Ran Farbar Note: I also checked boxes Lists, Shortcuts and Drivers along with Additions I believe this is the 2nd time ive ran this but prettty sure you know that. I guess that demos how clueless i am as to what we are doing. lol Logs: Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014 01Ran by James at 2014-04-10 21:09:55Running from C:\Documents and Settings\James\Desktop\Projects2014\Office\computer malware CrashBoot Mode: Normal========================================================== ==================== Security Center ======================== AV: Norton 360 Premier Edition (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}FW: Norton 360 Premier Edition (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} ==================== Installed Programs ====================== 7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )Adobe Acrobat 6.0.1 Professional (HKLM\...\{AC76BA86-1033-0000-7760-000000000001}) (Version: 006.000.001 - Adobe Systems)Adobe Atmosphere Player for Acrobat and Adobe Reader (HKLM\...\Adobe Atmosphere Player) (Version: - )Adobe Flash Player 10 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 10.0.12.36 - Adobe Systems Incorporated)Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.9.900.170 - Adobe Systems Incorporated)Adobe Photoshop 7.0 (HKLM\...\Adobe Photoshop 7.0) (Version: 7.0 - Adobe Systems, Inc.)Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)Adobe Shockwave Player 12.0 (HKLM\...\Adobe Shockwave Player) (Version: 12.0.9.149 - Adobe Systems, Inc.)Apple Application Support (HKLM\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{18D47FA1-0440-48D3-A7E0-DA09537FF471}) (Version: 7.1.1.3 - Apple Inc.)Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)AutoCAD 2006 - English (HKLM\...\{5783F2D7-4001-0409-0002-0060B0CE6BBA}) (Version: 16.2.54.10 - Autodesk)Autodesk DWF Viewer (HKLM\...\Autodesk DWF Viewer) (Version: 5.1 - Autodesk, Inc.)Autodesk Revit 7.0 (HKLM\...\{E3D15ED3-7156-495F-8B48-7CDD7DD55AE9}) (Version: 7.0 - Autodesk, Inc.)Awesome Files Connect 1.0.1.2 (HKLM\...\{6378021C-DDBB-467D-9302-46CA3DD0D5CD}_is1) (Version: 1.0.1.2 - Macroplant, LLC)BACS (Version: 3.36.0000 - Broadcom) HiddenBass Station 1.6 (HKLM\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 1.6 - Novation Digital Music Systems Ltd.)Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)Broadcom Advanced Control Suite (HKLM\...\InstallShield_{468190DA-FB4C-45BA-8E40-4B165FF1A939}) (Version: 3.36.0000 - Broadcom)Canon iP6700D User Registration (HKLM\...\Canon iP6700D User Registration) (Version: - )Conexant D850 56K V.9x DFVc Modem (HKLM\...\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1) (Version: - )Dell ResourceCD (HKLM\...\{D78653C3-A8FF-415F-92E6-D774E634FF2D}) (Version: - )Dell System Detect (HKCU\...\9204f5692a8faf3b) (Version: 5.4.0.4 - Dell)Design Manager (HKLM\...\Design Manager) (Version: - )Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version: - )Epson Connect Printer Setup (HKLM\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.1.1 - SEIKO EPSON CORPORATION)Epson E-Web Print (HKLM\...\{695C8469-7822-4B31-A673-5ED84815B649}) (Version: 1.17.0000 - SEIKO EPSON CORPORATION)EPSON Print CD (HKLM\...\{FF477885-5EA8-40D0-ADF3-D4C1B86FAEA4}) (Version: 1.50.000 - )EPSON Printer Finder (HKLM\...\{B8ECD0D3-AE08-4891-B6C7-32F96B75EB6C}) (Version: 1.0.0 - SEIKO EPSON CORPORATION)EPSON Printer Software (HKLM\...\EPSON Printer and Utilities) (Version: - )EPSON Scan (HKLM\...\EPSON Scanner) (Version: - Seiko Epson Corporation)EPSON SP1400 Reference Guide (HKLM\...\Silent Package Run-Time Sample) (Version: - )EPSON XP-400 Series Printer Uninstall (HKLM\...\EPSON XP-400 Series) (Version: - SEIKO EPSON Corporation)Focusrite Scarlett Plug-in Suite 1.1 (HKLM\...\{D7F912D4-C237-4079-966A-5044A5025CBF}}_is1) (Version: 1.1 - Focusrite Audio Engineering Ltd.)Focusrite USB 2.0 Audio Driver 2.5b2 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.5b2 - Focusrite Audio Engineering Limited.)Google Chrome (HKLM\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)Google Update Helper (Version: 1.3.23.9 - Google Inc.) HiddeniExplorer 3.2.4.2 (HKLM\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant LLC)Intel® PRO Ethernet Adapter and Software (HKLM\...\PROSet) (Version: - )iTunes (HKLM\...\{2F21564D-DE05-4C6D-B21E-08B9D313FAB3}) (Version: 11.1.5.5 - Apple Inc.)Java 7 Update 51 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217040FF}) (Version: 7.0.510 - Oracle)Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) HiddenJava 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)Java SE Runtime Environment 6 Update 1 (HKLM\...\{3248F0A8-6813-11D6-A77B-00B0D0160010}) (Version: 1.6.0.10 - Sun Microsystems, Inc.)Live 8.0.9 (HKLM\...\Live 8.0.9) (Version: - )Microsoft .NET Framework 1.1 (HKLM\...\Microsoft .NET Framework 1.1 (1033)) (Version: - )Microsoft .NET Framework 1.1 (Version: 1.1.4322 - Microsoft) HiddenMicrosoft .NET Framework 1.1 Security Update (KB2833941) (HKLM\...\M2833941) (Version: - )Microsoft .NET Framework 1.1 Security Update (KB979906) (HKLM\...\M979906) (Version: - )Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft .NET Framework 4 Extended (HKLM\...\Microsoft .NET Framework 4 Extended) (Version: 4.0.30319 - Microsoft Corporation)Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) HiddenMicrosoft Compression Client Pack 1.0 for Windows XP (HKLM\...\MSCompPackV1) (Version: 1 - Microsoft Corporation)Microsoft Encarta Encyclopedia Standard 2003 (HKLM\...