when the scan is done if any threats are found. Don't change any of the recommended actions. Click the continue button.



        • Once the fix is done you might see this,




        • or it may ask you to reboot the computer to complete the process. Click on Reboot Now.

        • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
        • If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

        Former Consumer Security MVP
        2011-2014

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline whatiswrong

        • Bronze Member
        • Posts: 27
        Re: [In Progress] strange symptoms and errors with recent registry restoration
        « Reply #11 on: December 12, 2013, 02:04:40 PM »
        Hi Hoov.
        In answer to your question about differences in how it's running, have not been using it much because I didn't know if I should.  I can say that some of the text at the bottom of Google is slightly jumbled, and my cursor did the flit on me when I went to type Spywarehammer in the search box to send you the CombFix log.  It jumped up and to the left, so I reclicked in the search box to remedy it.

        Also, it is still running chkdsk when it reboots.  ComboFox caused it to reboot and that's when I saw that.

        I will now go surfing to see how it does, and then I will go run TDSSKiller.


        Offline whatiswrong

        • Bronze Member
        • Posts: 27
        Re: [In Progress] strange symptoms and errors with recent registry restoration
        « Reply #12 on: December 12, 2013, 02:07:56 PM »
        Also, do you want me to remove the ComboFix, or no?

        Offline Hoov

        • Malware Removal Mentors
        • Administrator
        • Diamond Member
        • Posts: 27043
        • Unwilling part owner of Gov't. Motors and Chrysler
          • Hoov's Personal Site
        Re: [In Progress] strange symptoms and errors with recent registry restoration
        « Reply #13 on: December 12, 2013, 02:28:08 PM »
        Leave all the tools on the desktop or installed until we are done.

        Do you have a windows install disc? One from Microsoft. If not can you borrow one from a family member or friend?

        Former Consumer Security MVP
        2011-2014

        If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

        Offline whatiswrong

        • Bronze Member
        • Posts: 27
        Re: [In Progress] strange symptoms and errors with recent registry restoration
        « Reply #14 on: December 12, 2013, 06:58:33 PM »
        Hoov, the computer is functioning much better.  Much faster.
        Have not noticed any more of the flitting cursor thing.

        I noticed something at the end of the TDSSKiller log.  It states that the user skipped an action.  I didn't choose SKIP at any time while following the directions for the scan.  There was one threat, but nothing was quarantined.

        Also, what is WINWORD.EXE? was it a problem?  I'm almost afraid to Google it.
        Many thanks for the continued help.

        As requested, the following is half of the the log from the TDSSKiller:

