Jump to content

ICE Malware Removal


Recommended Posts

  • Replies 86
  • Created
  • Last Reply

Top Posters In This Topic

From your log FRST.exe is here:

C:\Program Files\FRST.exe

Download the attached fixlist.txt to the same folder as FRST.exe.
Run FRST.exe and click Fix only once and wait
The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

MrC

Link to post
Share on other sites

im gunna run out  but ill check whats next when i get back hopefully we can wrap up. i got confused when i tried the first step FRST cuz it took me to the same window prompt as Farbar scan which you wanted me to do last. But i think i figured it out if not i can redo later

 

just a reminder i do not delete any files from Rogue killer ill email the screen shot from phone

Link to post
Share on other sites

OK, looks good so far.

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt

Now run FixDamage.exe
~~~~~~~~~~~~~~~~~~~~~~~

Note:
If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:
Internet access
Windows Update
Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.


MrC

Link to post
Share on other sites

                                                                                                                                                                                                                                                   scan says its clean no malwares

 

in terms of running normal internet works fine, i updated windows last night and firewall is ok ithink. firewall is supposed to be off as norton has its own

 

But what is not seemingly right is when starting i get an error of "can not retrieve  a file" dont have name but the kind composed of 10 or so letters  that dont spell anything. And when i turn off it displays a window says something is running and wont stop. If i click the manual stop it shuts down.  

 

what about the 2 files i found with roguekillrer                                                                                                        

Link to post
Share on other sites

Did you run fixdamage.exe and does system restore work now???

 Can you create a new system restore point?

-------------------------------------

 

Next:

Please download AdwCleaner from HERE or HERE to your desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
MrC
Link to post
Share on other sites

I have to leave for about 1/2 hour....please do this after you run AdwCleaner:

Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

MrC

Link to post
Share on other sites

Here is the Adwcleaner log. i did not save anything

 

 

# AdwCleaner v3.023 - Report created 10/04/2014 at 20:24:45

# Updated 01/04/2014 by Xplode

# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)

# Username : James - LDOFFICE

# Running from : C:\Documents and Settings\James\Desktop\Projects2014\Office\computer malware Crash\AdwCleaner.exe

# Option : Clean

 

***** [ Services ] *****

 

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint

Folder Deleted : C:\Program Files\Viewpoint

Folder Deleted : C:\Documents and Settings\James\Application Data\UpdaterEX

Folder Deleted : C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\lm2pyt1u.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

File Deleted : C:\END

File Deleted : C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\lm2pyt1u.default\user.js

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary

Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar

Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink

Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem

Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback

Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband

Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1

Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions

Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9DBB28C1-1925-11D3-A498-00104B6EB52E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E6EFAD0C-2D79-4B0D-8996-3E759A9C7914}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\PriceGong

Key Deleted : HKCU\Software\SmartBar

Key Deleted : HKCU\Software\UpdaterEX

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\MetaStream

Key Deleted : HKLM\Software\Tarma Installer

Key Deleted : HKLM\Software\Viewpoint

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

 

-\\ Mozilla Firefox v

 

[ File : C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\lm2pyt1u.default\prefs.js ]

 

Line Deleted : user_pref("CT3303001.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");

Line Deleted : user_pref("extensions.mysearchdial.aflt", "dnldstr1202");

Line Deleted : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");

Line Deleted : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1Qzu0Czz0DyBtCzytDtBtD0DtC0A0BtDtAtDtN0D0Tzu0CyBtByDtN1L2XzutBtFtBtFtCyEtFtCtAyBzytN1L1CzutCyD1B1P1R");

Line Deleted : user_pref("extensions.mysearchdial.cr", "1821021661");

Line Deleted : user_pref("extensions.mysearchdial.dfltLng", "");

Line Deleted : user_pref("extensions.mysearchdial.dfltSrch", true);

Line Deleted : user_pref("extensions.mysearchdial.dnsErr", true);

Line Deleted : user_pref("extensions.mysearchdial.excTlbr", false);

Line Deleted : user_pref("extensions.mysearchdial.hmpg", true);


Line Deleted : user_pref("extensions.mysearchdial.id", "C8D719020D1AB030");

Line Deleted : user_pref("extensions.mysearchdial.instlDay", "16065");

Line Deleted : user_pref("extensions.mysearchdial.instlRef", "");


Line Deleted : user_pref("extensions.mysearchdial.prdct", "mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");

Line Deleted : user_pref("extensions.mysearchdial.tlbrId", "base");


Line Deleted : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");

Line Deleted : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");

Line Deleted : user_pref("extensions.mysearchdial_i.hmpg", true);

Line Deleted : user_pref("extensions.mysearchdial_i.newTab", false);

Line Deleted : user_pref("extensions.mysearchdial_i.smplGrp", "none");

Line Deleted : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.01:6:49");

 

-\\ Google Chrome v33.0.1750.154

 

[ File : C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

 

 

*************************

 

AdwCleaner[R0].txt - [8047 octets] - [10/04/2014 20:04:07]

AdwCleaner[s0].txt - [7972 octets] - [10/04/2014 20:24:45]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [8032 octets] ##########
Link to post
Share on other sites

Ran Farbar

Note: I also checked boxes Lists, Shortcuts and Drivers along with Additions

I believe this is the 2nd time ive ran this but prettty sure you know that. I guess that demos how clueless i am as to what we are doing.  lol

 

Logs:

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by James at 2014-04-10 21:09:55
Running from C:\Documents and Settings\James\Desktop\Projects2014\Office\computer malware Crash
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Norton 360 Premier Edition (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
 
