PDA

View Full Version : Computer and internet run slow. Please help.



jeromez48
2014-04-03, 19:50
I downloaded and ran Rkill and FRST. What to do now? I pasted FRST notepad below; additions will be on my next message.

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01
Ran by Administrator (administrator) on HOME-88B26076E7 on 03-04-2014 12:18:28
Running from C:\Documents and Settings\Administrator\Desktop
Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Support.com, Inc.) C:\Program Files\XFINITY Computer Performance Tool\SDCService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Documents and Settings\Administrator\Desktop\Defense & Stuff\Stuff\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Motorola Mobility LLC) C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Support.com, Inc.) C:\Program Files\XFINITY Computer Performance Tool\sdccont.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
(Brother Industries, Ltd.) C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
(Yahoo! Inc.) C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Documents and Settings\Administrator\Desktop\Defense & Stuff\Stuff\Games\freecell.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MakiwaraNotify] - C:\Program Files\XFINITY Computer Performance Tool\sdccont.exe [40384 2012-11-05] (Support.com, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\.DEFAULT\...\Run: [Google Update] - C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [116648 2014-02-07] (Google Inc.)
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-21-790525478-2025429265-725345543-500\...\Run: [Google Update] - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [136176 2011-03-16] (Google Inc.)
HKU\S-1-5-21-790525478-2025429265-725345543-500\...\Run: [A24802D8E0033B87C7A71FBB6D39DEF74469BA10._service_run] - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe [859976 2014-03-14] (Google Inc.)
HKU\S-1-5-21-790525478-2025429265-725345543-500\...\Run: [Spybot-S&D Cleaning] - C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-790525478-2025429265-725345543-500\...\Policies\Explorer: [NoInstrumentation] 1
HKU\S-1-5-21-790525478-2025429265-725345543-500\...\MountPoints2: {420f0c06-e165-11e0-b9d4-000bdbb38c62} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL TL-Bootstrap.exe
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Status Monitor.lnk
ShortcutTarget: Status Monitor.lnk -> C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe (Brother Industries, Ltd.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://update.microsoft.com/microsoftupdate/v6/default.aspx?ln=en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
URLSearchHook: HKCU - (No Name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - No File
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.com/search?q={sear
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=15527&prt=360&chn=S1122&geo=US&ver=20&locale=en_US&tpr=111
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} http://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} http://www.comcastsupport.com/sdccommon/download/tgctlsr.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1300239196265
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0025-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_25-windows-i586.cab
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a3ulizkr.default
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @garmin.com/GpsControl - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @logitech.com/HarmonyRemote,version=1.0.0 - C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Motive.com/NpMotive,version=1.0 - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
FF Plugin: @Motive.com/npMotiveRequest,version=1.0 - C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
FF Plugin: @Nero.com/KM - C:\PROGRA~1\COMMON~1\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Extension: Torntv 2 - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\a3ulizkr.default\Extensions\torntv2@torntv.com.xpi [2013-04-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-09]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []

Chrome:
=======
CHR HomePage: hxxp://www.cnn.com/
CHR Plugin: (Shockwave Flash) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_1\npcoplgn.dll No File
CHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\plugins\npMozCouponPrinter.dll (Coupons, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.4) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll No File
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~1\COMMON~1\Nero\BrowserPlugin\npBrowserPlugin.dll (Nero AG)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (AmazonMP3DownloaderPlugin) - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
CHR Plugin: (Motive Plugin) - C:\Program Files\Common Files\Motive\npMotive.dll (Alcatel-Lucent)
CHR Plugin: (Motive Management Plug-in) - C:\Program Files\Common Files\Motive\npMotiveRequest.dll (Alcatel-Lucent)
CHR Plugin: (Garmin Communicator Plug-In) - C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Harmony Firefox Plugin) - C:\Program Files\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll (Logitech Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live® Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files\Yahoo!\Common\npyaxmpb.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1200112.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.16) - C:\WINDOWS\system32\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-10-02]
CHR Extension: (Google Drive) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-21]
CHR Extension: (No Name) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dkfhfaphfkopdgpbfkebjfcblcafcmpi [2013-11-11]
CHR Extension: (backgroundPage) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2014-02-19]
CHR Extension: (Fall Solitaire) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\meiofaocnmolemfkmefcgakiiinllgip [2013-10-02]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-24]
CHR HKLM\...\Chrome\Extension: [afbcibndhffhhbokgpbpecjmejjcgcej] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\afbcibndhffhhbokgpbpecjmejjcgcej.crx [2013-01-20]
CHR HKLM\...\Chrome\Extension: [edmgmpmklgfbohogafcfobonnkogchec] - C:\Program Files\Common Files\Motive\extensions\MotiveRequest.crx [2012-12-27]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Security Suite\Engine\21.2.0.38\Exts\Chrome.crx [2014-04-02]
CHR HKCU\...\Chrome\Extension: [afbcibndhffhhbokgpbpecjmejjcgcej] - C:\Documents and Settings\Administrator\Local Settings\Application Data\CRE\afbcibndhffhhbokgpbpecjmejjcgcej.crx [2013-01-20]
CHR HKCU\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\DOCUME~1\ADMINI~1\LOCALS~1\APPLIC~1\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx [2013-06-20]
CHR StartMenuInternet: Google Chrome - C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