        18:38:27.0546 0x1654  TDSS rootkit removing tool 3.0.0.19 Nov 18 2013 09:27:50
        18:39:22.0625 0x1654  ============================================================
        18:39:22.0625 0x1654  Current date / time: 2013/12/12 18:39:22.0625
        18:39:22.0625 0x1654  SystemInfo:
        18:39:22.0625 0x1654 
        18:39:22.0625 0x1654  OS Version: 5.1.2600 ServicePack: 3.0
        18:39:22.0625 0x1654  Product type: Workstation
        18:39:22.0625 0x1654  ComputerName: MAXSROOM
        18:39:22.0625 0x1654  UserName: Woof
        18:39:22.0625 0x1654  Windows directory: C:\WINDOWS
        18:39:22.0625 0x1654  System windows directory: C:\WINDOWS
        18:39:22.0625 0x1654  Processor architecture: Intel x86
        18:39:22.0625 0x1654  Number of processors: 4
        18:39:22.0625 0x1654  Page size: 0x1000
        18:39:22.0625 0x1654  Boot type: Normal boot
        18:39:22.0625 0x1654  ============================================================
        18:39:22.0843 0x1654  KLMD registered as C:\WINDOWS\system32\drivers\90736496.sys
        18:39:23.0515 0x1654  System UUID: {42DF9148-EAD8-CAD0-85F4-D5753C2E2685}
        18:39:24.0671 0x1654  Drive \Device\Harddisk0\DR0 - Size: 0x3A35290000 (232.83 Gb), SectorSize: 0x200, Cylinders: 0x76BA, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
        18:39:24.0703 0x1654  Drive \Device\Harddisk1\DR2 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
        18:39:32.0125 0x1654  ============================================================
        18:39:32.0125 0x1654  \Device\Harddisk0\DR0:
        18:39:32.0140 0x1654  MBR partitions:
        18:39:32.0140 0x1654  \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x1D1A4F3A
        18:39:32.0140 0x1654  \Device\Harddisk1\DR2:
        18:39:32.0140 0x1654  MBR partitions:
        18:39:32.0140 0x1654  \Device\Harddisk1\DR2\Partition1: MBR, Type 0xC, StartLBA 0x3F, BlocksNum 0x74705982
        18:39:32.0140 0x1654  ============================================================
        18:39:32.0218 0x1654  C: <-> \Device\Harddisk0\DR0\Partition1
        18:39:32.0218 0x1654  G: <-> \Device\Harddisk1\DR2\Partition1
        18:39:32.0218 0x1654  ============================================================
        18:39:32.0218 0x1654  Initialize success
        18:39:32.0218 0x1654  ============================================================
        18:41:08.0453 0x15f4  ============================================================
        18:41:08.0453 0x15f4  Scan started
        18:41:08.0453 0x15f4  Mode: Manual; SigCheck; TDLFS;
        18:41:08.0453 0x15f4  ============================================================
        18:41:08.0453 0x15f4  KSN ping started
        18:41:11.0031 0x15f4  KSN ping finished: true
        18:41:11.0484 0x15f4  ================ Scan system memory ========================
        18:41:11.0484 0x15f4  System memory - ok
        18:41:11.0484 0x15f4  ================ Scan services =============================
        18:41:11.0765 0x15f4  Abiosdsk - ok
        18:41:11.0765 0x15f4  abp480n5 - ok
        18:41:11.0828 0x15f4  [ 8FD99680A539792A30E97944FDAECF17, 594F8E0C3695400B0C09A797AF6BDFAC6F750ECD67D0EE803914C572B1DCC43C ] ACPI            C:\WINDOWS\system32\DRIVERS\ACPI.sys
        18:41:12.0281 0x15f4  ACPI - ok
        18:41:12.0437 0x15f4  [ 9859C0F6936E723E4892D7141B1327D5, 5E8F6A2FC4DF2E5E92A1D66ECC2810E08B42B64E9CD0DF4AD3F78EA8558B90AF ] ACPIEC          C:\WINDOWS\system32\drivers\ACPIEC.sys
        18:41:12.0515 0x15f4  ACPIEC - ok
        18:41:12.0625 0x15f4  [ CBCE4E5E5CFC29EFAAC14A9DE290A855, 35DEFA910F5B84C5A8FAC9F2BD36D66FAFA6B35249B1939321AEF6A2B684FD10 ] AdobeActiveFileMonitor4.0 C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
        18:41:12.0687 0x15f4  AdobeActiveFileMonitor4.0 - detected UnsignedFile.Multi.Generic ( 1 )
        18:41:15.0156 0x15f4  Detect skipped due to KSN trusted
        18:41:15.0156 0x15f4  AdobeActiveFileMonitor4.0 - ok
        18:41:15.0234 0x15f4  [ 1BA1AB4141A92EB34DA99F1249CA2D4D, 43ADF35146E61E0DE58D2ACC2994538F6025135ECEB30073BEF05A804BB38107 ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
        18:41:15.0250 0x15f4  AdobeFlashPlayerUpdateSvc - ok
        18:41:15.0250 0x15f4  adpu160m - ok
        18:41:15.0265 0x15f4  [ 8BED39E3C35D6A489438B8141717A557, 1B5796E56B0927360CE0759641B1151828BC0A9E45620D2B2D880491F5CE33D0 ] aec             C:\WINDOWS\system32\drivers\aec.sys
        18:41:15.0390 0x15f4  aec - ok