==================== Installed Programs ======================
 
7-Zip 9.22beta (HKLM\...\7-Zip) (Version:  - )
Adobe Acrobat 6.0.1 Professional (HKLM\...\{AC76BA86-1033-0000-7760-000000000001}) (Version: 006.000.001 - Adobe Systems)
Adobe Atmosphere Player for Acrobat and Adobe Reader (HKLM\...\Adobe Atmosphere Player) (Version:  - )
Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.12.36 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)
Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
AutoCAD 2006 - English (HKLM\...\{5783F2D7-4001-0409-0002-0060B0CE6BBA}) (Version: 16.2.54.10 - Autodesk)
Autodesk DWF Viewer (HKLM\...\Autodesk DWF Viewer) (Version: 5.1 - Autodesk, Inc.)
Autodesk Revit 7.0 (HKLM\...\{E3D15ED3-7156-495F-8B48-7CDD7DD55AE9}) (Version: 7.0 - Autodesk, Inc.)
Awesome Files Connect 1.0.1.2 (HKLM\...\{6378021C-DDBB-467D-9302-46CA3DD0D5CD}_is1) (Version: 1.0.1.2 - Macroplant, LLC)
BACS (Version: 3.36.0000 - Broadcom) Hidden
Bass Station 1.6 (HKLM\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 1.6 - Novation Digital Music Systems Ltd.)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Advanced Control Suite (HKLM\...\InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}) (Version: 3.36.0000 - Broadcom)
Canon iP6700D User Registration (HKLM\...\Canon iP6700D User Registration) (Version:  - )
Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version:  - )
Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version:  - )
Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)
Design Manager (HKLM\...\Design Manager) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version:  - )
Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)
Epson E-Web Print (HKLM\...\{695C8469-7822-4B31-A673-5ED84815B649}) (Version: 1.17.0000 - SEIKO EPSON CORPORATION)
EPSON Print CD (HKLM\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.50.000 - )
EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)
EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version:  - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON SP1400 Reference Guide (HKLM\...\Silent Package Run-Time Sample) (Version:  - )
EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version:  - SEIKO EPSON Corporation)
Focusrite Scarlett Plug-in Suite 1.1 (HKLM\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.1 - Focusrite Audio Engineering Ltd.)
Focusrite USB 2.0 Audio Driver 2.5b2 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5b2 - Focusrite Audio Engineering Limited.)
Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (Version: 1.3.23.9 - Google Inc.) Hidden
iExplorer 3.2.4.2 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version:  - Macroplant LLC)
Intel® PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version:  - )
iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
Java SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)
Live 8.0.9 (HKLM\...\Live 8.0.9) (Version:  - )
Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1  (1033)) (Version:  - )
Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) Hidden
Microsoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version:  - )
Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version:  - )
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)
Microsoft Encarta Encyclopedia Standard 2003 (HKLM\...\{03410014-3975-4267-9F39-1DC4745090B7}) (Version: 2003 - Microsoft Corporation)
Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version:  - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)
Microsoft Works 2003 Setup Launcher (HKLM\...\Works2003Setup) (Version:  - )
Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0710.1 - Microsoft Corporation)
Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}) (Version: 2.0.0.0000 - Microsoft Corporation)
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)
MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
Norton 360 (HKLM\...\N360) (Version: 21.2.0.38 - Symantec Corporation)
NortonLive EasySupport (HKLM\...\NortonLive EasySupport) (Version: 64.0.5.2 - Support.com, Inc.)
NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version:  - )
NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version:  - )
Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)
QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Scarlett MixControl 1.5 (HKLM\...\Saffire USB 26_is1) (Version: 1.5 - Focusrite Audio Engineering Limited)
Sierra Wireless USB MUX Driver Package (HKLM\...\{5600094C-5EA0-4BE8-9ECE-4C9B726AC9D9}) (Version: 0.56.1 - Sierra Wireless)
SketchUp 2013 (HKLM\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)
Software Updater (HKLM\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION) <==== ATTENTION
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version:  - )
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WD SmartWare (HKLM\...\{2AA48AFA-79CA-4043-BFFC-BB5BA23A9FCF}) (Version: 1.3.0.16 - Western Digital)
WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) Hidden
Windows Driver Package - Focusrite USB 2.0 Audio Driver (06/17/2013 2.5.64.2) (HKLM\...\82A4D3DBF49D068DA591B228D1E23D1CD8CF9B34) (Version: 06/17/2013 2.5.64.2 - Focusrite)
Windows Driver Package - Focusrite USB 2.0 Audio Driver (10/13/2011 2.2.128.0) (HKLM\...\5EBE05A38E0ED7FB7DC4171215DC5B0266DA1D51) (Version: 10/13/2011 2.2.128.0 - Focusrite)
Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0 - Microsoft) Hidden
Windows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)
Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows Media Connect (Version:  - Microsoft Corporation) Hidden
Windows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version:  - )
Windows Media Format 11 runtime (Version:  - Microsoft Corporation) Hidden
Windows Media Player 11 (HKLM\...\Windows Media Player) (Version:  - )
Windows Media Player 11 (Version:  - Microsoft Corporation) Hidden
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
Works Suite OS Pack (Version: 3.0.0.0000 - Microsoft Corporation) Hidden
 
==================== Restore Points  =========================
 
11-01-2014 15:46:16 System Checkpoint
12-01-2014 18:25:44 System Checkpoint
14-01-2014 05:04:37 System Checkpoint
14-01-2014 11:00:18 Software Distribution Service 3.0
15-01-2014 11:00:19 Software Distribution Service 3.0
16-01-2014 05:56:40 Removed Adobe Acrobat 6.0.1 Professional
16-01-2014 15:44:40 Installed Adobe Acrobat 6.0 Professional
17-01-2014 17:32:53 System Checkpoint
18-01-2014 18:16:43 System Checkpoint
19-01-2014 23:41:05 System Checkpoint
21-01-2014 04:28:21 System Checkpoint
21-01-2014 12:17:44 Installed Broadcom Advanced Control Suite
21-01-2014 13:25:47 Installed Java 7 Update 51
22-01-2014 14:57:01 System Checkpoint
23-01-2014 15:50:21 System Checkpoint
24-01-2014 18:32:14 System Checkpoint
26-01-2014 14:17:03 System Checkpoint
27-01-2014 14:50:44 System Checkpoint
28-01-2014 19:37:35 System Checkpoint
29-01-2014 23:57:01 System Checkpoint