========================== Services (Whitelisted) =================

S3 BrYNSvc; C:\Program Files\Browny02\BrYNSvc.exe [249856 2011-05-12] (Brother Industries, Ltd.)
R2 Garmin Core Update Service; C:\Documents and Settings\Administrator\Desktop\Defense & Stuff\Stuff\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [250200 2013-09-19] (Garmin Ltd or its subsidiaries)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
R2 Motorola Device Manager; C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
R2 N360; C:\Program Files\Norton Security Suite\Engine\21.2.0.38\N360.exe [265040 2014-03-14] (Symantec Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
S4 NeroMediaHomeService.4; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [259368 2009-06-23] (Nero AG)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 XFINITY Computer Performance Tool; C:\Program Files\XFINITY Computer Performance Tool\SDCService.exe [406976 2012-11-05] (Support.com, Inc.)
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]

==================== Drivers (Whitelisted) ====================

R1 BHDrvx86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx86.sys [1098968 2014-03-18] (Symantec Corporation)
S3 BrScnUsb; C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys [15295 2004-10-15] (Brother Industries Ltd.)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1502000.026\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-12-09] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-12-09] (Symantec Corporation)
R3 IDSxpx86; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140402.001\IDSxpx86.sys [383120 2014-03-25] (Symantec Corporation)
S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [50648 2014-04-01] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2014-03-05] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [107736 2014-04-03] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files\Common Files\Motive\MREMP50.sys [21248 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files\Common Files\Motive\MRESP50.sys [20096 2012-12-10] (Printing Communications Assoc., Inc. (PCAUSA))
R3 NAVENG; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140403.002\NAVENG.SYS [93272 2013-12-09] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140403.002\NAVEX15.SYS [1612376 2013-12-09] (Symantec Corporation)
R3 SRTSP; C:\WINDOWS\System32\Drivers\N360\1502000.026\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1502000.026\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\N360\1502000.026\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\N360\1502000.026\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-12-09] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360\1502000.026\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\1502000.026\SYMTDI.SYS [423256 2014-02-17] (Symantec Corporation)
S4 57935899; No ImagePath
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 PTHSBUS; system32\DRIVERS\PTHSBUS.sys [X]
S3 PTHSMDM; system32\DRIVERS\PTHSMDM.sys [X]
S3 PTHSVSP; system32\DRIVERS\PTHSVSP.sys [X]
S4 RapportIaso; \??\c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportms\39624\rapportiaso.sys [X]
S4 SBRE; \??\C:\WINDOWS\system32\drivers\SBREdrv.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