        18:41:15.0421 0x15f4  [ 1E44BC1E83D8FD2305F8D452DB109CF9, CF5EC07E0B589FA2A4701C6CFD69E893FC3ABF274AD57AE3C13FFE49063B02C8 ] AFD             C:\WINDOWS\System32\drivers\afd.sys
        18:41:15.0500 0x15f4  AFD - ok
        18:41:15.0500 0x15f4  Aha154x - ok
        18:41:15.0500 0x15f4  aic78u2 - ok
        18:41:15.0515 0x15f4  aic78xx - ok
        18:41:15.0546 0x15f4  [ A9A3DAA780CA6C9671A19D52456705B4, 67C959144B57AE0BBF1D82DBED197F32CDB06FECD883A80C441A0202FE83FAB4 ] Alerter         C:\WINDOWS\system32\alrsvc.dll
        18:41:15.0671 0x15f4  Alerter - ok
        18:41:15.0687 0x15f4  [ 8C515081584A38AA007909CD02020B3D, A5E13CA10F702928E0DE84C74D0EA8ACCB117FD76FBABC55220C75C4FFD596DC ] ALG             C:\WINDOWS\System32\alg.exe
        18:41:15.0812 0x15f4  ALG - ok
        18:41:15.0828 0x15f4  AliIde - ok
        18:41:15.0906 0x15f4  [ AD8FA28D8ED0D0A689A0559085CE0F18, 75A35973D0CAED504147FC4A78F6EFA755E74EC4A169689F279150769196744A ] AmdLLD          C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
        18:41:15.0968 0x15f4  AmdLLD - ok
        18:41:15.0968 0x15f4  amsint - ok
        18:41:16.0078 0x15f4  [ 6EAC742B758E110DD12EBC8446C07B6C, 859751154CD79A5E5F8933EC559490A68F4881FAF61E7ACE8D15812F8D0DEA24 ] Amsp            C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
        18:41:16.0140 0x15f4  Amsp - ok
        18:41:16.0281 0x15f4  [ 30E3850F303EAE5C364782EA78579CC9, 8C94E5A9052F6E794685194EEACB31A174A947D60246908B6A0DEFA081A747A3 ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
        18:41:16.0281 0x15f4  Apple Mobile Device - ok
        18:41:16.0312 0x15f4  [ D8849F77C0B66226335A59D26CB4EDC6, 4990031453204C57E36E850252A39B05D6ECDAB9E71A8136FB4900F17E59C9CA ] AppMgmt         C:\WINDOWS\System32\appmgmts.dll
        18:41:16.0421 0x15f4  AppMgmt - ok
        18:41:16.0453 0x15f4  [ B5B8A80875C1DEDEDA8B02765642C32F, AD0C71D73B1B8225351FBF4FFB43001A32B4DAE69504C59970CD2428BB33D4EF ] Arp1394         C:\WINDOWS\system32\DRIVERS\arp1394.sys
        18:41:16.0562 0x15f4  Arp1394 - ok
        18:41:16.0578 0x15f4  asc - ok
        18:41:16.0578 0x15f4  asc3350p - ok
        18:41:16.0578 0x15f4  asc3550 - ok
        18:41:16.0687 0x15f4  [ 776ACEFA0CA9DF0FAA51A5FB2F435705, 72DF7ED6B085BC468994F5B3189506FD726A9A17A9C42ACA1E420D787691361D ] aspnet_state    C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
        18:41:16.0718 0x15f4  aspnet_state - ok
        18:41:16.0734 0x15f4  [ B153AFFAC761E7F5FCFA822B9C4E97BC, 7E60F572A6B3C6219E3C86225AA37243AFFD74337DB7F108B04778042E5CC959 ] AsyncMac        C:\WINDOWS\system32\DRIVERS\asyncmac.sys
        18:41:16.0828 0x15f4  AsyncMac - ok
        18:41:16.0843 0x15f4  [ 9F3A2F5AA6875C72BF062C712CFA2674, B4DF1D2C56A593C6B54DE57395E3B51D288F547842893B32B0F59228A0CF70B9 ] atapi           C:\WINDOWS\system32\DRIVERS\atapi.sys
        18:41:17.0000 0x15f4  atapi - ok
        18:41:17.0000 0x15f4  Atdisk - ok
        18:41:17.0046 0x15f4  [ 9916C1225104BA14794209CFA8012159, 5D6F05F715C52A16D05CAE15C3DFE77A139A7F27F7AE710EC9A10F9EE05115A1 ] Atmarpc         C:\WINDOWS\system32\DRIVERS\atmarpc.sys
        18:41:17.0156 0x15f4  Atmarpc - ok
        18:41:17.0187 0x15f4  [ DEF7A7882BEC100FE0B2CE2549188F9D, 462C95B63D0A1058291A2DC8CBFCB13D7D74CCD1CA43B613A7EB43D49E3276F8 ] AudioSrv        C:\WINDOWS\System32\audiosrv.dll
        18:41:17.0296 0x15f4  AudioSrv - ok
        18:41:17.0328 0x15f4  [ D9F724AA26C010A217C97606B160ED68, 329B5118F2409731D06FDAE85B6ADD64A048292801BCB3546651CEB303111695 ] audstub         C:\WINDOWS\system32\DRIVERS\audstub.sys
        18:41:17.0437 0x15f4  audstub - ok
        18:41:17.0484 0x15f4  [ DA1F27D85E0D1525F6621372E7B685E9, 5A81A46A3BDD19DAFC6C87D277267A5D44F3A1B5302F2CC1111D84B7BAD5610D ] Beep            C:\WINDOWS\system32\drivers\Beep.sys
        18:41:17.0562 0x15f4  Beep - ok
        18:41:17.0609 0x15f4  [ 574738F61FCA2935F5265DC4E5691314, 3C7CCF064397186C3A3863DD2370AB6414A61B330097DCA4F299CA7BBAA3D1B4 ] BITS            C:\WINDOWS\system32\qmgr.dll
        18:41:17.0718 0x15f4  BITS - ok
        18:41:17.0781 0x15f4  [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A, 10F21999FF6B1D410EBF280F7F27DEACA5289739CF12F4293B614B8FC6C88DCC ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
        18:41:17.0812 0x15f4  Bonjour Service - ok
        18:41:17.0843 0x15f4  [ CFD4E51402DA9838B5A04AE680AF54A0, 5378F42B195B5832B00A05AD64E00473A45FFB86AC25C57241F26EA82B149FE1 ] Browser         C:\WINDOWS\System32\browser.dll
        18:41:17.0921 0x15f4  Browser - ok