31-01-2014 16:35:55 NortonLive Service Complete
01-02-2014 16:59:28 System Checkpoint
02-02-2014 17:45:27 System Checkpoint
03-02-2014 20:18:08 System Checkpoint
04-02-2014 20:41:56 System Checkpoint
05-02-2014 21:25:45 System Checkpoint
07-02-2014 06:37:57 System Checkpoint
08-02-2014 09:36:17 System Checkpoint
09-02-2014 10:55:19 System Checkpoint
10-02-2014 11:36:10 System Checkpoint
11-02-2014 12:03:19 System Checkpoint
12-02-2014 12:09:53 System Checkpoint
13-02-2014 11:00:24 Software Distribution Service 3.0
14-02-2014 11:57:46 System Checkpoint
15-02-2014 14:17:29 System Checkpoint
16-02-2014 20:35:58 System Checkpoint
18-02-2014 06:05:22 System Checkpoint
19-02-2014 11:41:56 System Checkpoint
20-02-2014 12:09:29 System Checkpoint
23-02-2014 00:56:34 System Checkpoint
23-02-2014 14:26:15 Restore Operation
23-02-2014 18:25:31 Restore Operation
23-02-2014 18:29:59 Restore Operation
23-02-2014 18:56:57 Restore Operation
25-02-2014 05:40:39 System Checkpoint
02-03-2014 06:56:51 System Checkpoint
03-03-2014 11:37:27 System Checkpoint
04-03-2014 15:47:17 System Checkpoint
04-03-2014 21:14:37 Installed Software Updater
05-03-2014 21:44:32 System Checkpoint
07-03-2014 09:11:35 System Checkpoint
08-03-2014 09:36:19 System Checkpoint
09-03-2014 12:13:51 System Checkpoint
10-03-2014 12:17:27 System Checkpoint
11-03-2014 10:00:23 Software Distribution Service 3.0
12-03-2014 10:00:21 Software Distribution Service 3.0
13-03-2014 13:56:06 System Checkpoint
14-03-2014 14:28:25 System Checkpoint
16-03-2014 04:22:43 System Checkpoint
17-03-2014 11:00:18 System Checkpoint
18-03-2014 12:00:08 System Checkpoint
18-03-2014 23:24:31 Software Distribution Service 3.0
09-04-2014 14:07:10 System Checkpoint
10-04-2014 05:51:53 Software Distribution Service 3.0
 
==================== Hosts content: ==========================
 
2002-09-03 09:34 - 2002-09-03 09:34 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1644491937-1229272821-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
Task: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1644491937-1229272821-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-21 05:51 - 2005-02-28 16:57 - 00075264 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBTPP5C.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-08 00:49 - 2013-10-08 00:49 - 00044032 _____ () C:\Program Files\NortonLive EasySupport\ESResources.dll
2010-05-10 12:32 - 2010-05-10 12:32 - 01858048 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
2010-05-10 12:32 - 2010-05-10 12:32 - 00482304 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
2013-10-18 16:55 - 2013-10-18 16:55 - 25100288 _____ () C:\Documents and Settings\James\Application Data\Dropbox\bin\libcef.dll
2014-03-15 20:50 - 2014-03-14 17:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll
2014-03-15 20:50 - 2014-03-14 17:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll
2014-03-15 20:50 - 2014-03-14 17:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll
2014-03-15 20:50 - 2014-03-14 17:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/08/2014 10:36:20 AM) (Source: Application Error) (User: )
Description: Fault bucket 154672576.
The Wep key exchange did not result in a secure connection setup after 802.1x authentication.  The current setting has been marked as failed and the Wireless connection will be disconnected.
 
Error: (04/08/2014 10:26:42 AM) (Source: Application Error) (User: )
Description: Faulting application roguekiller.exe, version 8.8.15.0, faulting module roguekiller.exe, version 8.8.15.0, fault address 0x000377c7.
Processing media-specific event for [roguekiller.exe!ws!]
 
Error: (04/04/2014 10:09:23 AM) (Source: Windows Search Service) (User: )
Description: The application cannot be initialized.
 
Context: Windows Application
 
 
Details:
This file is shorter than 2 bytes. Unicode text file must begin with a wide character that indicates byte order.   (0x80042105)
 
Error: (04/04/2014 10:09:23 AM) (Source: Windows Search Service) (User: )
Description: The gatherer object cannot be initialized.
 
Context: Windows Application, SystemIndex Catalog
 
 
Details:
This file is shorter than 2 bytes. Unicode text file must begin with a wide character that indicates byte order.   (0x80042105)
 
Error: (03/24/2014 11:20:21 AM) (Source: Application Hang) (User: )
Description: Hanging application taskmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/24/2014 11:19:12 AM) (Source: Application Hang) (User: )
Description: Hanging application taskmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/20/2014 10:59:21 AM) (Source: Application Hang) (User: )
Description: Fault bucket 128201230.
 
Error: (03/20/2014 10:58:36 AM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 33.0.1750.154, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/14/2014 04:24:49 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 33.0.1750.146, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
Error: (03/14/2014 04:24:38 PM) (Source: Application Hang) (User: )
Description: Hanging application chrome.exe, version 33.0.1750.146, hang module hungapp, version 0.0.0.0, hang address 0x00000000.
 
 
System errors:
=============
Error: (04/09/2014 00:17:58 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""
in order to run the server:
{1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error: (04/09/2014 00:15:03 PM) (Source: DCOM) (User: LDOFFICE)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error: (04/09/2014 00:12:37 PM) (Source: DCOM) (User: LDOFFICE)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error: (04/09/2014 11:58:23 AM) (Source: DCOM) (User: LDOFFICE)
Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""
in order to run the server:
{A1F4E726-8CF1-11D1-BF92-0060081ED811}
 
Error: (04/09/2014 11:58:10 AM) (Source: DCOM) (User: LDOFFICE)
Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""
in order to run the server:
{BA126AE5-2166-11D1-B1D0-00805FC1270E}
 
Error: (04/09/2014 11:57:28 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
AFD
BHDrvx86
ccSet_N360
eeCtrl
Fips
intelppm
IPSec
MRxSmb
NetBIOS
NetBT
OMCI
RasAcd
Rdbss
SRTSPX
SymIRON
SYMTDI
Tcpip
 
Error: (04/09/2014 11:57:28 AM) (Source: Service Control Manager) (User: )
Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: 
%%31
 
Error: (04/09/2014 11:57:28 AM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
%%31
 
Error: (04/09/2014 11:57:28 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: 
%%31
 
Error: (04/09/2014 11:57:28 AM) (Source: Service Control Manager) (User: )
Description: The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: 
%%31
 
 
Microsoft Office Sessions:
=========================
Error: (04/08/2014 10:36:20 AM) (Source: Application Error)(User: )
Description: 154672576
 
Error: (04/08/2014 10:26:42 AM) (Source: Application Error)(User: )
Description: roguekiller.exe8.8.15.0roguekiller.exe8.8.15.0000377c7
 
Error: (04/04/2014 10:09:23 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application
 
 
Details:
This file is shorter than 2 bytes. Unicode text file must begin with a wide character that indicates byte order.   (0x80042105)
 
Error: (04/04/2014 10:09:23 AM) (Source: Windows Search Service)(User: )
Description: Context: Windows Application, SystemIndex Catalog
 
 
Details:
This file is shorter than 2 bytes. Unicode text file must begin with a wide character that indicates byte order.   (0x80042105)
 
Error: (03/24/2014 11:20:21 AM) (Source: Application Hang)(User: )
Description: taskmgr.exe5.1.2600.5512hungapp0.0.0.000000000
 
Error: (03/24/2014 11:19:12 AM) (Source: Application Hang)(User: )
Description: taskmgr.exe5.1.2600.5512hungapp0.0.0.000000000
 
Error: (03/20/2014 10:59:21 AM) (Source: Application Hang)(User: )
Description: 128201230
 
Error: (03/20/2014 10:58:36 AM) (Source: Application Hang)(User: )
Description: chrome.exe33.0.1750.154hungapp0.0.0.000000000
 
Error: (03/14/2014 04:24:49 PM) (Source: Application Hang)(User: )
Description: chrome.exe33.0.1750.146hungapp0.0.0.000000000
 
Error: (03/14/2014 04:24:38 PM) (Source: Application Hang)(User: )
Description: chrome.exe33.0.1750.146hungapp0.0.0.000000000
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 58%
Total physical RAM: 1535 MB
Available physical RAM: 633.72 MB
Total Pagefile: 2155.5 MB
Available Pagefile: 1281.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1936.41 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:55.87 GB) (Free:28.99 GB) NTFS ==>[Drive with boot components (Windows XP)]
Drive f: () (Fixed) (Total:298.08 GB) (Free:289.44 GB) NTFS ==>[Drive with boot components (Windows XP)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 56 GB) (Disk ID: 9DC96E9E)
Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: DC16CED5)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================
 
 
Next Log:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 28 days old and could be outdated)
Ran by James (administrator) on LDOFFICE on 10-04-2014 21:08:50
Running from C:\Documents and Settings\James\Desktop\Projects2014\Office\computer malware Crash
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\EscSvc.exe
(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.2.0.38\N360.exe
(Support.com, Inc.) C:\Program Files\NortonLive EasySupport\esService.exe
(NVIDIA Corporation) C:\WINDOWS\System32\nvsvc32.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe
(Support.com, Inc.) C:\Program Files\NortonLive EasySupport\escont.exe
() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.2.0.38\N360.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPNSCFG.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe
(Dropbox, Inc.) C:\Documents and Settings\James\Application Data\Dropbox\bin\Dropbox.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [5058560 2003-10-06] (NVIDIA Corporation)
HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - "F:\Program Files\itunes\iTunesHelper.exe"
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0
HKU\S-1-5-21-1644491937-1229272821-839522115-1004\...\Run: [EPSON Stylus Photo 1400 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUA.EXE [143360 2006-10-11] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1644491937-1229272821-839522115-1004\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2009-01-30] (Microsoft Corporation)
HKU\S-1-5-21-1644491937-1229272821-839522115-1004\...\Run: [DellSystemDetect] - C:\Documents and Settings\James\Start Menu\Programs\Dell\Dell System Detect.appref-ms
HKU\S-1-5-21-1644491937-1229272821-839522115-1004\...\MountPoints2: {55583d80-cecd-11e2-ad79-0007e97e147b} - G:\WIN\setup.exe
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
ShortcutTarget: Acrobat Assistant.lnk -> F:\Program Files\Distillr\acrotray.exe (No File)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
ShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
Startup: C:\Documents and Settings\James\Start Menu\Programs\Startup\AutorunsDisabled ()
Startup: C:\Documents and Settings\James\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\James\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCE81701C5840CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
SearchScopes: HKLM - DefaultScope value is missing.
BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Acrobat\ActiveX\AcroIEHelper.dll No File
BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Acrobat\AcroIEFavClient.dll No File
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Acrobat\AcroIEFavClient.dll No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
Toolbar: HKCU - Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll No File
DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\lm2pyt1u.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - F:\Program Files\itunes\Mozilla Plugins\npitunes.dll No File
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.3 - F:\Downloads\VLC\npvlc.dll No File
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: No Name - C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\lm2pyt1u.default\Extensions\staged [2013-12-28]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2013-12-09]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-29]
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)
CHR Plugin: (VLC Web Plugin) - F:\Downloads\VLC\npvlc.dll No File
CHR Plugin: (iTunes Application Detector) - F:\Program Files\itunes\Mozilla Plugins\npitunes.dll No File
CHR Extension: (PDFzen PDF Viewer & Editor) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2014-02-21]
CHR Extension: (Google Docs) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-06]
CHR Extension: (Google Drive) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-06]
CHR Extension: (UJAM - Make your music.) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdiogojbmdncjdpljocafnigiokgmci [2013-06-06]
CHR Extension: (YouTube) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-06]
CHR Extension: (Ge.tt) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdgghbbgmhcpidlmnepkbihehhkmjomc [2013-06-06]
CHR Extension: (Google Search) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-06]
CHR Extension: (Gmail Offline) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-06-06]
CHR Extension: (Google Calendar) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-06-06]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2013-06-06]
CHR Extension: (Jon Klassen) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmgjhcokclngghkncjakaigpjhfhpoek [2013-06-06]
CHR Extension: (Cull TV) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gofijfkjdoldpfdcgjeajagjgddfmihf [2013-06-06]
CHR Extension: (Divvr) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lackkieddhpmioebogincgkkcagabhgm [2013-06-06]
CHR Extension: (Planner 5D) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2013-06-06]
CHR Extension: (Quick Note) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2013-06-06]
CHR Extension: (Norton Identity Protection) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-29]