\{03410014-3975-4267-9F39-1DC4745090B7}) (Version: 2003 - Microsoft Corporation)Microsoft User-Mode Driver Framework Feature Pack 1.0 (HKLM\...\Wudf01000) (Version: - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Word 2002 (HKLM\...\{911B0409-6000-11D3-8CFE-0050048383C9}) (Version: 10.0.2627.01 - Microsoft Corporation)Microsoft Works 2003 Setup Launcher (HKLM\...\Works2003Setup) (Version: - )Microsoft Works 7.0 (HKLM\...\{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}) (Version: 07.02.0710.1 - Microsoft Corporation)Microsoft Works Suite Add-in for Microsoft Word (HKLM\...\{7EE9DE0D-9228-4C33-B80E-FDD1773600DF}) (Version: 2.0.0.0000 - Microsoft Corporation)MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB936181) (HKLM\...\{C04E32E0-0416-434D-AFB9-6969D703A9EF}) (Version: 4.20.9848.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)MSXML 6 Service Pack 2 (KB973686) (HKLM\...\{56EA8BC0-3751-4B93-BC9D-6651CC36E5AA}) (Version: 6.20.2003.0 - Microsoft Corporation)MSXML4 Parser (HKLM\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)Norton 360 (HKLM\...\N360) (Version: 21.2.0.38 - Symantec Corporation)NortonLive EasySupport (HKLM\...\NortonLive EasySupport) (Version: 64.0.5.2 - Support.com, Inc.)NVIDIA Display Driver (HKLM\...\NVIDIA Display Driver) (Version: - )NVIDIA Windows 2000/XP Display Drivers (HKLM\...\NVIDIA) (Version: - )Picasa 2 (HKLM\...\Picasa2) (Version: 2.0 - Google, Inc.)QuickTime 7 (HKLM\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)Scarlett MixControl 1.5 (HKLM\...\Saffire USB 26_is1) (Version: 1.5 - Focusrite Audio Engineering Limited)Sierra Wireless USB MUX Driver Package (HKLM\...\{5600094C-5EA0-4BE8-9ECE-4C9B726AC9D9}) (Version: 0.56.1 - Sierra Wireless)SketchUp 2013 (HKLM\...\{B75BC01B-4586-43F8-9349-D250DB98F26F}) (Version: 13.0.4812 - Trimble Navigation Limited)Software Updater (HKLM\...\{6DFBE8A2-CDBF-453E-B34C-32F202FCEE4C}) (Version: 4.2.1 - SEIKO EPSON CORPORATION) <==== ATTENTIONSoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: - )swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) HiddenUpdate for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (HKLM\...\{3C3901C5-3455-3E0A-A214-0B093A5070A6}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Microsoft .NET Framework 4 Extended (KB2533523) (HKLM\...\{0A0CADCF-78DA-33C4-A350-CD51849B9702}.KB2533523) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)Update for Windows XP (KB2934207) (HKLM\...\KB2934207) (Version: 1 - Microsoft Corporation)Update for Windows XP (KB955839) (HKLM\...\KB955839) (Version: 1 - Microsoft Corporation)VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)WD SmartWare (HKLM\...\{2AA48AFA-79CA-4043-BFFC-BB5BA23A9FCF}) (Version: 1.3.0.16 - Western Digital)WebFldrs XP (Version: 9.50.6513 - Microsoft Corporation) HiddenWindows Driver Package - Focusrite USB 2.0 Audio Driver (06/17/2013 2.5.64.2) (HKLM\...\82A4D3DBF49D068DA591B228D1E23D1CD8CF9B34) (Version: 06/17/2013 2.5.64.2 - Focusrite)Windows Driver Package - Focusrite USB 2.0 Audio Driver (10/13/2011 2.2.128.0) (HKLM\...\5EBE05A38E0ED7FB7DC4171215DC5B0266DA1D51) (Version: 10/13/2011 2.2.128.0 - Focusrite)Windows Genuine Advantage v1.3.0254.0 (Version: 1.3.0254.0 - Microsoft) HiddenWindows Genuine Advantage Validation Tool (KB892130) (HKLM\...\WGA) (Version: 1.7.0069.2 - Microsoft Corporation)Windows Imaging Component (HKLM\...\WIC) (Version: 3.0.0.0 - Microsoft Corporation)Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)Windows Media Connect (Version: - Microsoft Corporation) HiddenWindows Media Format 11 runtime (HKLM\...\Windows Media Format Runtime) (Version: - )Windows Media Format 11 runtime (Version: - Microsoft Corporation) HiddenWindows Media Player 11 (HKLM\...\Windows Media Player) (Version: - )Windows Media Player 11 (Version: - Microsoft Corporation) HiddenWindows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)Works Suite OS Pack (Version: 3.0.0.0000 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 11-01-2014 15:46:16 System Checkpoint12-01-2014 18:25:44 System Checkpoint14-01-2014 05:04:37 System Checkpoint14-01-2014 11:00:18 Software Distribution Service 3.015-01-2014 11:00:19 Software Distribution Service 3.016-01-2014 05:56:40 Removed Adobe Acrobat 6.0.1 Professional16-01-2014 15:44:40 Installed Adobe Acrobat 6.0 Professional17-01-2014 17:32:53 System Checkpoint18-01-2014 18:16:43 System Checkpoint19-01-2014 23:41:05 System Checkpoint21-01-2014 04:28:21 System Checkpoint21-01-2014 12:17:44 Installed Broadcom Advanced Control Suite21-01-2014 13:25:47 Installed Java 7 Update 5122-01-2014 14:57:01 System Checkpoint23-01-2014 15:50:21 System Checkpoint24-01-2014 18:32:14 System Checkpoint26-01-2014 14:17:03 System Checkpoint27-01-2014 14:50:44 System Checkpoint28-01-2014 19:37:35 System Checkpoint29-01-2014 23:57:01 System Checkpoint31-01-2014 16:35:55 NortonLive Service Complete01-02-2014 16:59:28 System Checkpoint02-02-2014 17:45:27 System Checkpoint03-02-2014 20:18:08 System Checkpoint04-02-2014 20:41:56 System Checkpoint05-02-2014 21:25:45 System Checkpoint07-02-2014 06:37:57 System Checkpoint08-02-2014 09:36:17 System Checkpoint09-02-2014 10:55:19 System Checkpoint10-02-2014 11:36:10 System Checkpoint11-02-2014 12:03:19 System Checkpoint12-02-2014 12:09:53 System Checkpoint13-02-2014 11:00:24 Software Distribution Service 3.014-02-2014 11:57:46 System Checkpoint15-02-2014 14:17:29 System Checkpoint16-02-2014 