        18:41:17.0953 0x15f4  [ 248DFA5762DDE38DFDDBBD44149E9D7A, D696D5698B7B5B331A6ED39172015349685450D10F63B1E4D4112199198FA5C7 ] BVRPMPR5        C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
        18:41:18.0031 0x15f4  BVRPMPR5 - detected UnsignedFile.Multi.Generic ( 1 )
        18:41:20.0578 0x15f4  Detect skipped due to KSN trusted
        18:41:20.0578 0x15f4  BVRPMPR5 - ok
        18:41:20.0578 0x15f4  catchme - ok
        18:41:20.0593 0x15f4  [ 90A673FC8E12A79AFBED2576F6A7AAF9, BDE7858A3457DB979FEDD8577FA6321BF72848E4A7BF9F173C78A6A10CBB3EBE ] cbidf2k         C:\WINDOWS\system32\drivers\cbidf2k.sys
        18:41:20.0703 0x15f4  cbidf2k - ok
        18:41:20.0734 0x15f4  [ 0BE5AEF125BE881C4F854C554F2B025C, 1770DD70B3F115A0EF460907DEDC1E4B7241C08615A98F194D61A49C3E2BAA54 ] CCDECODE        C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
        18:41:20.0859 0x15f4  CCDECODE - ok
        18:41:20.0859 0x15f4  cd20xrnt - ok
        18:41:20.0906 0x15f4  [ C1B486A7658353D33A10CC15211A873B, AA4DD9E7AAE5AAB1146B360B17001F975D2F29A1281CF7B13E7136480410F347 ] Cdaudio         C:\WINDOWS\system32\drivers\Cdaudio.sys
        18:41:21.0015 0x15f4  Cdaudio - ok
        18:41:21.0062 0x15f4  [ C885B02847F5D2FD45A24E219ED93B32, B26B2F8E3A831E2B65EB0C5195B0645CD50E22615CE79C9B0B391CD563B121DB ] Cdfs            C:\WINDOWS\system32\drivers\Cdfs.sys
        18:41:21.0156 0x15f4  Cdfs - ok
        18:41:21.0171 0x15f4  [ 1F4260CC5B42272D71F79E570A27A4FE, B51C2A3ED3C309953D0EA45869C8E464C10F2533DADE9E0286AF674979098D1D ] Cdrom           C:\WINDOWS\system32\DRIVERS\cdrom.sys
        18:41:21.0281 0x15f4  Cdrom - ok
        18:41:21.0328 0x15f4  [ 84853B3FD012251690570E9E7E43343F, 65CACFA643E52A0C0E6B2D901228A8A0AD4993CAFA3C287E65395F4B7C521089 ] cercsr6         C:\WINDOWS\system32\drivers\cercsr6.sys
        18:41:21.0390 0x15f4  cercsr6 - detected UnsignedFile.Multi.Generic ( 1 )
        18:41:23.0937 0x15f4  Detect skipped due to KSN trusted
        18:41:23.0937 0x15f4  cercsr6 - ok
        18:41:23.0937 0x15f4  Changer - ok
        18:41:23.0968 0x15f4  [ 1CFE720EB8D93A7158A4EBC3AB178BDE, 65D2A9D9A88F38D4AF323134C151BA0F4B3CD0F6A134AF86E7AC9D07319F1726 ] CiSvc           C:\WINDOWS\system32\cisvc.exe
        18:41:24.0062 0x15f4  CiSvc - ok
        18:41:24.0093 0x15f4  [ 34CBE729F38138217F9C80212A2A0C82, A9FD7A758D12E0818A11BEEF1CE772FEFA8373E92EF6C0DA8628CD4572CC9A43 ] ClipSrv         C:\WINDOWS\system32\clipsrv.exe
        18:41:24.0203 0x15f4  ClipSrv - ok
        18:41:24.0281 0x15f4  [ D87ACAED61E417BBA546CED5E7E36D9C, 14AC6034A5BC0FB2A1AFDAD42BEF4DE641556E54AD30D0C46765660A4BE55462 ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
        18:41:24.0296 0x15f4  clr_optimization_v2.0.50727_32 - ok
        18:41:24.0343 0x15f4  [ C5A75EB48E2344ABDC162BDA79E16841, 6070A8AAFD38FBC6A68A2B10C20117612354DF21B4492D90CA522BFB6870D726 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
        18:41:24.0375 0x15f4  clr_optimization_v4.0.30319_32 - ok
        18:41:24.0390 0x15f4  CmdIde - ok
        18:41:24.0390 0x15f4  COMSysApp - ok
        18:41:24.0390 0x15f4  Cpqarray - ok
        18:41:24.0421 0x15f4  [ 3D4E199942E29207970E04315D02AD3B, 0825960894CF9C86CC8775BDD2A262948A09CA495AA7FE9F210FAF49E7086383 ] CryptSvc        C:\WINDOWS\System32\cryptsvc.dll
        18:41:24.0515 0x15f4  CryptSvc - ok
        18:41:24.0515 0x15f4  dac2w2k - ok
        18:41:24.0531 0x15f4  dac960nt - ok
        18:41:24.0593 0x15f4  [ 6B27A5C03DFB94B4245739065431322C, 6AEAC16AB4E0DFD25123AAF4D4181FEE1B919B7B2793117006CE8CF30E826CFD ] DcomLaunch      C:\WINDOWS\system32\rpcss.dll
        18:41:24.0671 0x15f4  DcomLaunch - ok
        18:41:24.0703 0x15f4  [ 5E38D7684A49CACFB752B046357E0589, F192AD4190BCFB6939A5CBC91648FE63168AF79A5E227A111DEAD6A92E42AB8D ] Dhcp            C:\WINDOWS\System32\dhcpcsvc.dll
        18:41:24.0812 0x15f4  Dhcp - ok
        18:41:24.0859 0x15f4  [ 044452051F3E02E7963599FC8F4F3E25, 584BDDB074618BE76454CF90E74829CFF588B5B5FAEB793E2F7AAD26352DD689 ] Disk            C:\WINDOWS\system32\DRIVERS\disk.sys
        18:41:24.0968 0x15f4  Disk - ok
        18:41:24.0984 0x15f4  dmadmin - ok
        18:41:25.0031 0x15f4  [ D992FE1274BDE0F84AD826ACAE022A41, C82BD6561A14F2932A761F5883A787B99031250EE5E9B7B5714AA045545C9B99 ] dmboot          C:\WINDOWS\system32\drivers\dmboot.sys
        18:41:25.0187 0x15f4  dmboot - ok
        18:41:25.0203 0x15f4  [ 7C824CF7BBDE77D95C08005717A95F6F, A73CB323B7A6410C3D3F258BF204E716ADF8C84C9E4F6562C57AB73DAED8CCDE ] dmio            C:\WINDOWS\system32\drivers\dmio.sys