========================== Drivers MD5 =======================

C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17
C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\WINDOWS\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys B60F57B4D9CDBC663CC03EB8AF7EC34E
C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx86.sys 0305AF513F52CCCD0716002EC06AC2AA
C:\WINDOWS\System32\DRIVERS\BrScnUsb.sys 92A964547B96D697E5E9ED43B4297F5A
C:\WINDOWS\System32\Drivers\BrSerIf.sys 1A5FC78E41840EDF79D65EC16EFF2787
C:\WINDOWS\System32\Drivers\BrUsbSer.sys A24C7B39602218F8DBDB2B6704325FC7
C:\WINDOWS\System32\DRIVERS\motfilt.sys 7FCC9983A18DCB0D69EA827CCE130308
C:\WINDOWS\system32\drivers\BVRPMPR5.SYS 248DFA5762DDE38DFDDBBD44149E9D7A
C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\WINDOWS\system32\drivers\N360\1502000.026\ccSetx86.sys 56C2811FD0D7B727808A69407B5BFAE0
C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\WINDOWS\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\WINDOWS\system32\Drivers\cercsr6.sys 84853B3FD012251690570E9E7E43343F
C:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41
C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F
C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 08EE8892FD19A6A951F40254E97F6EF3
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 050D136C61DBCF36C257206ADBBEC009
C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3
C:\WINDOWS\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\WINDOWS\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\WINDOWS\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys 77E4FF0B73BC0AEAAF39BF0C8104231F
C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 60E1604729A15EF4A3B05F298427B3B1
C:\WINDOWS\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38
C:\WINDOWS\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30
C:\WINDOWS\System32\DRIVERS\ialmnt5.sys 44B7D5A4F2BD9FE21AEA0BB0BACE38C4
C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140402.001\IDSxpx86.sys 67E770480F9777BBA8C5307BE4F69EF0
C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\WINDOWS\System32\DRIVERS\intelide.sys B5466A9250342A7AA0CD1FBA13420678
C:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B
C:\WINDOWS\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7
C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128
C:\WINDOWS\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99
C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\WINDOWS\system32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1
C:\WINDOWS\system32\drivers\mbamchameleon.sys D9245511FF704AC29A4EFD1B168E1C02
C:\WINDOWS\system32\drivers\mbam.sys C846349849475B7EC8B20A825449D531
C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 661B911FA04E73FB073FF9B1C9BD2E05
C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys EEAEA6514BA7C9D273B5E87C4E1AAB30
C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1
C:\WINDOWS\System32\drivers\MODEMCSA.sys 1992E0D143B09653AB0F9C5E04B0FD65
C:\WINDOWS\System32\DRIVERS\motccgp.sys 80546B56A1E9D70F8F67D4AF5DC15EE7
C:\WINDOWS\System32\DRIVERS\motswch.sys 140176B235722B6B92B56910ACDF3CC0
C:\WINDOWS\System32\DRIVERS\Motousbnet.sys 02338F0FBF22FC4680E8520D8ADDB257
C:\WINDOWS\System32\DRIVERS\motusbdevice.sys DDA26939FEB88994FBC45D7C52DA5D10
C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04
C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685
C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\Program Files\Common Files\Motive\MREMP50.sys 9BD4DCB5412921864A7AACDEDFBD1923
C:\Program Files\Common Files\Motive\MRESP50.sys 07C02C892E8E1A72D6BF35004F0E9C5E
C:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0
C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\WINDOWS\system32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5
C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140403.002\NAVENG.SYS 81E928EE3751FAF725C87CC17726C05D
C:\Program Files\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140403.002\NAVEX15.SYS E0C39FA6C76AE8ED53ABF043F35ECDFF
C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22
C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0
C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\WINDOWS\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C
C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1
C:\WINDOWS\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0
C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1
C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\WINDOWS\System32\DRIVERS\rdpdr.sys 15CABD0F7C00C47C70124907916AF3F1
C:\WINDOWS\system32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7
C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5
C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\WINDOWS\System32\drivers\senfilt.sys B9C7617C1E8AB6FDFF75D3C8DAFCB4C8
C:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE
C:\WINDOWS\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7
C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\WINDOWS\System32\drivers\smwdm.sys C6D9959E493682F872A639B6EC1B4A08
C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D
C:\WINDOWS\System32\Drivers\N360\1502000.026\SRTSP.SYS 91C966DE2058116525748050A22C8170
C:\WINDOWS\system32\drivers\N360\1502000.026\SRTSPX.SYS 1B6D68043F488F70E889276E1585B7AA
C:\WINDOWS\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7
C:\WINDOWS\System32\DRIVERS\ssmirrdr.sys F843301BDADB2728822C83413EF5F132
C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\WINDOWS\System32\drivers\N360\1502000.026\SYMDS.SYS 4C3DEF736D3857570166DE5C858600F5
C:\WINDOWS\System32\drivers\N360\1502000.026\SYMEFA.SYS B70A98F20B4180F2751CFD7656116342
C:\WINDOWS\system32\Drivers\SYMEVENT.SYS E987A9CB539147527F56943BB34B7375
C:\WINDOWS\system32\drivers\N360\1502000.026\Ironx86.SYS E3A3CA230C7547364BB3D9DA0C301A36
C:\WINDOWS\System32\Drivers\N360\1502000.026\SYMTDI.SYS D602FFD15F577256770C82DD2D07214F
C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FC
C:\WINDOWS\System32\DRIVERS\usbehci.sys 4BAC8DF07F1D8434FC640E677A62204E
C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00
C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9
C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6
C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025
C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\WINDOWS\System32\Drivers\wdf01000.sys D918617B46457B9AC28027722E30F647
C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F
C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys F59ED5A43B988A18EF582BB07B2327A7
C:\WINDOWS\System32\DRIVERS\wpdusb.sys C60DC16D4E406810FAD54B98DC92D5EC
C:\WINDOWS\System32\DRIVERS\WudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311
C:\WINDOWS\System32\DRIVERS\WUDFRd.sys 28B524262BCE6DE1F7EF9F510BA3985B