20:35:58 System Checkpoint18-02-2014 06:05:22 System Checkpoint19-02-2014 11:41:56 System Checkpoint20-02-2014 12:09:29 System Checkpoint23-02-2014 00:56:34 System Checkpoint23-02-2014 14:26:15 Restore Operation23-02-2014 18:25:31 Restore Operation23-02-2014 18:29:59 Restore Operation23-02-2014 18:56:57 Restore Operation25-02-2014 05:40:39 System Checkpoint02-03-2014 06:56:51 System Checkpoint03-03-2014 11:37:27 System Checkpoint04-03-2014 15:47:17 System Checkpoint04-03-2014 21:14:37 Installed Software Updater05-03-2014 21:44:32 System Checkpoint07-03-2014 09:11:35 System Checkpoint08-03-2014 09:36:19 System Checkpoint09-03-2014 12:13:51 System Checkpoint10-03-2014 12:17:27 System Checkpoint11-03-2014 10:00:23 Software Distribution Service 3.012-03-2014 10:00:21 Software Distribution Service 3.013-03-2014 13:56:06 System Checkpoint14-03-2014 14:28:25 System Checkpoint16-03-2014 04:22:43 System Checkpoint17-03-2014 11:00:18 System Checkpoint18-03-2014 12:00:08 System Checkpoint18-03-2014 23:24:31 Software Distribution Service 3.009-04-2014 14:07:10 System Checkpoint10-04-2014 05:51:53 Software Distribution Service 3.0 ==================== Hosts content: ========================== 2002-09-03 09:34 - 2002-09-03 09:34 - 00000734 ____N C:\WINDOWS\system32\Drivers\etc\hosts127.0.0.1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job => C:\WINDOWS\system32\xp_eos.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1644491937-1229272821-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exeTask: C:\WINDOWS\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1644491937-1229272821-839522115-1004.job => C:\Program Files\Real\RealUpgrade\realupgrade.exe ==================== Loaded Modules (whitelisted) ============= 2014-01-21 05:51 - 2005-02-28 16:57 - 00075264 _____ () C:\WINDOWS\System32\spool\PRTPROCS\W32X86\DLBTPP5C.dll2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll2013-10-08 00:49 - 2013-10-08 00:49 - 00044032 _____ () C:\Program Files\NortonLive EasySupport\ESResources.dll2010-05-10 12:32 - 2010-05-10 12:32 - 01858048 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe2010-05-10 12:32 - 2010-05-10 12:32 - 00482304 _____ () C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe2013-10-18 16:55 - 2013-10-18 16:55 - 25100288 _____ () C:\Documents and Settings\James\Application Data\Dropbox\bin\libcef.dll2014-03-15 20:50 - 2014-03-14 17:50 - 00051016 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll2014-03-15 20:50 - 2014-03-14 17:50 - 04061000 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll2014-03-15 20:50 - 2014-03-14 17:50 - 00394568 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll2014-03-15 20:50 - 2014-03-14 17:50 - 01647432 _____ () C:\Program Files\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Disabled items from MSCONFIG ============== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (04/08/2014 10:36:20 AM) (Source: Application Error) (User: )Description: Fault bucket 154672576.The Wep key exchange did not result in a secure connection setup after 802.1x authentication. The current setting has been marked as failed and the Wireless connection will be disconnected. Error: (04/08/2014 10:26:42 AM) (Source: Application Error) (User: )Description: Faulting application roguekiller.exe, version 8.8.15.0, faulting module roguekiller.exe, version 8.8.15.0, fault address 0x000377c7.Processing media-specific event for [roguekiller.exe!ws!] Error: (04/04/2014 10:09:23 AM) (Source: Windows Search Service) (User: )Description: The application cannot be initialized. Context: Windows Application Details:This file is shorter than 2 bytes. Unicode text file must begin with a wide character that indicates byte order. (0x80042105) Error: (04/04/2014 10:09:23 AM) (Source: Windows Search Service) (User: )Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details:This file is shorter than 2 bytes. Unicode text file must begin with a wide character that indicates byte order. (0x80042105) Error: (03/24/2014 11:20:21 AM) (Source: Application Hang) (User: )Description: Hanging application taskmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/24/2014 11:19:12 AM) (Source: Application Hang) (User: )Description: Hanging application taskmgr.exe, version 5.1.2600.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/20/2014 10:59:21 AM) (Source: Application Hang) (User: )Description: Fault bucket 128201230. Error: (03/20/2014 10:58:36 AM) (Source: Application Hang) (User: )Description: Hanging application chrome.exe, version 33.0.1750.154, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/14/2014 04:24:49 PM) (Source: Application Hang) (User: )Description: Hanging application chrome.exe, version 33.0.1750.146, hang module hungapp, version 0.0.0.0, hang address 0x00000000. Error: (03/14/2014 04:24:38 PM) (Source: Application Hang) (User: )Description: Hanging application chrome.exe, version 33.0.1750.146, hang module hungapp, version 0.0.0.0, hang address 0x00000000. System errors:=============Error: (04/09/2014 00:17:58 PM) (Source: DCOM) (User: NT AUTHORITY)Description: DCOM got error "%%1084" attempting to start the service EventSystem with arguments ""in order to run the server:{1BE1F766-5536-11D1-B726-00C04FB926AF} Error: (04/09/2014 00:15:03 PM) (Source: DCOM) (User: LDOFFICE)Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""in order to run the server:{BA126AE5-2166-11D1-B1D0-00805FC1270E} Error: (04/09/2014 00:12:37 PM) (Source: DCOM) (User: LDOFFICE)Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""in order to run the server:{BA126AE5-2166-11D1-B1D0-00805FC1270E} Error: (04/09/2014 11:58:23 AM) (Source: DCOM) (User: LDOFFICE)Description: DCOM got error "%%1084" attempting to start the service StiSvc with arguments ""in order to run the server:{A1F4E726-8CF1-11D1-BF92-0060081ED811} Error: (04/09/2014 11:58:10 AM) (Source: DCOM) (User: LDOFFICE)Description: DCOM got error "%%1084" attempting to start the service netman with arguments ""in order to run the server:{BA126AE5-2166-11D1-B1D0-00805FC1270E} Error: (04/09/2014 11:57:28 AM) (Source: Service Control Manager) (User: )Description: The following boot-start or system-start driver(s) failed to load: AFDBHDrvx86ccSet_N360eeCtrlFipsintelppmIPSecMRxSmbNetBIOSNetBTOMCIRasAcdRdbssSRTSPXSymIRONSYMTDITcpip Error: (04/09/2014 11:57:28 AM) (Source: Service Control Manager) (User: )Description: The IPSEC Services service depends on the IPSEC driver service which failed to start because of the following error: %%31 Error: (04/09/2014 11:57:28 AM) (Source: Service Control Manager) (User: )Description: The Bonjour Service service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error: (04/09/2014 11:57:28 AM) (Source: Service Control Manager) (User: )Description: The Apple Mobile Device service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: %%31 Error: (04/09/2014 11:57:28 AM) (Source: Service Control Manager) (User: )Description: The TCP/IP NetBIOS Helper service depends on the AFD Networking Support Environment service which failed to start because of the following error: %%31 Microsoft Office Sessions:=========================Error: (04/08/2014 10:36:20 AM) (Source: Application Error)(User: )Description: 154672576 Error: (04/08/2014 10:26:42 AM) (Source: Application Error)(User: )Description: roguekiller.exe8.8.15.0roguekiller.exe8.8.15.0000377c7 Error: (04/04/2014 10:09:23 AM) (Source: Windows Search Service)(User: )Description: Context: Windows Application Details:This file is shorter than 2 bytes. Unicode text file must begin with a wide character that indicates byte order. (0x80042105) Error: (04/04/2014 10:09:23 AM) (Source: Windows Search Service)(User: )Description: Context: Windows Application, SystemIndex Catalog Details:This file is shorter than 2 bytes. Unicode text file must begin with a wide character that indicates byte order. (0x80042105) Error: (03/24/2014 11:20:21 AM) (Source: Application Hang)(User: )Description: taskmgr.exe5.1.2600.5512hungapp0.0.0.000000000 Error: (03/24/2014 11:19:12 AM) (Source: Application Hang)(User: )Description: taskmgr.exe5.1.2600.5512hungapp0.0.0.000000000 Error: (03/20/2014 10:59:21 AM) (Source: Application Hang)(User: )Description: 128201230 Error: (03/20/2014 10:58:36 AM) (Source: Application Hang)(User: )Description: chrome.exe33.0.1750.154hungapp0.0.0.000000000 Error: (03/14/2014 04:24:49 PM) (Source: Application Hang)(User: )Description: chrome.exe33.0.1750.146hungapp0.0.0.000000000 Error: (03/14/2014 04:24:38 PM) (Source: Application Hang)(User: )Description: chrome.exe33.0.1750.146hungapp0.0.0.000000000 ==================== Memory info =========================== Percentage of memory in use: 58%Total physical RAM: 1535 MBAvailable physical RAM: 633.72 MBTotal Pagefile: 2155.5 MBAvailable Pagefile: 1281.57 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1936.41 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:55.87 GB) (Free:28.99 GB) NTFS ==>[Drive with boot components (Windows XP)]Drive f: () (Fixed) (Total:298.08 GB) (Free:289.44 GB) NTFS ==>[Drive with boot components (Windows XP)] ==================== MBR & Partition Table ================== ========================================================Disk: 0 (MBR Code: Windows XP) (Size: 56 GB) (Disk ID: 9DC96E9E)Partition 1: (Active) - (Size=56 GB) - (Type=07 NTFS) ========================================================Disk: 1 (MBR Code: Windows XP) (Size: 298 GB) (Disk ID: DC16CED5) Partition: GPT Partition Type. ==================== End Of Log ============================ Next Log:Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014 01 (ATTENTION: ====> FRST version is 28 days old and could be outdated)Ran by James (administrator) on LDOFFICE on 10-04-2014 21:08:50Running from C:\Documents and Settings\James\Desktop\Projects2014\Office\computer malware CrashMicrosoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Seiko Epson Corporation) C:\WINDOWS\system32\EscSvc.exe(Oracle Corporation) C:\Program Files\Java\jre7\bin\jqs.exe(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.2.0.38\N360.exe(Support.com, Inc.) C:\Program Files\NortonLive EasySupport\esService.exe(NVIDIA Corporation) C:\WINDOWS\System32\nvsvc32.exe(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe(Support.com, Inc.) C:\Program Files\NortonLive EasySupport\escont.exe() C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe(Symantec Corporation) C:\Program Files\Norton 360\Engine\21.2.0.38\N360.exe(Microsoft Corporation) C:\Program Files\Windows Media Player\WMPNSCFG.exe(WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe(Dropbox, Inc.) C:\Documents and Settings\James\Application Data\Dropbox\bin\Dropbox.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [sunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)HKLM\...\Run: [NvCplDaemon] - C:\WINDOWS\system32\NvCpl.dll [5058560 2003-10-06] (NVIDIA Corporation)HKLM\...