        18:41:25.0312 0x15f4  dmio - ok
        18:41:25.0328 0x15f4  [ E9317282A63CA4D188C0DF5E09C6AC5F, D41E002F555FE9015EF620975255F58BB79198CA1FF0E09EC950CB450FF77CF7 ] dmload          C:\WINDOWS\system32\drivers\dmload.sys
        18:41:25.0421 0x15f4  dmload - ok
        18:41:25.0468 0x15f4  [ 57EDEC2E5F59F0335E92F35184BC8631, 61F6F0DC2D1A6C61D5EF0D5CC4BE0FFC217F1E61FDA3EA9F704709293656600F ] dmserver        C:\WINDOWS\System32\dmserver.dll
        18:41:25.0578 0x15f4  dmserver - ok
        18:41:25.0609 0x15f4  [ 8A208DFCF89792A484E76C40E5F50B45, 4E40E2EB38C6254E7CAA488200E89EE7DEBBBA773890BC6A84313CC68178D54F ] DMusic          C:\WINDOWS\system32\drivers\DMusic.sys
        18:41:25.0718 0x15f4  DMusic - ok
        18:41:25.0750 0x15f4  [ 5F7E24FA9EAB896051FFB87F840730D2, 356EEFDCD54DECAD0170B34B993E4BF80DD039E2B2922D7A8D09B84031E9FC7A ] Dnscache        C:\WINDOWS\System32\dnsrslvr.dll
        18:41:25.0781 0x15f4  Dnscache - ok
        18:41:25.0812 0x15f4  [ 0F0F6E687E5E15579EF4DA8DD6945814, 5C32D88119EB1465B2D719BEE2E05888D1A73454B5E33F2D4928DA710F8BFBA3 ] Dot3svc         C:\WINDOWS\System32\dot3svc.dll
        18:41:25.0906 0x15f4  Dot3svc - ok
        18:41:25.0906 0x15f4  dpti2o - ok
        18:41:25.0937 0x15f4  [ 8F5FCFF8E8848AFAC920905FBD9D33C8, C8C6FB97AB0871C8C88A2201525A5CF10D5131CB6980D32692ED7A8F58399AD5 ] drmkaud         C:\WINDOWS\system32\drivers\drmkaud.sys
        18:41:26.0031 0x15f4  drmkaud - ok
        18:41:26.0078 0x15f4  [ 2187855A7703ADEF0CEF9EE4285182CC, 8233CC11F637866C0074043835A785EA2B616739B6B1181B143A253CF2508CFD ] EapHost         C:\WINDOWS\System32\eapsvc.dll
        18:41:26.0203 0x15f4  EapHost - ok
        18:41:26.0218 0x15f4  [ BC93B4A066477954555966D77FEC9ECB, 27F5B780175EF46DA102EE33F7F33559C8B40C077EEA4405D579D9507F4B1C23 ] ERSvc           C:\WINDOWS\System32\ersvc.dll
        18:41:26.0296 0x15f4  ERSvc - ok
        18:41:26.0328 0x15f4  [ 65DF52F5B8B6E9BBD183505225C37315, 59C606977DB40A3443DFF0BE2A4C761824881B22C9FDB3D23F6486DB580E92A4 ] Eventlog        C:\WINDOWS\system32\services.exe
        18:41:26.0359 0x15f4  Eventlog - ok
        18:41:26.0375 0x15f4  [ D4991D98F2DB73C60D042F1AEF79EFAE, 58AF949EAEBF4FF3E3314DFB66CE4198BF65F0836B68CD27A6ED319742CCCCD2 ] EventSystem     C:\WINDOWS\system32\es.dll
        18:41:26.0406 0x15f4  EventSystem - ok
        18:41:26.0437 0x15f4  [ 38D332A6D56AF32635675F132548343E, E6909DB836AF679B4F4D62C7396D6C82769CC7ABB8C919C2AABFE934FCE268F6 ] Fastfat         C:\WINDOWS\system32\drivers\Fastfat.sys
        18:41:26.0562 0x15f4  Fastfat - ok
        18:41:26.0625 0x15f4  [ 99BC0B50F511924348BE19C7C7313BBF, A1006C687BD352F700B140DC741515A0CDD9E1352C0FBD1EE410D404E344444B ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
        18:41:26.0656 0x15f4  FastUserSwitchingCompatibility - ok
        18:41:26.0671 0x15f4  [ 92CDD60B6730B9F50F6A1A0C1F8CDC81, 8307A532AB4D05CBBCE206DC2759497708BF5AAA880BD00F0E4F281D8578A1F5 ] Fdc             C:\WINDOWS\system32\DRIVERS\fdc.sys
        18:41:26.0765 0x15f4  Fdc - ok
        18:41:26.0765 0x15f4  [ D45926117EB9FA946A6AF572FBE1CAA3, 4C94EF009D778BE0BDF8F812F026B96F91F641BE30AA2531427A5E63DBD280DA ] Fips            C:\WINDOWS\system32\drivers\Fips.sys
        18:41:26.0875 0x15f4  Fips - ok
        18:41:26.0906 0x15f4  [ 9D27E7B80BFCDF1CDD9B555862D5E7F0, 69C271AD5BCEBFD8AE5A769BDD7EC51256DA3A8ADAD5D12E5C0D13F4E82D8805 ] Flpydisk        C:\WINDOWS\system32\drivers\Flpydisk.sys
        18:41:27.0031 0x15f4  Flpydisk - ok
        18:41:27.0031 0x15f4  [ B2CF4B0786F8212CB92ED2B50C6DB6B0, 280F5CF8A90F7BEDE73ADD0DD0F8952088133A7CA9A3D3B7041957E33B36845D ] FltMgr          C:\WINDOWS\system32\drivers\fltmgr.sys
        18:41:27.0125 0x15f4  FltMgr - ok
        18:41:27.0218 0x15f4  [ 8BA7C024070F2B7FDD98ED8A4BA41789, 47585006F86B2C6016EC54250A416794792D1E4024FF229C120BC25B684AF66A ] FontCache3.0.0.0 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
        18:41:27.0234 0x15f4  FontCache3.0.0.0 - ok
        18:41:27.0250 0x15f4  [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A, EC635E071201A766845D48973772CBE0958942B4162F3F5F70660D114CC877E0 ] Fs_Rec          C:\WINDOWS\system32\drivers\Fs_Rec.sys
        18:41:27.0359 0x15f4  Fs_Rec - ok
        18:41:27.0359 0x15f4  [ 6AC26732762483366C3969C9E4D2259D, FF2C9A23CC17F380093F0BEA955B1925794271C2FEA16B9B7639668E6999BAE3 ] Ftdisk          C:\WINDOWS\system32\DRIVERS\ftdisk.sys
        18:41:27.0468 0x15f4  Ftdisk - ok