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-03 12:06 - 2014-04-03 12:15 - 00029958 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt
2014-04-03 12:04 - 2014-04-03 12:19 - 00036595 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-04-03 12:04 - 2014-04-03 12:15 - 00000000 ____D () C:\FRST
2014-04-03 12:02 - 2014-04-03 12:02 - 01145856 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-04-03 11:55 - 2014-04-03 11:57 - 00005424 _____ () C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2014-04-03 11:55 - 2014-04-03 11:55 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Administrator\Desktop\rkill.exe
2014-04-02 17:34 - 2014-04-02 17:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application DataGoogle
2014-03-31 18:38 - 2014-03-30 01:23 - 00450674 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140331-183802.backup
2014-03-30 01:23 - 2012-11-12 12:47 - 00444743 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140330-012329.backup
2014-03-30 00:57 - 2014-04-03 10:10 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-03-30 00:57 - 2014-04-02 00:31 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-03-30 00:57 - 2014-04-01 01:38 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-03-30 00:56 - 2014-03-30 00:56 - 00001860 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-03-30 00:56 - 2014-03-30 00:56 - 00001854 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-03-30 00:56 - 2014-03-30 00:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-03-30 00:56 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean.exe
2014-03-29 17:28 - 2014-03-29 17:32 - 00077593 _____ () C:\Documents and Settings\Administrator\Desktop\New Division List.xlsx
2014-03-28 15:09 - 2014-04-03 12:16 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-03-28 15:08 - 2014-04-01 00:04 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-28 15:08 - 2014-03-28 15:08 - 00000793 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-28 15:08 - 2014-03-28 15:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-28 15:08 - 2014-03-28 15:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-03-28 15:08 - 2014-03-05 09:26 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-28 13:54 - 2014-03-28 15:00 - 00000598 _____ () C:\WINDOWS\wininit.ini
2014-03-28 12:50 - 2014-04-03 10:07 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-03-28 12:50 - 2014-03-30 00:56 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-27 14:45 - 2014-04-03 09:45 - 00014570 _____ () C:\Documents and Settings\Administrator\Desktop\ND.csv
2014-03-20 16:38 - 2014-03-20 16:38 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\QuickScan
2014-03-19 12:09 - 2014-04-03 10:10 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-19 12:09 - 2014-03-20 10:59 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-19 11:48 - 2014-03-19 11:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2491683$
2014-03-19 11:21 - 2014-03-19 11:48 - 00024487 _____ () C:\WINDOWS\KB2491683.log
2014-03-19 03:33 - 2014-03-19 03:33 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-18 12:31 - 2014-03-18 12:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-18 12:27 - 2014-03-18 12:31 - 00004151 _____ () C:\WINDOWS\KB2934207.log
2014-03-18 12:15 - 2014-02-25 21:59 - 00013312 ____N (Microsoft Corporation) C:\WINDOWS\system32\xp_eos.exe
2014-03-18 12:15 - 2014-02-25 21:59 - 00013312 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\xp_eos.exe
2014-03-13 03:04 - 2014-03-13 03:05 - 00130776 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-13 03:04 - 2014-03-13 03:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-13 03:04 - 2014-03-13 03:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 23:15 - 2014-03-13 03:04 - 00131301 _____ () C:\WINDOWS\KB2930275.log
2014-03-12 23:15 - 2014-03-13 03:04 - 00127944 _____ () C:\WINDOWS\KB2929961.log
2014-03-04 01:53 - 2014-03-04 01:53 - 00001746 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