\Run: [KernelFaultCheck] - %systemroot%\system32\dumprep 0 -kHKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-20] (Adobe Systems Incorporated)HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\qttask.exe [421888 2014-01-17] (Apple Inc.)HKLM\...\Run: [iTunesHelper] - "F:\Program Files\itunes\iTunesHelper.exe"HKLM\...\Policies\Explorer: [NoCDBurning] 0HKU\.DEFAULT\...\Policies\Explorer: [CDRAutoRun] 0HKU\S-1-5-21-1644491937-1229272821-839522115-1004\...\Run: [EPSON Stylus Photo 1400 Series] - C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBUA.EXE [143360 2006-10-11] (SEIKO EPSON CORPORATION)HKU\S-1-5-21-1644491937-1229272821-839522115-1004\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [204288 2009-01-30] (Microsoft Corporation)HKU\S-1-5-21-1644491937-1229272821-839522115-1004\...\Run: [DellSystemDetect] - C:\Documents and Settings\James\Start Menu\Programs\Dell\Dell System Detect.appref-msHKU\S-1-5-21-1644491937-1229272821-839522115-1004\...\MountPoints2: {55583d80-cecd-11e2-ad79-0007e97e147b} - G:\WIN\setup.exeStartup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnkShortcutTarget: Acrobat Assistant.lnk -> F:\Program Files\Distillr\acrotray.exe (No File)Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled ()Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnkShortcutTarget: WDDMStatus.lnk -> C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)Startup: C:\Documents and Settings\James\Start Menu\Programs\Startup\AutorunsDisabled ()Startup: C:\Documents and Settings\James\Start Menu\Programs\Startup\Dropbox.lnkShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\James\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehpHKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xCE81701C5840CF01HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-usSearchScopes: HKLM - DefaultScope value is missing.BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Acrobat\ActiveX\AcroIEHelper.dll No FileBHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll ()BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton 360\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - F:\Program Files\Acrobat\AcroIEFavClient.dll No FileBHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)Toolbar: HKLM - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files\Epson Software\E-Web Print\ewps_tb.dll (SEIKO EPSON CORPORATION)Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - F:\Program Files\Acrobat\AcroIEFavClient.dll No FileToolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\System32\browseui.dll (Microsoft Corporation)Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)Toolbar: HKCU - Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll No FileDPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133304240325DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cabDPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cabDPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabHandler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)ShellExecuteHooks: Windows Desktop Search Namespace Manager - {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll [304128 2009-05-24] (Microsoft Corporation)Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox:========FF ProfilePath: C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\lm2pyt1u.defaultFF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll No FileFF Plugin: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)FF Plugin: @Apple.com/iTunes,version=1.0 - F:\Program Files\itunes\Mozilla Plugins\npitunes.dll No FileFF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)FF Plugin: @microsoft.com/WPF,version=3.5 - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin: @videolan.org/vlc,version=2.1.3 - F:\Downloads\VLC\npvlc.dll No FileFF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)FF Extension: No Name - C:\Documents and Settings\James\Application Data\Mozilla\Firefox\Profiles\lm2pyt1u.default\Extensions\staged [2013-12-28]FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF HKLM\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files\Epson Software\E-Web Print\Firefox Add-onFF Extension: E-Web Print - C:\Program Files\Epson Software\E-Web Print\Firefox Add-on [2013-12-09]FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFFFF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2014-01-29]FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ [] Chrome: =======CHR Plugin: (Widevine Content Decryption Module) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll ()CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\33.0.1750.154\pdf.dll ()CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)CHR Plugin: (QuickTime Plug-in 7.7.5) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll No FileCHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)CHR Plugin: (Java Platform SE 7 U51) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No FileCHR Plugin: (Windows Presentation Foundation) - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)CHR Plugin: (Shockwave for Director) - C:\WINDOWS\system32\Adobe\Director\np32dsw_1209149.dll (Adobe Systems, Inc.)CHR Plugin: (VLC Web Plugin) - F:\Downloads\VLC\npvlc.dll No FileCHR Plugin: (iTunes Application Detector) - F:\Program Files\itunes\Mozilla Plugins\npitunes.dll No FileCHR Extension: (PDFzen PDF Viewer & Editor) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\adgncicbhbjfpijkdmbijninnhnmiblj [2014-02-21]CHR Extension: (Google Docs) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-06-06]CHR Extension: (Google Drive) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-06-06]CHR Extension: (UJAM - Make your music.) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdiogojbmdncjdpljocafnigiokgmci [2013-06-06]CHR Extension: (YouTube) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-06-06]CHR Extension: (Ge.tt) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cdgghbbgmhcpidlmnepkbihehhkmjomc [2013-06-06]CHR Extension: (Google Search) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-06-06]CHR Extension: (Gmail Offline) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2013-06-06]CHR Extension: (Google Calendar) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2013-06-06]CHR Extension: (Wunderlist - To-do and Task list) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2013-06-06]CHR Extension: (Jon Klassen) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gmgjhcokclngghkncjakaigpjhfhpoek [2013-06-06]CHR Extension: (Cull TV) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gofijfkjdoldpfdcgjeajagjgddfmihf [2013-06-06]CHR Extension: (Divvr) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lackkieddhpmioebogincgkkcagabhgm [2013-06-06]CHR Extension: (Planner 5D) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mcafejemebbngbglfoinpoaannbihjna [2013-06-06]CHR Extension: (Quick Note) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mijlebbfndhelmdpmllgcfadlkankhok [2013-06-06]CHR Extension: (Norton Identity Protection) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-01-29]CHR Extension: (Sejda - PDF Split and Merge) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nhcknfplofcnpdjalbhnjognbpncojbi [2014-02-21]CHR Extension: (Google Wallet) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]CHR Extension: (cronsync) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pbngjmgfclegmldmnjbfbgpphbaakjnk [2013-06-06]CHR Extension: (Send from Gmail (by Google)) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc [2013-06-06]CHR Extension: (Weather Underground) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2013-06-06]CHR Extension: (Gmail) - C:\Documents and Settings\James\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-06-06]CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-24]CHR HKLM\...\Chrome\Extension: [mogmppbjfkngfoaecoialclfiabnpndg] - C:\Documents and Settings\James\Local Settings\Application Data\CRE\mogmppbjfkngfoaecoialclfiabnpndg.crx [2014-03-24] ========================== Services (Whitelisted) ================= S3 dlbt_device; C:\WINDOWS\system32\dlbtcoms.exe [466944 2005-03-03] (Dell)R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc.exe [122000 2011-12-12] (Seiko Epson Corporation)R2 JavaQuickStarterService; C:\Program Files\Java\jre7\bin\jqs.exe [182696 2013-12-18] (Oracle Corporation)R2 N360; C:\Program Files\Norton 360\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation)R2 NortonLive EasySupport; C:\Program Files\NortonLive EasySupport\esService.exe [997464 2013-10-08] (Support.com, Inc.)R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [110592 2010-05-10] (WDC)R2 WDFME; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1858048 2010-05-10] ()R2 WDSC; C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [482304 2010-05-10] ()S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [X] ==================== Drivers (Whitelisted) ==================== R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [17801 2013-06-04] (Meetinghouse Data Communications)S3 AWINDIS5; C:\WINDOWS\system32\AWINDIS5.SYS [16194 2002-04-11] (AMBIT Microsystems Corporation.)R1 BHDrvx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx86.sys [1098968 2014-03-18] (Symantec Corporation)R3 cbfs3; C:\WINDOWS\System32\DRIVERS\cbfs3.sys [299024 2012-04-09] (EldoS Corporation)R1 ccSet_N360; C:\WINDOWS\system32\drivers\N360\1502000.026\ccSetx86.sys [127064 2013-09-25] (Symantec Corporation)R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2014-03-24] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2014-01-28] (Symantec Corporation)S3 ffusb2audio; C:\WINDOWS\System32\DRIVERS\ffusb2audio.sys [101936 2013-06-17] (Focusrite Audio Engineering Limited.)R3 IDSxpx86; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140410.003\IDSxpx86.sys [383120 2014-04-08] (Symantec Corporation)R3 Linksys_adapter_H; C:\WINDOWS\System32\DRIVERS\AE2500xp.sys [1034240 2011-03-28] (Broadcom Corporation)R3 NAVENG; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140410.017\NAVENG.SYS [93272 2014-03-24] (Symantec Corporation)R3 NAVEX15; C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140410.017\NAVEX15.SYS [1612376 2014-03-24] (Symantec Corporation)R3 odysseyIM3; C:\WINDOWS\System32\DRIVERS\odysseyIM3.sys [62865 2013-06-07] (Funk Software, Inc.)R3 SRTSP; C:\WINDOWS\System32\Drivers\N360\1502000.026\SRTSP.SYS [664280 2014-02-12] (Symantec Corporation)R1 SRTSPX; C:\WINDOWS\system32\drivers\N360\1502000.026\SRTSPX.SYS [32344 2013-09-09] (Symantec Corporation)S3 swmsflt; C:\WINDOWS\System32\drivers\swmsflt.sys [39632 2010-05-17] ()R3 swvspser; C:\WINDOWS\System32\DRIVERS\swvspser.sys [30080 2009-08-13] (Sierra Wireless Inc.)R0 SymDS; C:\WINDOWS\System32\drivers\N360\1502000.026\SYMDS.SYS [367704 2013-09-09] (Symantec Corporation)R0 SymEFA; C:\WINDOWS\System32\drivers\N360\1502000.026\SYMEFA.SYS [936152 2014-03-03] (Symantec Corporation)R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2014-01-29] (Symantec Corporation)R1 SymIRON; C:\WINDOWS\system32\drivers\N360\1502000.026\Ironx86.SYS [206936 2013-09-26] (Symantec Corporation)R1 SYMTDI; C:\WINDOWS\System32\Drivers\N360\1502000.026\SYMTDI.SYS [423256 2014-02-17] (Symantec Corporation)S3 NETGEAR_WG311_SERVICE; system32\DRIVERS\wg311nd5.sys [X]U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)U3 TrueSight; \??