        18:41:27.0515 0x15f4  [ 185ADA973B5020655CEE342059A86CBB, D3E352DFAF30761505480A4C557D980083F65EC5BD46E2656B2114D47B272A89 ] GEARAspiWDM     C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
        18:41:27.0546 0x15f4  GEARAspiWDM - ok
        18:41:27.0578 0x15f4  [ 0A02C63C8B144BD8C86B103DEE7C86A2, 7A3235DD3E1995DD72B212FAEB3ECA2A974434DE9BF6D269EA11BA65A80E7E50 ] Gpc             C:\WINDOWS\system32\DRIVERS\msgpc.sys
        18:41:27.0687 0x15f4  Gpc - ok
        18:41:27.0718 0x15f4  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdate         C:\Program Files\Google\Update\GoogleUpdate.exe
        18:41:27.0734 0x15f4  gupdate - ok
        18:41:27.0750 0x15f4  [ F02A533F517EB38333CB12A9E8963773, 1F72CD1CF660766FA8F912E40B7323A0192A300B376186C10F6803DC5EFE28DF ] gupdatem        C:\Program Files\Google\Update\GoogleUpdate.exe
        18:41:27.0765 0x15f4  gupdatem - ok
        18:41:27.0812 0x15f4  [ 5D4BC124FAAE6730AC002CDB67BF1A1C, 00294F4DC7D17F6DD2A22B9C3299BED40146BA45C972367154D20DB502472551 ] gusvc           C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
        18:41:27.0828 0x15f4  gusvc - ok
        18:41:27.0859 0x15f4  [ 573C7D0A32852B48F3058CFD8026F511, BC384BBA394AFDCDA1A9ABC858C692AA84A1F0A31AF3DDF7F38D120C027927FB ] HDAudBus        C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
        18:41:27.0968 0x15f4  HDAudBus - ok
        18:41:28.0031 0x15f4  [ 4FCCA060DFE0C51A09DD5C3843888BCD, D82417706B517F2610DDF7C86BE03A72EFA9A2A389DF5C8F8ADEAB8144E2C80A ] helpsvc         C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
        18:41:28.0140 0x15f4  helpsvc - ok
        18:41:28.0171 0x15f4  [ DEB04DA35CC871B6D309B77E1443C796, F66A15C9528D661940F1F4CA453B3E95036D68C74C3B8AB53644211DBD3D2F32 ] HidServ         C:\WINDOWS\System32\hidserv.dll
        18:41:28.0250 0x15f4  HidServ - ok
        18:41:28.0265 0x15f4  [ CCF82C5EC8A7326C3066DE870C06DAF1, 93395FA4C26B2E82DC8B7025ED3BCF583885E5D8C5F60CD6EEAA6335D6A126EC ] hidusb          C:\WINDOWS\system32\DRIVERS\hidusb.sys
        18:41:28.0375 0x15f4  hidusb - ok
        18:41:28.0437 0x15f4  [ 8878BD685E490239777BFE51320B88E9, C5C3ECF6B049B6736E35B39518A8F830B45C45A88FFE8E3A6B7922AD946597E2 ] hkmsvc          C:\WINDOWS\System32\kmsvc.dll
        18:41:28.0546 0x15f4  hkmsvc - ok
        18:41:28.0546 0x15f4  hpn - ok
        18:41:28.0609 0x15f4  [ F80A415EF82CD06FFAF0D971528EAD38, 524D9E9201572929522F6805011783711B7C0F76308B924C89CF75F4B7A1FDF3 ] HTTP            C:\WINDOWS\system32\Drivers\HTTP.sys
        18:41:28.0671 0x15f4  HTTP - ok
        18:41:28.0703 0x15f4  [ 6100A808600F44D999CEBDEF8841C7A3, 61A75118C327812C60622010985A2E80E79B6FD9030A5732390EE5426E4AF6C9 ] HTTPFilter      C:\WINDOWS\System32\w3ssl.dll
        18:41:28.0812 0x15f4  HTTPFilter - ok
        18:41:28.0812 0x15f4  i2omgmt - ok
        18:41:28.0828 0x15f4  i2omp - ok
        18:41:28.0843 0x15f4  [ 4A0B06AA8943C1E332520F7440C0AA30, DB2452390CCFE67E0C5FEB4FD42CA24ABE2DDD40D0B22DD5F5B8F70416863918 ] i8042prt        C:\WINDOWS\system32\drivers\i8042prt.sys
        18:41:28.0968 0x15f4  i8042prt - ok
        18:41:29.0109 0x15f4  [ C01AC32DC5C03076CFB852CB5DA5229C, A4D7749220B5BC965D96A267F1E02FE8284A230BA249109207BD4B9EA8DFAC96 ] idsvc           C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
        18:41:29.0171 0x15f4  idsvc - ok
        18:41:29.0203 0x15f4  [ 083A052659F5310DD8B6A6CB05EDCF8E, 48D39B03FFB6FAA1529B774443BA12618AE3982D9F65A7B9D18F2269F78B31F4 ] Imapi           C:\WINDOWS\system32\DRIVERS\imapi.sys
        18:41:29.0312 0x15f4  Imapi - ok
        18:41:29.0343 0x15f4  [ 30DEAF54A9755BB8546168CFE8A6B5E1, 3936228CD3125C763ABFCB93E86E4B43838202BCC0913A28E84AC0263B43EE0D ] ImapiService    C:\WINDOWS\system32\imapi.exe
        18:41:29.0453 0x15f4  ImapiService - ok
        18:41:29.0453 0x15f4  ini910u - ok
        18:41:29.0656 0x15f4  [ EB5608FD4F2961517AC9F5CAC88B023B, 31F3EFF97D332B03314CD57519ECFBDEF7FE8C3992E3C81602ABE3D60ABD7608 ] IntcAzAudAddService C:\WINDOWS\system32\drivers\RtkHDAud.sys
        18:41:30.0015 0x15f4  IntcAzAudAddService - ok
        18:41:30.0015 0x15f4  IntelIde - ok
        18:41:30.0078 0x15f4  [ 8C953733D8F36EB2133F5BB58808B66B, 555868F246D73652E998B0B1296476E42FCEDED30D646CC000F31ECE4EBC25E6 ] intelppm        C:\WINDOWS\system32\DRIVERS\intelppm.sys
        18:41:30.0171 0x15f4  intelppm - ok
        18:41:30.0265 0x15f4  [ D9DA7B3117BF5EFF921C0CDED4D58050, D51A2AFC0E310C5A0EE1540A9E6353F5F7C9E76711187FAD91EEB0B3254EE935 ] IntuitUpdateServiceV4 C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
        18:41:30.0281 0x15f4  IntuitUpdateServiceV4 - ok