==================== One Month Modified Files and Folders =======

2014-04-03 12:19 - 2014-04-03 12:04 - 00036595 _____ () C:\Documents and Settings\Administrator\Desktop\FRST.txt
2014-04-03 12:17 - 2013-03-01 17:32 - 00000250 _____ () C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
2014-04-03 12:17 - 2011-03-16 08:29 - 00000438 ____H () C:\WINDOWS\Tasks\User_Feed_Synchronization-{44E0DE12-DA92-4990-B9C8-B486B9DCCBC8}.job
2014-04-03 12:16 - 2014-03-28 15:09 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-03 12:15 - 2014-04-03 12:06 - 00029958 _____ () C:\Documents and Settings\Administrator\Desktop\Addition.txt
2014-04-03 12:15 - 2014-04-03 12:04 - 00000000 ____D () C:\FRST
2014-04-03 12:12 - 2013-10-24 17:19 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-04-03 12:07 - 2011-03-16 16:25 - 00001010 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-2025429265-725345543-500UA.job
2014-04-03 12:02 - 2014-04-03 12:02 - 01145856 _____ (Farbar) C:\Documents and Settings\Administrator\Desktop\FRST.exe
2014-04-03 12:01 - 2004-08-04 08:00 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-03 11:57 - 2014-04-03 11:55 - 00005424 _____ () C:\Documents and Settings\Administrator\Desktop\Rkill.txt
2014-04-03 11:55 - 2014-04-03 11:55 - 01933048 _____ (Bleeping Computer, LLC) C:\Documents and Settings\Administrator\Desktop\rkill.exe
2014-04-03 11:54 - 2012-04-19 11:55 - 00000900 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-03 11:48 - 2014-02-07 17:43 - 00000998 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2014-04-03 10:46 - 2011-03-18 12:42 - 00000302 _____ () C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-2025429265-725345543-500.job
2014-04-03 10:18 - 2011-03-15 19:42 - 01938686 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-03 10:14 - 2013-11-18 18:20 - 00000000 ____D () C:\WINDOWS\system32\Drivers\N360
2014-04-03 10:12 - 2011-03-15 19:49 - 00032452 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-03 10:12 - 2011-03-15 14:35 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-03 10:10 - 2014-03-30 00:57 - 00000644 _____ () C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job
2014-04-03 10:10 - 2014-03-19 12:09 - 00000238 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-03 10:10 - 2013-12-09 18:42 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton Security Suite
2014-04-03 10:10 - 2012-11-14 15:20 - 00000294 _____ () C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-790525478-2025429265-725345543-500.job
2014-04-03 10:10 - 2012-04-19 11:55 - 00000896 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-03 10:10 - 2011-03-15 14:35 - 00000048 _____ () C:\WINDOWS\wiaservc.log
2014-04-03 10:09 - 2011-03-15 19:49 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-03 10:07 - 2014-03-28 12:50 - 00065536 _____ () C:\WINDOWS\system32\config\SpybotSD.evt
2014-04-03 10:07 - 2011-03-15 19:49 - 00000278 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-04-03 09:45 - 2014-03-27 14:45 - 00014570 _____ () C:\Documents and Settings\Administrator\Desktop\ND.csv
2014-04-03 01:07 - 2011-03-16 16:25 - 00000958 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-2025429265-725345543-500Core.job
2014-04-02 18:11 - 2013-11-26 19:11 - 00000478 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Engine.job
2014-04-02 17:34 - 2014-04-02 17:34 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Application DataGoogle
2014-04-02 16:48 - 2014-02-07 17:43 - 00000946 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2014-04-02 14:51 - 2011-04-11 22:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2014-04-02 00:31 - 2014-03-30 00:57 - 00000616 _____ () C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job
2014-04-01 15:15 - 2013-12-31 16:57 - 00002563 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
2014-04-01 01:38 - 2014-03-30 00:57 - 00000446 _____ () C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job
2014-04-01 00:04 - 2014-03-28 15:08 - 00050648 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-03-31 18:36 - 2011-03-17 23:11 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-31 16:22 - 2013-08-16 10:12 - 00000000 ____D () C:\Program Files\XFINITY Computer Performance Tool
2014-03-31 16:21 - 2011-03-15 19:49 - 00000000 __SHD () C:\Documents and Settings\LocalService
2014-03-31 16:21 - 2011-03-15 19:49 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-03-31 16:21 - 2011-03-15 19:47 - 00000000 __SHD () C:\Documents and Settings\NetworkService
2014-03-31 16:13 - 2013-09-08 13:52 - 00002526 _____ () C:\WINDOWS\system32\regHiveData.bin
2014-03-31 14:50 - 2014-02-19 14:34 - 00000000 ____D () C:\Program Files\Common Files\ODBC
2014-03-31 14:50 - 2011-09-26 20:40 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-31 14:49 - 2011-03-16 16:26 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Adobe
2014-03-31 14:48 - 2013-08-16 10:15 - 00000000 ____D () C:\WINDOWS\SystemRepair
2014-03-30 01:23 - 2014-03-31 18:38 - 00450674 ____R () C:\WINDOWS\system32\Drivers\etc\hosts.20140331-183802.backup
2014-03-30 00:56 - 2014-03-30 00:56 - 00001860 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-03-30 00:56 - 2014-03-30 00:56 - 00001854 _____ () C:\Documents and Settings\All Users\Desktop\Spybot-S&D Start Center.lnk
2014-03-30 00:56 - 2014-03-30 00:56 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy 2
2014-03-30 00:56 - 2014-03-28 12:50 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-03-29 17:32 - 2014-03-29 17:28 - 00077593 _____ () C:\Documents and Settings\Administrator\Desktop\New Division List.xlsx
2014-03-28 15:35 - 2013-08-14 11:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2849470$
2014-03-28 15:08 - 2014-03-28 15:08 - 00000793 _____ () C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2014-03-28 15:08 - 2014-03-28 15:08 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-28 15:08 - 2014-03-28 15:08 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
2014-03-28 15:08 - 2011-08-28 08:29 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-03-28 15:00 - 2014-03-28 13:54 - 00000598 _____ () C:\WINDOWS\wininit.ini