\C:\WINDOWS\system32\TrueSight.sys [X] ========================== Drivers MD5 ======================= C:\WINDOWS\System32\DRIVERS\ACPI.sys 8FD99680A539792A30E97944FDAECF17C:\WINDOWS\system32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5C:\WINDOWS\System32\drivers\aeaudio.sys 11C04B17ED2ABBB4833694BCD644AC90C:\WINDOWS\System32\drivers\aec.sys 8BED39E3C35D6A489438B8141717A557C:\WINDOWS\System32\DRIVERS\AegisP.sys 2C5C22990156A1063E19AD162191DC1DC:\WINDOWS\System32\drivers\afd.sys 1E44BC1E83D8FD2305F8D452DB109CF9C:\WINDOWS\System32\DRIVERS\agp440.sys 08FD04AA961BDC77FB983F328334E3D7C:\WINDOWS\System32\DRIVERS\asyncmac.sys B153AFFAC761E7F5FCFA822B9C4E97BCC:\WINDOWS\System32\DRIVERS\atapi.sys 9F3A2F5AA6875C72BF062C712CFA2674C:\WINDOWS\System32\DRIVERS\atmarpc.sys 9916C1225104BA14794209CFA8012159C:\WINDOWS\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68C:\WINDOWS\system32\AWINDIS5.SYS F62B70D3209E38A6C19A03109A25B903C:\WINDOWS\system32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140319.001\BHDrvx86.sys 0305AF513F52CCCD0716002EC06AC2AAC:\WINDOWS\System32\DRIVERS\cbfs3.sys F6B032F03602321CBAD380A6EB883525C:\WINDOWS\system32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9C:\WINDOWS\system32\drivers\N360\1502000.026\ccSetx86.sys 56C2811FD0D7B727808A69407B5BFAE0C:\WINDOWS\system32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873BC:\WINDOWS\system32\Drivers\Cdfs.sys C885B02847F5D2FD45A24E219ED93B32C:\WINDOWS\System32\DRIVERS\cdrom.sys 1F4260CC5B42272D71F79E570A27A4FEC:\WINDOWS\System32\DRIVERS\disk.sys 044452051F3E02E7963599FC8F4F3E25C:\WINDOWS\System32\drivers\dmboot.sys D992FE1274BDE0F84AD826ACAE022A41C:\WINDOWS\System32\drivers\dmio.sys 7C824CF7BBDE77D95C08005717A95F6FC:\WINDOWS\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5FC:\WINDOWS\System32\drivers\DMusic.sys 8A208DFCF89792A484E76C40E5F50B45C:\WINDOWS\System32\drivers\drmkaud.sys 8F5FCFF8E8848AFAC920905FBD9D33C8C:\WINDOWS\System32\DRIVERS\e100b325.sys 98ED0BEA10477B0F252CCA35EB50F838C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 08EE8892FD19A6A951F40254E97F6EF3C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 050D136C61DBCF36C257206ADBBEC009C:\WINDOWS\system32\Drivers\Fastfat.sys 38D332A6D56AF32635675F132548343EC:\WINDOWS\System32\DRIVERS\fdc.sys 92CDD60B6730B9F50F6A1A0C1F8CDC81C:\WINDOWS\System32\DRIVERS\ffusb2audio.sys F63AE4BDC6C2A6CBB0DCB436ABEA5E95C:\WINDOWS\system32\Drivers\Fips.sys D45926117EB9FA946A6AF572FBE1CAA3C:\WINDOWS\System32\DRIVERS\flpydisk.sys 9D27E7B80BFCDF1CDD9B555862D5E7F0C:\WINDOWS\System32\drivers\fltmgr.sys B2CF4B0786F8212CB92ED2B50C6DB6B0C:\WINDOWS\system32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779AC:\WINDOWS\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259DC:\WINDOWS\System32\Drivers\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBBC:\WINDOWS\System32\DRIVERS\msgpc.sys 0A02C63C8B144BD8C86B103DEE7C86A2C:\WINDOWS\System32\DRIVERS\hidusb.sys CCF82C5EC8A7326C3066DE870C06DAF1C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys 77E4FF0B73BC0AEAAF39BF0C8104231FC:\WINDOWS\System32\DRIVERS\HSF_DP.sys 60E1604729A15EF4A3B05F298427B3B1C:\WINDOWS\System32\Drivers\HTTP.sys F80A415EF82CD06FFAF0D971528EAD38C:\WINDOWS\System32\DRIVERS\i8042prt.sys 4A0B06AA8943C1E332520F7440C0AA30C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140410.003\IDSxpx86.sys 67E770480F9777BBA8C5307BE4F69EF0C:\WINDOWS\System32\DRIVERS\imapi.sys 083A052659F5310DD8B6A6CB05EDCF8EC:\WINDOWS\System32\DRIVERS\intelide.sys B5466A9250342A7AA0CD1FBA13420678C:\WINDOWS\System32\DRIVERS\intelppm.sys 8C953733D8F36EB2133F5BB58808B66BC:\WINDOWS\System32\drivers\ip6fw.sys 3BB22519A194418D5FEC05D800A19AD0C:\WINDOWS\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182C:\WINDOWS\System32\DRIVERS\ipinip.sys B87AB476DCF76E72010632B5550955F5C:\WINDOWS\System32\DRIVERS\ipnat.sys CC748EA12C6EFFDE940EE98098BF96BBC:\WINDOWS\System32\DRIVERS\ipsec.sys 23C74D75E36E7158768DD63D92789A91C:\WINDOWS\System32\DRIVERS\irenum.sys C93C9FF7B04D772627A3646D89F7BF89C:\WINDOWS\System32\DRIVERS\isapnp.sys 05A299EC56E52649B1CF2FC52D20F2D7C:\WINDOWS\System32\DRIVERS\kbdclass.sys 463C1EC80CD17420A542B7F36A36F128C:\WINDOWS\System32\DRIVERS\kbdhid.sys 9EF487A186DEA361AA06913A75B3FA99C:\WINDOWS\System32\drivers\kmixer.sys 692BCF44383D056AED41B045A323D378C:\WINDOWS\system32\Drivers\KSecDD.sys B467646C54CC746128904E1654C750C1C:\WINDOWS\System32\DRIVERS\AE2500xp.sys BCDF72DCE41874B3AD9143D537B493B2C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys EEAEA6514BA7C9D273B5E87C4E1AAB30C:\WINDOWS\system32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6C:\WINDOWS\system32\Drivers\Modem.sys DFCBAD3CEC1C5F964962AE10E0BCC8E1C:\WINDOWS\System32\drivers\MODEMCSA.sys 1992E0D143B09653AB0F9C5E04B0FD65C:\WINDOWS\System32\DRIVERS\mouclass.sys 35C9E97194C8CFB8430125F8DBC34D04C:\WINDOWS\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685C:\WINDOWS\system32\Drivers\MountMgr.sys A80B9A0BAD1B73637DBCBBA7DF72D3FDC:\WINDOWS\System32\DRIVERS\mrxdav.sys 11D42BB6206F33FBB3BA0288D3EF81BDC:\WINDOWS\System32\DRIVERS\mrxsmb.sys 7D304A5EB4344EBEEAB53A2FE3FFB9F0C:\WINDOWS\system32\Drivers\Msfs.sys