CHR Extension: (Sejda - PDF Split and Merge) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nhcknfplofcnpdjalbhnjognbpncojbi [2014-02-21]
CHR Extension: (Google Wallet) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (cronsync) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbngjmgfclegmldmnjbfbgpphbaakjnk [2013-06-06]
CHR Extension: (Send from Gmail (by Google)) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2013-06-06]
CHR Extension: (Weather Underground) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2013-06-06]
CHR Extension: (Gmail) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-06]
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-24]
CHR HKLM\...\Chrome\Extension: [mogmppbjfkngfoaecoialclfiabnpndg] - C:\Documents and Settings\James\Local Settings\Application Data\CRE\mogmppbjfkngfoaecoialclfiabnpndg.crx [2014-03-24]
 
========================== Services (Whitelisted) =================
 
S3 dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [466944 2005-03-03] (Dell)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)
R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)
R2 N360; C:\Program Files\Norton 360\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation)
R2 NortonLive EasySupport; C:\Program Files\NortonLive EasySupport\esService.exe [997464 2013-10-08] (Support.com, Inc.)
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2010-05-10] (WDC)
R2 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1858048 2010-05-10] ()
R2 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [482304 2010-05-10] ()
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17801 2013-06-04] (Meetinghouse Data Communications)
S3 AWINDIS5; C:\WINDOWS\system32\AWINDIS5.SYS [16194 2002-04-11] (AMBIT Microsystems Corporation.)
R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx86.sys [1098968 2014-03-18] (Symantec Corporation)
R3 cbfs3; C:\WINDOWS\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)
R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1502000.026\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-03-24] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-01-28] (Symantec Corporation)
S3 ffusb2audio; C:\WINDOWS\System32\DRIVERS\ffusb2audio.sys [101936 2013-06-17] (Focusrite Audio Engineering Limited.)
R3 IDSxpx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140410.003\IDSxpx86.sys [383120 2014-04-08] (Symantec Corporation)
R3 Linksys_adapter_H; C:\WINDOWS\System32\DRIVERS\AE2500xp.sys [1034240 2011-03-28] (Broadcom Corporation)
R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140410.017\NAVENG.SYS [93272 2014-03-24] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140410.017\NAVEX15.SYS [1612376 2014-03-24] (Symantec Corporation)
R3 odysseyIM3; C:\WINDOWS\System32\DRIVERS\odysseyIM3.sys [62865 2013-06-07] (Funk Software, Inc.)
R3 SRTSP; C:\WINDOWS\System32\Drivers\N360\1502000.026\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1502000.026\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)
S3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [39632 2010-05-17] ()
R3 swvspser; C:\WINDOWS\System32\DRIVERS\swvspser.sys [30080 2009-08-13] (Sierra Wireless Inc.)
R0 SymDS; C:\WINDOWS\System32\drivers\N360\1502000.026\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\N360\1502000.026\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-01-29] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\N360\1502000.026\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\1502000.026\SYMTDI.SYS [423256 2014-02-17] (Symantec Corporation)
S3 NETGEAR_WG311_SERVICE; system32\DRIVERS\wg311nd5.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U3 TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys [X]
 
========================== Drivers MD5 =======================
 
C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17
C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\WINDOWS\System32\drivers\aeaudio.sys 11C04B17ED2ABBB4833694BCD644AC90
C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557
C:\WINDOWS\System32\DRIVERS\AegisP.sys 2C5C22990156A1063E19AD162191DC1D
C:\WINDOWS\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9
C:\WINDOWS\System32\DRIVERS\agp440.sys 08FD04AA961BDC77FB983F328334E3D7
C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BC
C:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674
C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159
C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\WINDOWS\system32\AWINDIS5.SYS F62B70D3209E38A6C19A03109A25B903
C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx86.sys 0305AF513F52CCCD0716002EC06AC2AA
C:\WINDOWS\System32\DRIVERS\cbfs3.sys F6B032F03602321CBAD380A6EB883525
C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\WINDOWS\system32\drivers\N360\1502000.026\ccSetx86.sys 56C2811FD0D7B727808A69407B5BFAE0
C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32
C:\WINDOWS\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FE
C:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25
C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41
C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6F
C:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45
C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8
C:\WINDOWS\System32\DRIVERS\e100b325.sys 98ED0BEA10477B0F252CCA35EB50F838
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 08EE8892FD19A6A951F40254E97F6EF3
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 050D136C61DBCF36C257206ADBBEC009
C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343E
C:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81
C:\WINDOWS\System32\DRIVERS\ffusb2audio.sys F63AE4BDC6C2A6CBB0DCB436ABEA5E95
C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3
C:\WINDOWS\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0
C:\WINDOWS\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0
C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2
C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1
C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys 77E4FF0B73BC0AEAAF39BF0C8104231F
C:\WINDOWS\System32\DRIVERS\HSF_DP.sys 60E1604729A15EF4A3B05F298427B3B1
C:\WINDOWS\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38
C:\WINDOWS\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30
C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140410.003\IDSxpx86.sys 67E770480F9777BBA8C5307BE4F69EF0
C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8E
C:\WINDOWS\System32\DRIVERS\intelide.sys B5466A9250342A7AA0CD1FBA13420678
C:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66B
C:\WINDOWS\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0
C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5
C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BB
C:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91
C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89
C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7
C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128