2014-03-27 11:34 - 2011-09-02 12:20 - 00002473 _____ () C:\Documents and Settings\Administrator\Desktop\Word.lnk
2014-03-26 18:11 - 2013-11-26 19:11 - 00000494 _____ () C:\WINDOWS\Tasks\Motorola Device Manager Update.job
2014-03-26 02:08 - 2013-01-10 21:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\vlc
2014-03-24 17:18 - 2013-09-28 10:11 - 00082497 _____ () C:\WINDOWS\setupapi.log
2014-03-20 16:38 - 2014-03-20 16:38 - 00000000 ____D () C:\Documents and Settings\LocalService\Application Data\QuickScan
2014-03-20 16:38 - 2012-06-01 23:22 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\QuickScan
2014-03-20 12:32 - 2012-09-14 13:49 - 00100864 ___SH () C:\Documents and Settings\Administrator\My Documents\Thumbs.db
2014-03-20 11:58 - 2011-08-08 15:21 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\Medical
2014-03-20 11:43 - 2014-03-01 14:09 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\New Folder
2014-03-20 10:59 - 2014-03-19 12:09 - 00000232 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-19 12:07 - 2011-03-15 14:25 - 00000000 ____D () C:\WINDOWS\security
2014-03-19 11:53 - 2011-03-17 17:31 - 00000000 ____D () C:\Documents and Settings\Administrator\Desktop\Defense & Stuff
2014-03-19 11:52 - 2011-03-19 00:23 - 00000000 ____D () C:\Documents and Settings\Administrator\My Documents\My Widgets
2014-03-19 11:48 - 2014-03-19 11:48 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2491683$
2014-03-19 11:48 - 2014-03-19 11:21 - 00024487 _____ () C:\WINDOWS\KB2491683.log
2014-03-19 11:48 - 2011-03-15 14:32 - 02244033 _____ () C:\WINDOWS\FaxSetup.log
2014-03-19 11:48 - 2011-03-15 14:32 - 01098947 _____ () C:\WINDOWS\ocgen.log
2014-03-19 11:48 - 2011-03-15 14:32 - 01033009 _____ () C:\WINDOWS\tsoc.log
2014-03-19 11:48 - 2011-03-15 14:32 - 00700234 _____ () C:\WINDOWS\msmqinst.log
2014-03-19 11:48 - 2011-03-15 14:32 - 00640603 _____ () C:\WINDOWS\comsetup.log
2014-03-19 11:48 - 2011-03-15 14:32 - 00458162 _____ () C:\WINDOWS\iis6.log
2014-03-19 11:48 - 2011-03-15 14:32 - 00393633 _____ () C:\WINDOWS\netfxocm.log
2014-03-19 11:48 - 2011-03-15 14:32 - 00389381 _____ () C:\WINDOWS\ntdtcsetup.log
2014-03-19 11:48 - 2011-03-15 14:32 - 00155731 _____ () C:\WINDOWS\MedCtrOC.log
2014-03-19 11:48 - 2011-03-15 14:32 - 00113099 _____ () C:\WINDOWS\tabletoc.log
2014-03-19 11:48 - 2011-03-15 14:32 - 00112671 _____ () C:\WINDOWS\msgsocm.log
2014-03-19 11:48 - 2011-03-15 14:32 - 00105695 _____ () C:\WINDOWS\ocmsn.log
2014-03-19 11:48 - 2011-03-15 14:32 - 00001374 _____ () C:\WINDOWS\imsins.log
2014-03-19 11:41 - 2011-03-17 13:02 - 00001508 _____ () C:\Documents and Settings\Administrator\Desktop\Hearts.lnk
2014-03-19 11:27 - 2011-03-17 13:01 - 00001490 _____ () C:\Documents and Settings\Administrator\Desktop\Spider Solitaire.lnk
2014-03-19 11:23 - 2011-03-15 19:40 - 00001479 _____ () C:\Documents and Settings\Administrator\Desktop\Solitaire.lnk
2014-03-19 11:21 - 2011-03-15 21:47 - 00000000 ___HD () C:\WINDOWS\$hf_mig$
2014-03-19 03:49 - 2011-03-15 21:15 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-03-19 03:48 - 2012-09-26 09:03 - 00000000 ____D () C:\Program Files\Common Files\Adaptec Shared
2014-03-19 03:48 - 2012-09-17 21:32 - 00000000 ____D () C:\Program Files\EMET
2014-03-19 03:42 - 2013-10-11 16:00 - 00000000 ____D () C:\Program Files\xfinity_stk_sop
2014-03-19 03:42 - 2012-11-19 15:30 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\support.com
2014-03-19 03:42 - 2011-03-19 00:21 - 00000000 ____D () C:\Program Files\Yahoo!
2014-03-19 03:41 - 2011-04-01 15:56 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Yahoo!
2014-03-19 03:41 - 2011-04-01 15:56 - 00000000 ____D () C:\Documents and Settings\Administrator\Application Data\Yahoo!
2014-03-19 03:37 - 2011-03-15 19:39 - 00000000 ____D () C:\Program Files\Windows NT
2014-03-19 03:37 - 2011-03-15 14:32 - 00003739 _____ () C:\WINDOWS\imsins.BAK
2014-03-19 03:37 - 2011-03-15 14:25 - 00000000 ____D () C:\WINDOWS\Help
2014-03-19 03:37 - 2011-03-15 14:25 - 00000000 ____D () C:\WINDOWS\Cursors
2014-03-19 03:36 - 2011-03-15 19:40 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Games
2014-03-19 03:36 - 2011-03-15 19:38 - 00000000 ___RD () C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
2014-03-19 03:33 - 2014-03-19 03:33 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-03-19 03:33 - 2011-03-15 14:31 - 00184217 _____ () C:\WINDOWS\setupact.log
2014-03-18 12:31 - 2014-03-18 12:31 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-18 12:31 - 2014-03-18 12:27 - 00004151 _____ () C:\WINDOWS\KB2934207.log
2014-03-18 02:31 - 2013-08-14 11:45 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-03-18 02:27 - 2011-03-16 08:14 - 87350280 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-03-13 03:22 - 2011-04-29 22:51 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:22 - 2011-03-15 14:31 - 00141240 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-13 03:05 - 2014-03-13 03:04 - 00130776 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-13 03:05 - 2011-03-15 22:41 - 00269393 _____ () C:\WINDOWS\updspapi.log
2014-03-13 03:04 - 2014-03-13 03:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-13 03:04 - 2014-03-13 03:04 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-13 03:04 - 2014-03-12 23:15 - 00131301 _____ () C:\WINDOWS\KB2930275.log
2014-03-13 03:04 - 2014-03-12 23:15 - 00127944 _____ () C:\WINDOWS\KB2929961.log
2014-03-13 03:04 - 2011-03-16 08:17 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-03-13 03:02 - 2011-04-29 22:51 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
2014-03-11 18:12 - 2013-10-24 17:19 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-11 18:12 - 2013-10-24 17:19 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-09 12:53 - 2011-03-15 14:32 - 00605860 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-08 21:46 - 2012-09-11 16:04 - 00097280 ___SH () C:\Documents and Settings\Administrator\Desktop\Thumbs.db
2014-03-05 09:26 - 2014-03-28 15:08 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-03-04 01:53 - 2014-03-04 01:53 - 00001746 _____ () C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