        18:41:30.0312 0x15f4  [ 3BB22519A194418D5FEC05D800A19AD0, F6662F440950596DC1382DD1DB5D7891CCEA30A6062BEA942C18445B5F0D8B16 ] Ip6Fw           C:\WINDOWS\system32\drivers\ip6fw.sys
        18:41:30.0421 0x15f4  Ip6Fw - ok
        18:41:30.0453 0x15f4  [ 731F22BA402EE4B62748ADAF6363C182, 5C3BEBD008A5BE4DC2F92076FF41A10DDC01E10EC7E6552213CFA11970811848 ] IpFilterDriver  C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
        18:41:30.0562 0x15f4  IpFilterDriver - ok
        18:41:30.0562 0x15f4  [ B87AB476DCF76E72010632B5550955F5, E6E74D3A86A7917A8BAED44F8E97CCD2EB171E4E4B27E9907F60D1523FAF319A ] IpInIp          C:\WINDOWS\system32\DRIVERS\ipinip.sys
        18:41:30.0687 0x15f4  IpInIp - ok
        18:41:30.0734 0x15f4  [ CC748EA12C6EFFDE940EE98098BF96BB, AF523E21C25D9A1715EFEA573E4F52AF5D4FC9F28A2D613F5DB629C186C439E0 ] IpNat           C:\WINDOWS\system32\DRIVERS\ipnat.sys
        18:41:30.0875 0x15f4  IpNat - ok
        18:41:31.0031 0x15f4  [ 066F2BBE2EEC9A42B065B552BF356B4E, AE86DB5BFD4748C54C0C224E7FBEA3C032F1071A39303DF35AA04869D3950B7A ] iPod Service    C:\Program Files\iPod\bin\iPodService.exe
        18:41:31.0046 0x15f4  iPod Service - ok
        18:41:31.0078 0x15f4  [ 23C74D75E36E7158768DD63D92789A91, 394D296F38E7D8EFD91A6EEC301D9CE6AF910E35EB9819F1A9E3363863AEDFDC ] IPSec           C:\WINDOWS\system32\DRIVERS\ipsec.sys
        18:41:31.0187 0x15f4  IPSec - ok
        18:41:31.0218 0x15f4  [ C93C9FF7B04D772627A3646D89F7BF89, 805FA48E7A46D4F10240BF880A2468F53DEA36E83004399228AB70DB7D20544A ] IRENUM          C:\WINDOWS\system32\DRIVERS\irenum.sys
        18:41:31.0312 0x15f4  IRENUM - ok
        18:41:31.0343 0x15f4  [ 05A299EC56E52649B1CF2FC52D20F2D7, 2654619DB3E6D6C385B63AB02F87D4241C4F0250CC31383D1B3586917166C2DC ] isapnp          C:\WINDOWS\system32\DRIVERS\isapnp.sys
        18:41:31.0453 0x15f4  isapnp - ok
        18:41:31.0593 0x15f4  [ 80A79264302910C7C24BA7E44267EFEF, 6080C233478350C8E07515D20D2D60C3758C4A65432B04E8C8B816248621A3EF ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
        18:41:31.0640 0x15f4  JavaQuickStarterService - ok
        18:41:31.0656 0x15f4  [ 463C1EC80CD17420A542B7F36A36F128, E3B11BA26AFEAFB50B0FC168EA07F6049DA6B88BCDDEEE20310602D7FC27A3A7 ] Kbdclass        C:\WINDOWS\system32\DRIVERS\kbdclass.sys
        18:41:31.0750 0x15f4  Kbdclass - ok
        18:41:31.0765 0x15f4  [ 9EF487A186DEA361AA06913A75B3FA99, B94EBA4EC6D85E11C81AF9927E9EF0AF2E6FE134CFF1FDB0535B7C5A794B4261 ] kbdhid          C:\WINDOWS\system32\DRIVERS\kbdhid.sys
        18:41:31.0859 0x15f4  kbdhid - ok
        18:41:31.0906 0x15f4  [ 692BCF44383D056AED41B045A323D378, 1A99DEE83FFAF64E73067FC049C0A4CE07D94E4AE31EFA17B38CEFA9E41D67DC ] kmixer          C:\WINDOWS\system32\drivers\kmixer.sys
        18:41:32.0046 0x15f4  kmixer - ok
        18:41:32.0093 0x15f4  [ B467646C54CC746128904E1654C750C1, 3BD71BE3663EA23463D236D8A2A2E42DFA10C502BDB4B6E131FAF0FBA748219E ] KSecDD          C:\WINDOWS\system32\drivers\KSecDD.sys
        18:41:32.0171 0x15f4  KSecDD - ok
        18:41:32.0203 0x15f4  [ 3A7C3CBE5D96B8AE96CE81F0B22FB527, 0044F03132596A494448CCE5F3D6ECC12617BB4CF6BAE348F79D4DC40ACD6EE0 ] lanmanserver    C:\WINDOWS\System32\srvsvc.dll
        18:41:32.0281 0x15f4  lanmanserver - ok
        18:41:32.0312 0x15f4  [ A8888A5327621856C0CEC4E385F69309, B08B63300D824E35E31EEEA2C4C086DFA2C2A964CEDAE512E74D3D88AADAA2C1 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
        18:41:32.0359 0x15f4  lanmanworkstation - ok
        18:41:32.0359 0x15f4  lbrtfdc - ok
        18:41:32.0421 0x15f4  [ A7DB739AE99A796D91580147E919CC59, EDF4E039BA277B0E6D66FEB0B28096E67D682C09DFC18ECECF062D9DCFB75ACF ] LmHosts         C:\WINDOWS\System32\lmhsvc.dll
        18:41:32.0531 0x15f4  LmHosts - ok
        18:41:32.0578 0x15f4  [ 4470E3C1E0C3378E4CAB137893C12C3A, CA8E66356F0E671D5454E561E7EAD74DE25DCF53BE452369F96ECACFA8709489 ] MBAMProtector   C:\WINDOWS\system32\drivers\mbam.sys
        18:41:32.0593 0x15f4  MBAMProtector - ok
        18:41:32.0640 0x15f4  [ 65085456FD9A74D7F1A999520C299ECB, EA564BC913EF1B8A4CAA9242FC70F525B68CF1F3CA462F63B0B7215B93FE8530 ] MBAMScheduler   C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
        18:41:32.0718 0x15f4  MBAMScheduler - ok
        18:41:32.0781 0x15f4  [ E0D7732F2D2E24B2DB3F67B6750295B8, AA5CA86AF1ACEC900F60339016B3DC55472DB40ADB99186005A7ABE67B7D66FC ] MBAMService     C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
        18:41:32.0843 0x15f4  MBAMService - ok