C:\WINDOWS\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99
C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378
C:\WINDOWS\system32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1
C:\WINDOWS\System32\DRIVERS\AE2500xp.sys BCDF72DCE41874B3AD9143D537B493B2
C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys EEAEA6514BA7C9D273B5E87C4E1AAB30
C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1
C:\WINDOWS\System32\drivers\MODEMCSA.sys 1992E0D143B09653AB0F9C5E04B0FD65
C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04
C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685
C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FD
C:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BD
C:\WINDOWS\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0
C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027
C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1
C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3E
C:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3D
C:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136
C:\WINDOWS\system32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5
C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140410.017\NAVENG.SYS 81E928EE3751FAF725C87CC17726C05D
C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140410.017\NAVEX15.SYS E0C39FA6C76AE8ED53ABF043F35ECDFF
C:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130D
C:\WINDOWS\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22
C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849
C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659AB
C:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0
C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0
C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3D
C:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034A
C:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCA
C:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\WINDOWS\System32\DRIVERS\nv4_mini.sys 71DBDC08DF86B80511E72953FA1AD6B0
C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\WINDOWS\System32\DRIVERS\odysseyIM3.sys 5DCC587DEBA479B1F8E33AA8FB079B8A
C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS CEC7E2C6C1FA00C7AB2F5434F848AE51
C:\WINDOWS\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7C
C:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6
C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1
C:\WINDOWS\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0
C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1
C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99
C:\WINDOWS\System32\DRIVERS\processr.sys A32BEBAF723557681BFC6BD93E98BD26
C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424
C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\WINDOWS\System32\Drivers\PxHelp20.sys 183EF96BCC2EC3D5294CB2C2C0ECBCD1
C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6
C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEE
C:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780A
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\WINDOWS\system32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7
C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5
C:\WINDOWS\System32\Drivers\RimUsb.sys F17713D108ACA124A139FDE877EEF68A
C:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legit
C:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CE
C:\WINDOWS\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7
C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562
C:\WINDOWS\System32\drivers\smwdm.sys 70B8DD8707DBF6142530C106365DF67D
C:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9F
C:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5D
C:\WINDOWS\System32\Drivers\N360\1502000.026\SRTSP.SYS 91C966DE2058116525748050A22C8170
C:\WINDOWS\system32\drivers\N360\1502000.026\SRTSPX.SYS 1B6D68043F488F70E889276E1585B7AA
C:\WINDOWS\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7
C:\WINDOWS\System32\DRIVERS\ssmirrdr.sys F843301BDADB2728822C83413EF5F132
C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0F
C:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01
C:\WINDOWS\System32\drivers\swmsflt.sys 40FF1AF10735CF67746B50780EFF7AE4
C:\WINDOWS\System32\DRIVERS\swmx00.sys AF88AE62B84D016EB5BDC12DDF1005A3
C:\WINDOWS\System32\DRIVERS\SWNC5E00.sys 24BCE62E4DA07C6488E3A7FF37A6B6AE
C:\WINDOWS\System32\DRIVERS\swvspser.sys 30FB94A196DD48E5E36BC0FC431C1389
C:\WINDOWS\System32\drivers\N360\1502000.026\SYMDS.SYS 4C3DEF736D3857570166DE5C858600F5
C:\WINDOWS\System32\drivers\N360\1502000.026\SYMEFA.SYS B70A98F20B4180F2751CFD7656116342
C:\WINDOWS\system32\Drivers\SYMEVENT.SYS E987A9CB539147527F56943BB34B7375
C:\WINDOWS\system32\drivers\N360\1502000.026\Ironx86.SYS E3A3CA230C7547364BB3D9DA0C301A36
C:\WINDOWS\System32\Drivers\N360\1502000.026\SYMTDI.SYS D602FFD15F577256770C82DD2D07214F
C:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290
C:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3D
C:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397
C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61
C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9E
C:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9
C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31
C:\WINDOWS\System32\Drivers\usbaapl.sys 6E421CCC57059B0186C6259CA3B6DFC9
C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FC
C:\WINDOWS\System32\DRIVERS\usbehci.sys 4BAC8DF07F1D8434FC640E677A62204E
C:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285C
C:\WINDOWS\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00
C:\WINDOWS\System32\DRIVERS\usbscan.sys F8EDE2B6928970DCE3D5614C27D9E7F6
C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9
C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6
C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1
C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025
C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6
C:\WINDOWS\System32\DRIVERS\wdcsam.sys D6EFAF429FD30C5DF613D220E344CCE7
C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00F
C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys F59ED5A43B988A18EF582BB07B2327A7
C:\WINDOWS\System32\DRIVERS\WudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311
C:\WINDOWS\System32\DRIVERS\wudfrd.sys 28B524262BCE6DE1F7EF9F510BA3985B
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-10 20:03 - 2014-04-10 20:25 - 00000000 ____D () C:\AdwCleaner
2014-04-10 06:50 - 2014-04-10 06:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-10 06:49 - 2014-04-10 07:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-04-10 06:49 - 2014-04-10 06:49 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 06:28 - 2014-04-10 06:28 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-09 23:33 - 2014-04-09 23:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 22:51 - 2014-04-09 22:55 - 00012882 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 22:48 - 2014-04-09 23:34 - 00016295 _____ () C:\WINDOWS\KB2922229.log