jeromez48
2014-04-03, 19:53
The is the FRST addition from notepad. Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01 Ran by Administrator at 2014-04-03 12:15:02 Running from C:\Documents and Settings\Administrator\Desktop Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Norton Security Suite (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ==================== Installed Programs ====================== AddonChat (HKCU\...\AddonChat) (Version: - AddonInteractive) Adobe AIR (HKLM\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated) Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden Adobe Download Assistant (HKLM\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.6 - Adobe Systems Incorporated) Adobe Download Assistant (Version: 1.2.6 - Adobe Systems Incorporated) Hidden Adobe Flash Player 12 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated) Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated) Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.) Advertising Center (Version: 0.0.0.1 - Nero AG) Hidden Amazon MP3 Downloader 1.0.17 (HKLM\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC) Apple Application Support (HKLM\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.) Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.) Broadcom 440x 10/100 Integrated Controller (HKLM\...\InstallShield_{52504CE6-E909-4113-B232-4AFEC6543A61}) (Version: 3.29 - Broadcom) Broadcom 440x 10/100 Integrated Controller (Version: 3.29 - Broadcom) Hidden Brother MFL-Pro Suite (HKLM\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.00 - Brother Industries, Ltd.) Brother Product Research and Support Program (HKLM\...\{8040527F-DD74-4B45-8A06-C4BF145B6C76}) (Version: 2.1.0.0000 - Brother Industries, Ltd.) Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation) Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - ) Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.1) (Version: 5.0.0.1 - Coupons.com Incorporated) C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe Task: C:\WINDOWS\Tasks\Check for updates (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job => C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-2025429265-725345543-500Core.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-790525478-2025429265-725345543-500UA.job => C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\MainUIModule_XFINITY_Computer Performance Tool_{BDA49F87-1626-484F-AB5B-41EA29B28AD7}.job => C:\Program Files\XFINITY Computer Performance Tool\sdcCont.exe Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Motorola Device Manager Engine.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe Task: C:\WINDOWS\Tasks\Motorola Device Manager Update.job => C:\Program Files\Motorola Mobility\Motorola Device Manager\MotorolaDeviceManagerUpdate.exe Task: C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-790525478-2025429265-725345543-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-790525478-2025429265-725345543-500.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe Task: C:\WINDOWS\Tasks\Refresh immunization (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDImmunize.exe Task: C:\WINDOWS\Tasks\Scan the system (Spybot - Search & Destroy).job => C:\Program Files\Spybot - Search & Destroy 2\SDScan.exe Task: C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job => C:\Program Files\Ask.com\UpdateTask.exe Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{44E0DE12-DA92-4990-B9C8-B486B9DCCBC8}.job => C:\WINDOWS\system32\msfeedssync.exe ==================== Loaded Modules (whitelisted) ============= 2012-11-05 08:19 - 2012-11-05 08:19 - 00158144 _____ () C:\Program Files\XFINITY Computer Performance Tool\taskPlugins\makiwaraSubscriptionInfoFetcher.dll 2013-10-31 11:05 - 2013-10-31 11:05 - 00172032 _____ () C:\Program Files\Motorola Mobility\Motorola Device Manager\css_core.dll 2014-03-30 00:56 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-03-30 00:56 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl 2014-03-30 00:56 - 2013-05-16 10:55 - 00161112 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-03-15 15:20 - 2014-03-14 20:50 - 00051016 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll 2008-01-08 18:50 - 2008-01-08 18:50 - 00349147 _____ () C:\Program Files\Yahoo!\Widgets\sqlite3.dll 2008-03-18 20:21 - 2008-03-18 20:21 - 00512000 _____ () C:\Program Files\Yahoo!\Widgets\js32.dll 2008-03-18 20:21 - 2008-03-18 20:21 - 00094208 _____ () C:\Program Files\Yahoo!