        18:41:32.0984 0x15f4  [ E4DFBE4C4A9C2BD87C1430F445F3E3CB, 34A0295D0AC37537B010FEC4534535D92AA4C30900DC37444C992C15F86D3AA4 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe
        18:41:33.0015 0x15f4  McComponentHostService - ok
        18:41:33.0062 0x15f4  [ 986B1FF5814366D71E0AC5755C88F2D3, E6AF051174531C24B38E73987755D366ABEC595476C6D17793E8DCCC73F55340 ] Messenger       C:\WINDOWS\System32\msgsvc.dll
        18:41:33.0156 0x15f4  Messenger - ok
        18:41:33.0171 0x15f4  [ A7DA20AB18A1BDAE28B0F349E57DA0D1, C668F419579ADDF37558241982B0334A93644E9C05919967C494FE9853E62D5B ] mf              C:\WINDOWS\system32\DRIVERS\mf.sys
        18:41:33.0296 0x15f4  mf - ok
        18:41:33.0312 0x15f4  [ 4AE068242760A1FB6E1A44BF4E16AFA6, 1FB771162B96AAF787AC24867B818DF8511F0780BB094FA9A38C11D8DBFE68BC ] mnmdd           C:\WINDOWS\system32\drivers\mnmdd.sys
        18:41:33.0437 0x15f4  mnmdd - ok
        18:41:33.0484 0x15f4  [ D18F1F0C101D06A1C1ADF26EED16FCDD, BA0837C7780BD8262E143E2935AFA63BE59C3C39EF56CB8608EED0F50AF070D4 ] mnmsrvc         C:\WINDOWS\system32\mnmsrvc.exe
        18:41:33.0609 0x15f4  mnmsrvc - ok
        18:41:33.0640 0x15f4  [ DFCBAD3CEC1C5F964962AE10E0BCC8E1, B342CC9EC3729AB1AB4B5E2E99F890C1E0CA649162DE91F6768AB857B719E97B ] Modem           C:\WINDOWS\system32\drivers\Modem.sys
        18:41:33.0734 0x15f4  Modem - ok
        18:41:33.0781 0x15f4  [ 201BFC4EF8B33D02D133FBF6535E515B, 7CADD2F00C8C6F569EB7767FEE46AC62A22A072E61C4C0D9E66E04D59D211F26 ] motccgp         C:\WINDOWS\system32\DRIVERS\motccgp.sys
        18:41:33.0828 0x15f4  motccgp - ok
        18:41:33.0828 0x15f4  [ D0242A3832EB7C97801BB25889561E23, C325EBB32875B2CBC9C063DA121454D0E56F34CC09653DDEAE8A78606276A933 ] motccgpfl       C:\WINDOWS\system32\DRIVERS\motccgpfl.sys
        18:41:33.0859 0x15f4  motccgpfl - ok
        18:41:33.0890 0x15f4  [ 35C9E97194C8CFB8430125F8DBC34D04, 0C0FCE6B0A23FB0ECB92E1663E1C72D2DD5B177D82E04782957690B69530DB39 ] Mouclass        C:\WINDOWS\system32\DRIVERS\mouclass.sys
        18:41:34.0046 0x15f4  Mouclass - ok
        18:41:34.0078 0x15f4  [ B1C303E17FB9D46E87A98E4BA6769685, 161A45488522055D0F0474ABEDA04DDD0B5DAC2411AF9154B15190BBD66E7153 ] mouhid          C:\WINDOWS\system32\DRIVERS\mouhid.sys
        18:41:34.0203 0x15f4  mouhid - ok
        18:41:34.0234 0x15f4  [ A80B9A0BAD1B73637DBCBBA7DF72D3FD, 2A5E15ED2C24C6C65EF2F7E1FD93374774076C9D8D451E4422561F4D269C012F ] MountMgr        C:\WINDOWS\system32\drivers\MountMgr.sys
        18:41:34.0328 0x15f4  MountMgr - ok
        18:41:34.0390 0x15f4  [ 15D5398EED42C2504BB3D4FC875C15D1, 04FE9BBE5B770957BCD81E2B198FF56AEC3168038C4DFAA1AA8DC1A280394B78 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
        18:41:34.0406 0x15f4  MozillaMaintenance - ok
        18:41:34.0406 0x15f4  mraid35x - ok
        18:41:34.0437 0x15f4  [ 11D42BB6206F33FBB3BA0288D3EF81BD, 76ABCFB62C5AC549F58C231F72A99882CDEB74928104B77FE52554765C2B1A22 ] MRxDAV          C:\WINDOWS\system32\DRIVERS\mrxdav.sys
        18:41:34.0546 0x15f4  MRxDAV - ok
        18:41:34.0609 0x15f4  [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0, DB9B186F7076D7B94F45041AF7B77C1AD2CAB504D683B459C6CB1C22840ED170 ] MRxSmb          C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
        18:41:34.0671 0x15f4  MRxSmb - ok
        18:41:34.0687 0x15f4  [ A137F1470499A205ABBB9AAFB3B6F2B1, FB4951727543030D9E6ED74149C3FAACE2CA9DA8C1B5F616301B30B858C724E8 ] MSDTC           C:\WINDOWS\system32\msdtc.exe
        18:41:34.0796 0x15f4  MSDTC - ok
        18:41:34.0812 0x15f4  [ C941EA2454BA8350021D774DAF0F1027, C940E978C7B66A713A0FDAB54B5F995DF59D089AFCD96221DD3222948CD49BBD ] Msfs            C:\WINDOWS\system32\drivers\Msfs.sys
        18:41:34.0890 0x15f4  Msfs - ok
        18:41:34.0890 0x15f4  MSIServer - ok
        18:41:34.0937 0x15f4  [ D1575E71568F4D9E14CA56B7B0453BF1, 4ABE0E24786C0D39FA2B885447E56204CA6942FB175E534DCE675D7BCF0B176A ] MSKSSRV         C:\WINDOWS\system32\drivers\MSKSSRV.sys
        18:41:35.0046 0x15f4  MSKSSRV - ok
        18:41:35.0078 0x15f4  [ 325BB26842FC7CCC1FCCE2C457317F3E, C07BE560513B1FB91D756494F0BA4AEEB2E1998DE0E1C21EE83DB1183B0CEE91 ] MSPCLOCK        C:\WINDOWS\system32\drivers\MSPCLOCK.sys
        18:41:35.0187 0x15f4  MSPCLOCK - ok
        18:41:35.0203 0x15f4  [ BAD59648BA099DA4A17680B39730CB3D, 9AD4C7C94C186C8815D0BC75DCAFB962158DA6935A244BA243EDDDEB33F9816C ] MSPQM           C:\WINDOWS\system32\drivers\MSPQM.sys
        18:41:35.0328 0x15f4  MSPQM - ok
        18:41:35.0343 0x15f4  [ AF5F4F3F14A8EA2C26DE30F7A1E17136,

         

        Click Here