2014-04-09 12:08 - 2014-04-09 12:08 - 00002965 _____ () C:\Documents and Settings\James\Desktop\RKreport[0]_S_04092014_120833.txt
2014-04-09 11:59 - 2014-04-09 12:08 - 00000000 ____D () C:\Documents and Settings\James\Desktop\RK_Quarantine
2014-04-08 08:51 - 2014-04-08 08:55 - 00021986 _____ () C:\Program Files\Addition.txt
2014-04-08 08:48 - 2014-04-10 21:08 - 00000000 ____D () C:\FRST
2014-03-25 06:49 - 2014-03-25 06:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-25 06:45 - 2014-03-25 06:45 - 17523384 _____ (Malwarebytes Corporation ) C:\Program Files\mbam-setup-2.0.0.1000.exe
2014-03-20 12:20 - 2014-03-27 03:02 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-03-20 12:20 - 2014-03-24 13:40 - 00001517 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-03-20 12:20 - 2014-03-20 12:20 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-03-20 12:20 - 2005-11-29 15:18 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk
2014-03-20 12:20 - 2005-11-29 15:18 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories
2014-03-20 11:55 - 2014-04-04 10:21 - 95027928 ____T () C:\Documents and Settings\All Users\Application Data\gvfqljw.bbr
2014-03-15 22:10 - 2014-03-15 22:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-03-15 22:09 - 2014-03-15 22:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-15 22:09 - 2014-03-15 22:09 - 00000000 ____D () C:\Program Files\iPod
2014-03-15 21:54 - 2014-03-15 21:54 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-15 21:54 - 2014-03-15 21:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-03-12 03:19 - 2014-04-10 20:30 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-03-12 03:19 - 2014-03-12 23:14 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-12 03:02 - 2014-03-12 03:02 - 00012796 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-12 03:01 - 2014-03-12 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 03:01 - 2014-03-12 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 00:53 - 2014-03-12 03:01 - 00012937 _____ () C:\WINDOWS\KB2930275.log
2014-03-12 00:53 - 2014-03-12 03:01 - 00011686 _____ () C:\WINDOWS\KB2929961.log
2014-03-11 03:02 - 2014-03-11 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-11 03:00 - 2014-03-11 03:02 - 00005743 _____ () C:\WINDOWS\KB2934207.log
 
==================== One Month Modified Files and Folders =======
 
2014-04-10 21:08 - 2014-04-08 08:48 - 00000000 ____D () C:\FRST
2014-04-10 20:49 - 2013-06-30 13:41 - 00000000 ___RD () C:\Documents and Settings\James\My Documents\Dropbox
2014-04-10 20:49 - 2013-06-30 13:34 - 00000000 ____D () C:\Documents and Settings\James\Application Data\Dropbox
2014-04-10 20:33 - 2005-11-29 15:44 - 01969335 _____ () C:\WINDOWS\WindowsUpdate.log
2014-04-10 20:31 - 2005-11-29 07:10 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2014-04-10 20:31 - 2005-11-29 07:10 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-04-10 20:30 - 2014-03-12 03:19 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job
2014-04-10 20:30 - 2013-06-06 10:51 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-10 20:30 - 2013-06-06 10:51 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-10 20:30 - 2005-11-29 15:18 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-04-10 20:29 - 2005-11-29 15:22 - 00032626 _____ () C:\WINDOWS\SchedLgU.Txt
2014-04-10 20:28 - 2005-11-29 15:23 - 00000178 ___SH () C:\Documents and Settings\James\ntuser.ini
2014-04-10 20:28 - 2005-11-29 15:23 - 00000000 ____D () C:\Documents and Settings\James
2014-04-10 20:25 - 2014-04-10 20:03 - 00000000 ____D () C:\AdwCleaner
2014-04-10 07:48 - 2014-04-10 06:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)
2014-04-10 06:50 - 2014-04-10 06:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes
2014-04-10 06:49 - 2014-04-10 06:49 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 06:28 - 2014-04-10 06:28 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-04-09 23:34 - 2014-04-09 22:48 - 00016295 _____ () C:\WINDOWS\KB2922229.log
2014-04-09 23:34 - 2013-08-14 03:11 - 00830608 _____ () C:\WINDOWS\setupapi.log
2014-04-09 23:34 - 2005-11-29 07:08 - 03157770 _____ () C:\WINDOWS\FaxSetup.log
2014-04-09 23:34 - 2005-11-29 07:08 - 01538802 _____ () C:\WINDOWS\ocgen.log
2014-04-09 23:34 - 2005-11-29 07:08 - 01216067 _____ () C:\WINDOWS\tsoc.log
2014-04-09 23:34 - 2005-11-29 07:08 - 00849299 _____ () C:\WINDOWS\comsetup.log
2014-04-09 23:34 - 2005-11-29 07:08 - 00516328 _____ () C:\WINDOWS\ntdtcsetup.log
2014-04-09 23:34 - 2005-11-29 07:08 - 00498452 _____ () C:\WINDOWS\iis6.log
2014-04-09 23:34 - 2005-11-29 07:08 - 00158879 _____ () C:\WINDOWS\msgsocm.log
2014-04-09 23:34 - 2005-11-29 07:08 - 00136961 _____ () C:\WINDOWS\ocmsn.log
2014-04-09 23:34 - 2005-11-29 07:08 - 00001355 _____ () C:\WINDOWS\imsins.log
2014-04-09 23:33 - 2014-04-09 23:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$
2014-04-09 23:29 - 2013-08-03 14:13 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-04-09 22:56 - 2005-11-29 16:13 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-04-09 22:55 - 2014-04-09 22:51 - 00012882 _____ () C:\WINDOWS\KB2936068-IE8.log
2014-04-09 22:55 - 2009-06-18 10:33 - 00000000 ____D () C:\WINDOWS\ie8updates
2014-04-09 22:55 - 2005-11-29 16:09 - 00281077 _____ () C:\WINDOWS\updspapi.log
2014-04-09 22:55 - 2005-11-29 07:08 - 00001355 _____ () C:\WINDOWS\imsins.BAK
2014-04-09 12:08 - 2014-04-09 12:08 - 00002965 _____ () C:\Documents and Settings\James\Desktop\RKreport[0]_S_04092014_120833.txt
2014-04-09 12:08 - 2014-04-09 11:59 - 00000000 ____D () C:\Documents and Settings\James\Desktop\RK_Quarantine
2014-04-09 12:08 - 2013-06-23 12:52 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-04-09 11:18 - 2013-06-16 15:46 - 00000000 ____D () C:\Documents and Settings\James\Local Settings\Application Data\CRE
2014-04-09 10:25 - 2014-02-28 23:50 - 00000000 ____D () C:\Documents and Settings\James\Desktop\personal
2014-04-09 10:18 - 2014-02-17 06:51 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk
2014-04-09 10:18 - 2013-12-28 04:28 - 00001842 _____ () C:\Documents and Settings\James\Desktop\NortonLive Solutions Toolkit Report Saturday, December 28, 2013 3_28_02 AM.lnk
2014-04-09 10:18 - 2013-12-11 03:02 - 00001844 _____ () C:\Documents and Settings\James\Desktop\NortonLive Solutions Toolkit Report Wednesday, December 11, 2013 2_02_44 AM.lnk
2014-04-09 10:18 - 2013-11-17 10:22 - 00001549 _____ () C:\Documents and Settings\All Users\Desktop\EPSON Print CD.lnk
2014-04-09 10:18 - 2013-07-14 13:51 - 00001801 _____ () C:\Documents and Settings\All Users\Desktop\Autodesk Revit 7.0.lnk
2014-04-09 10:09 - 2014-02-28 23:50 - 00000000 ____D () C:\Documents and Settings\James\Desktop\Projects2014
2014-04-09 04:12 - 2013-06-08 09:59 - 00000000 ____D () C:\Documents and Settings\James\My Documents\NortonLive EasySupport
2014-04-08 23:13 - 2014-01-29 11:54 - 00000000 ____D () C:\WINDOWS\system32\Drivers\N360
2014-04-08 23:12 - 2014-01-29 11:56 - 00001851 _____ () C:\Documents and Settings\All Users\Desktop\Norton 360 Premier Edition.LNK