\Widgets\jsd.dll 2014-03-15 15:20 - 2014-03-14 20:50 - 04061000 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\pdf.dll 2014-03-15 15:20 - 2014-03-14 20:50 - 00394568 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll 2014-03-15 15:20 - 2014-03-14 20:50 - 01647432 _____ () C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:829C9EE6 AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk => C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup MSCONFIG\startupfolder: C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk => C:\WINDOWS\pss\Windows Search.lnkCommon Startup MSCONFIG\startupreg: AdaptecDirectCD => "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe" MSCONFIG\startupreg: APSDaemon => "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" MSCONFIG\startupreg: Garmin Lifetime Updater => C:\Program Files\Garmin\Lifetime Updater\GarminLifetime.exe /StartMinimized MSCONFIG\startupreg: IndexSearch => "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" MSCONFIG\startupreg: QuickTime Task => "C:\Program Files\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: Spotify Web Helper => MSCONFIG\startupreg: TkBellExe => ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (04/01/2014 09:11:17 PM) (Source: Microsoft Office 11) (User: ) Description: outlook.exe11.0.8326.04c1c2372outllib.dll11.0.8330.04cb60a6200001747e Error: (04/01/2014 09:10:18 PM) (Source: Microsoft Office 11) (User: ) Description: outlook.exe11.0.8326.04c1c2372outllib.dll11.0.8330.04cb60a6200001747e Error: (03/31/2014 11:57:11 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11282219 Error: (03/31/2014 11:57:11 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 11282219 Error: (03/31/2014 11:57:11 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/31/2014 08:49:14 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5344 Error: (03/31/2014 08:49:14 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5344 Error: (03/31/2014 08:49:14 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/31/2014 08:49:11 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1969 Error: (03/31/2014 08:49:11 PM) (Source: Bonjour Service) (User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1969 System errors: ============= Error: (04/03/2014 10:12:36 AM) (Source: Service Control Manager) (User: ) Description: The Windows Image Acquisition (WIA) service hung on starting. Error: (04/03/2014 10:11:08 AM) (Source: Service Control Manager) (User: ) Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: %%1053 Error: (04/03/2014 10:11:08 AM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect. Error: (04/03/2014 10:11:08 AM) (Source: Service Control Manager) (User: ) Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: %%1053 Error: (04/03/2014 10:11:08 AM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Scanner Service service to connect. Error: (04/02/2014 00:12:40 PM) (Source: Service Control Manager) (User: ) Description: The Windows Image Acquisition (WIA) service hung on starting. Error: (04/02/2014 00:10:46 PM) (Source: Service Control Manager) (User: ) Description: The Spybot-S&D 2 Security Center Service service failed to start due to the following error: %%1053 Error: (04/02/2014 00:10:46 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for the Spybot-S&D 2 Security Center Service service to connect. Error: (04/02/2014 00:10:46 PM) (Source: Service Control Manager) (User: ) Description: The Garmin Core Update Service service failed to start due to the following error: %%1053 Error: (04/02/2014 00:10:46 PM) (Source: Service Control Manager) (User: ) Description: Timeout (30000 milliseconds) waiting for the Garmin Core Update Service service to connect. Microsoft Office Sessions: ========================= Error: (04/01/2014 09:11:17 PM) (Source: Microsoft Office 11)(User: ) Description: outlook.exe11.0.8326.04c1c2372outllib.dll11.0.8330.04cb60a6200001747e Error: (04/01/2014 09:10:18 PM) (Source: Microsoft Office 11)(User: ) Description: outlook.exe11.0.8326.04c1c2372outllib.dll11.0.8330.04cb60a6200001747e Error: (03/31/2014 11:57:11 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 11282219 Error: (03/31/2014 11:57:11 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 11282219 Error: (03/31/2014 11:57:11 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/31/2014 08:49:14 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 5344 Error: (03/31/2014 08:49:14 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 5344 Error: (03/31/2014 08:49:14 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: Continuously busy for more than a second Error: (03/31/2014 08:49:11 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledSPRetry 1969 Error: (03/31/2014 08:49:11 PM) (Source: Bonjour Service)(User: ) Description: Task Scheduling Error: m->NextScheduledEvent 1969 ==================== Memory info =========================== Percentage of memory in use: 52% Total physical RAM: 2046 MB Available physical RAM: 969.86 MB Total Pagefile: 3941.24 MB Available Pagefile: 2742.83 MB Total Virtual: 2047.88 MB Available Virtual: 1941.2 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.5 GB) (Free:14.19 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows XP) (Size: 75 GB) (Disk ID: 9DC96E9E) Partition 1: (Active) - (Size=74 GB) - (Type=07 NTFS) ==================== End Of Log ============================

tashi
2014-04-03, 20:30
Hello jeromez48,

To request assistance in this forum the FAQ includes guidelines in post #1 and instructions in post #2 on how to provide the preliminary DDS and aswMBR logs used for analysis.

http://forums.spybot.info/showthread.php?t=288

Then start a new topic providing the logs with a link back to this topic so a volunteer analyst may advise when available. :)

Best regards.