2014-04-08 23:12 - 2014-01-29 11:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton 360
2014-04-08 08:55 - 2014-04-08 08:51 - 00021986 _____ () C:\Program Files\Addition.txt
2014-04-08 08:17 - 2005-11-29 16:54 - 00108027 _____ () C:\WINDOWS\wmsetup.log
2014-04-08 06:30 - 2013-06-08 09:58 - 00000000 ____D () C:\Program Files\NortonLive EasySupport
2014-04-08 06:21 - 2002-09-03 10:14 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl
2014-04-04 10:21 - 2014-03-20 11:55 - 95027928 ____T () C:\Documents and Settings\All Users\Application Data\gvfqljw.bbr
2014-03-27 03:02 - 2014-03-20 12:20 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2014-03-25 06:49 - 2014-03-25 06:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-03-25 06:45 - 2014-03-25 06:45 - 17523384 _____ (Malwarebytes Corporation ) C:\Program Files\mbam-setup-2.0.0.1000.exe
2014-03-24 13:46 - 2013-07-22 09:44 - 00000744 _____ () C:\Documents and Settings\James\Start Menu\Programs\Design Manager.lnk
2014-03-24 13:46 - 2005-11-29 15:23 - 00001517 _____ () C:\Documents and Settings\James\Start Menu\Programs\Remote Assistance.lnk
2014-03-24 13:42 - 2014-01-21 05:43 - 00001470 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom Advanced Control Suite.lnk
2014-03-24 13:42 - 2013-10-11 08:00 - 00001787 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk
2014-03-24 13:42 - 2013-06-11 11:19 - 00000803 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady 7.0.lnk
2014-03-24 13:42 - 2013-06-11 11:19 - 00000798 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop 7.0.lnk
2014-03-24 13:42 - 2005-11-29 18:06 - 00000995 ____H () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Connect.lnk
2014-03-24 13:42 - 2005-11-29 17:24 - 00001766 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk
2014-03-24 13:42 - 2005-11-29 15:18 - 00001517 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk
2014-03-24 13:42 - 2005-11-29 15:18 - 00001487 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk
2014-03-24 13:42 - 2005-11-29 15:18 - 00001431 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk
2014-03-24 13:42 - 2005-11-29 15:15 - 00001830 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
2014-03-24 13:41 - 2013-06-10 11:35 - 00000649 _____ () C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk
2014-03-24 13:40 - 2014-03-20 12:20 - 00001517 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk
2014-03-20 12:20 - 2014-03-20 12:20 - 00000000 ____D () C:\Documents and Settings\Administrator
2014-03-15 22:10 - 2014-03-15 22:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
2014-03-15 22:10 - 2014-03-15 22:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
2014-03-15 22:09 - 2014-03-15 22:09 - 00000000 ____D () C:\Program Files\iPod
2014-03-15 22:09 - 2013-10-01 13:57 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-03-15 21:54 - 2014-03-15 21:54 - 00000000 ____D () C:\Program Files\QuickTime
2014-03-15 21:54 - 2014-03-15 21:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
2014-03-15 21:23 - 2013-10-01 14:00 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-15 20:51 - 2014-02-17 10:08 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
2014-03-14 03:38 - 2014-03-05 13:29 - 00000000 ____D () C:\Documents and Settings\James\Application Data\vlc
2014-03-12 23:16 - 2005-11-29 07:08 - 00633708 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-12 23:14 - 2014-03-12 03:19 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job
2014-03-12 10:19 - 2013-06-04 19:54 - 00000000 ____D () C:\Documents and Settings\James\Application Data\U3
2014-03-12 03:48 - 2009-03-21 07:06 - 00993280 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kernel32.dll
2014-03-12 03:48 - 2002-09-03 09:39 - 00993280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-03-12 03:19 - 2005-11-29 07:07 - 00299640 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-03-12 03:02 - 2014-03-12 03:02 - 00012796 _____ () C:\WINDOWS\KB2925418-IE8.log
2014-03-12 03:01 - 2014-03-12 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$
2014-03-12 03:01 - 2014-03-12 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$
2014-03-12 03:01 - 2014-03-12 00:53 - 00012937 _____ () C:\WINDOWS\KB2930275.log
2014-03-12 03:01 - 2014-03-12 00:53 - 00011686 _____ () C:\WINDOWS\KB2929961.log
2014-03-11 03:02 - 2014-03-11 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$
2014-03-11 03:02 - 2014-03-11 03:00 - 00005743 _____ () C:\WINDOWS\KB2934207.log
 
Some content of TEMP:
====================
C:\Documents and Settings\James\Local Settings\Temp\ntdll_dump.dll
C:\Documents and Settings\James\Local Settings\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================
Link to post
Share on other sites

System restore is working because 2 restore points were just created:

 

09-04-2014 14:07:10 System Checkpoint <-------Wednesday
10-04-2014 05:51:53 Software Distribution Service 3.0 <-------Thursday

 

----------------------------------------------------------------

It looks OK....How's it running???

Just.......
Clean out temp files:

Download TFC from here and save it to your desktop.
http://oldtimer.geekstogo.com/TFC.exe
http://www.bleepingcomputer.com/download/tfc/dl/92/
Close any open programs and Internet browsers.
Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
Please be patient as clearing out temp files may take a while.
Once it completes you may be prompted to restart your computer, please do so.
Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

Let me know how it is and if there's no other problems..........

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!

MrC

Link to post
Share on other sites

ok going to run now, but to answer your question i think its running pretty good. I do get a funny breech of internet at random that lasts a few minutes where sometimes iwill need to reset data card. its wireless coming from sprint to a data card receiver then goes across the room to an adapter on my dell. its never been great but these disconnects are strange because all signals show strong. it shows as a google chrome can not find site regardless of the browse. not urgent but thought id mention. ok going to get rid of the temps and then the security bit. i will not attach the logs

Link to post
Share on other sites

log

 Results of screen317's Security Check version 0.99.81  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Disabled!  
 Norton 360     
`````````Anti-malware/Other Utilities Check:````````` 
 Java 6 Update 24  
 Java 7 Update 51  
 Java SE Runtime Environment 6 Update 1 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Reader XI  
 Google Chrome 33.0.1750.146  
 Google Chrome 33.0.1750.154  
````````Process Check: objlist.exe by Laurent````````  
 James Desktop Projects2014 Office\computer malware Crash\SecurityCheck.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:: 10% 
````````````````````End of Log`````````````````````` 
Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.