C941EA2454BA8350021D774DAF0F1027C:\WINDOWS\System32\drivers\MSKSSRV.sys D1575E71568F4D9E14CA56B7B0453BF1C:\WINDOWS\System32\drivers\MSPCLOCK.sys 325BB26842FC7CCC1FCCE2C457317F3EC:\WINDOWS\System32\drivers\MSPQM.sys BAD59648BA099DA4A17680B39730CB3DC:\WINDOWS\System32\DRIVERS\mssmbios.sys AF5F4F3F14A8EA2C26DE30F7A1E17136C:\WINDOWS\system32\Drivers\Mup.sys DE6A75F5C270E756C5508D94B6CF68F5C:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140410.017\NAVENG.SYS 81E928EE3751FAF725C87CC17726C05DC:\Program Files\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140410.017\NAVEX15.SYS E0C39FA6C76AE8ED53ABF043F35ECDFFC:\WINDOWS\system32\Drivers\NDIS.sys 1DF7F42665C94B825322FAE71721130DC:\WINDOWS\System32\DRIVERS\ndistapi.sys 0109C4F3850DFBAB279542515386AE22C:\WINDOWS\System32\DRIVERS\ndisuio.sys F927A4434C5028758A842943EF1A3849C:\WINDOWS\System32\DRIVERS\ndiswan.sys EDC1531A49C80614B2CFDA43CA8659ABC:\WINDOWS\system32\Drivers\NDProxy.sys 2F597BB467E05B1FE3830EABD821B8E0C:\WINDOWS\System32\DRIVERS\netbios.sys 5D81CF9A2F1A3A756B66CF684911CDF0C:\WINDOWS\System32\DRIVERS\netbt.sys 74B2B2F5BEA5E9A3DC021D685551BD3DC:\WINDOWS\system32\Drivers\Npfs.sys 3182D64AE053D6FB034F44B6DEF8034AC:\WINDOWS\system32\Drivers\Ntfs.sys 78A08DD6A8D65E697C18E1DB01C5CDCAC:\WINDOWS\system32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3ADC:\WINDOWS\System32\DRIVERS\nv4_mini.sys 71DBDC08DF86B80511E72953FA1AD6B0C:\WINDOWS\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57C:\WINDOWS\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9C:\WINDOWS\System32\DRIVERS\odysseyIM3.sys 5DCC587DEBA479B1F8E33AA8FB079B8AC:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS CEC7E2C6C1FA00C7AB2F5434F848AE51C:\WINDOWS\System32\DRIVERS\parport.sys 5575FAF8F97CE5E713D108C2A58D7C7CC:\WINDOWS\system32\Drivers\PartMgr.sys BEB3BA25197665D82EC7065B724171C6C:\WINDOWS\system32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1C:\WINDOWS\System32\DRIVERS\pci.sys A219903CCF74233761D92BEF471A07B1C:\WINDOWS\System32\DRIVERS\pciide.sys CCF5F451BB1A5A2A522A76E670000FF0C:\WINDOWS\system32\Drivers\Pcmcia.sys 9E89EF60E9EE05E3F2EEF2DA7397F1C1C:\WINDOWS\System32\DRIVERS\raspptp.sys EFEEC01B1D3CF84F16DDD24D9D9D8F99C:\WINDOWS\System32\DRIVERS\processr.sys A32BEBAF723557681BFC6BD93E98BD26C:\WINDOWS\System32\DRIVERS\psched.sys 09298EC810B07E5D582CB3A3F9255424C:\WINDOWS\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADDC:\WINDOWS\System32\Drivers\PxHelp20.sys 183EF96BCC2EC3D5294CB2C2C0ECBCD1C:\WINDOWS\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9CC:\WINDOWS\System32\DRIVERS\rasl2tp.sys 11B4A627BC9614B885C4969BFA5FF8A6C:\WINDOWS\System32\DRIVERS\raspppoe.sys 5BC962F2654137C9909C3D4603587DEEC:\WINDOWS\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242C:\WINDOWS\System32\DRIVERS\rdbss.sys 7AD224AD1A1437FE28D89CF22B17780AC:\WINDOWS\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332C:\WINDOWS\system32\Drivers\RDPWD.sys 43AF5212BD8FB5BA6EED9754358BD8F7C:\WINDOWS\System32\DRIVERS\redbook.sys F828DD7E1419B6653894A8F97A0094C5C:\WINDOWS\System32\Drivers\RimUsb.sys F17713D108ACA124A139FDE877EEF68AC:\WINDOWS\System32\DRIVERS\secdrv.sys ==> MD5 is legitC:\WINDOWS\System32\DRIVERS\serenum.sys 0F29512CCD6BEAD730039FB4BD2C85CEC:\WINDOWS\System32\DRIVERS\serial.sys CCA207A8896D4C6A0C9CE29A4AE411A7C:\WINDOWS\system32\Drivers\Sfloppy.sys 8E6B8C671615D126FDC553D1E2DE5562C:\WINDOWS\System32\drivers\smwdm.sys 70B8DD8707DBF6142530C106365DF67DC:\WINDOWS\System32\drivers\splitter.sys AB8B92451ECB048A4D1DE7C3FFCB4A9FC:\WINDOWS\System32\DRIVERS\sr.sys 76BB022C2FB6902FD5BDD4F78FC13A5DC:\WINDOWS\System32\Drivers\N360\1502000.026\SRTSP.SYS 91C966DE2058116525748050A22C8170C:\WINDOWS\system32\drivers\N360\1502000.026\SRTSPX.SYS 1B6D68043F488F70E889276E1585B7AAC:\WINDOWS\System32\DRIVERS\srv.sys 47DDFC2F003F7F9F0592C6874962A2E7C:\WINDOWS\System32\DRIVERS\ssmirrdr.sys F843301BDADB2728822C83413EF5F132C:\WINDOWS\System32\DRIVERS\swenum.sys 3941D127AEF12E93ADDF6FE6EE027E0FC:\WINDOWS\System32\drivers\swmidi.sys 8CE882BCC6CF8A62F2B2323D95CB3D01C:\WINDOWS\System32\drivers\swmsflt.sys 40FF1AF10735CF67746B50780EFF7AE4C:\WINDOWS\System32\DRIVERS\swmx00.sys AF88AE62B84D016EB5BDC12DDF1005A3C:\WINDOWS\System32\DRIVERS\SWNC5E00.sys 24BCE62E4DA07C6488E3A7FF37A6B6AEC:\WINDOWS\System32\DRIVERS\swvspser.sys 30FB94A196DD48E5E36BC0FC431C1389C:\WINDOWS\System32\drivers\N360\1502000.026\SYMDS.SYS 4C3DEF736D3857570166DE5C858600F5C:\WINDOWS\System32\drivers\N360\1502000.026\SYMEFA.SYS B70A98F20B4180F2751CFD7656116342C:\WINDOWS\system32\Drivers\SYMEVENT.SYS E987A9CB539147527F56943BB34B7375C:\WINDOWS\system32\drivers\N360\1502000.026\Ironx86.SYS E3A3CA230C7547364BB3D9DA0C301A36C:\WINDOWS\System32\Drivers\N360\1502000.026\SYMTDI.SYS D602FFD15F577256770C82DD2D07214FC:\WINDOWS\System32\drivers\sysaudio.sys 8B83F3ED0F1688B4958F77CD6D2BF290C:\WINDOWS\System32\DRIVERS\tcpip.sys 9AEFA14BD6B182D61E3119FA5F436D3DC:\WINDOWS\system32\Drivers\TDPIPE.sys 6471A66807F5E104E4885F5B67349397C:\WINDOWS\system32\Drivers\TDTCP.sys C56B6D0402371CF3700EB322EF3AAF61C:\WINDOWS\System32\DRIVERS\termdd.sys 88155247177638048422893737429D9EC:\WINDOWS\system32\Drivers\Udfs.sys 5787B80C2E3C5E2F56C2A233D91FA2C9C:\WINDOWS\System32\DRIVERS\update.sys 402DDC88356B1BAC0EE3DD1580C76A31C:\WINDOWS\System32\Drivers\usbaapl.sys 6E421CCC57059B0186C6259CA3B6DFC9C:\WINDOWS\System32\DRIVERS\usbccgp.sys 1B611611C28D2DF25BC057D79C6F13FCC:\WINDOWS\System32\DRIVERS\usbehci.sys 4BAC8DF07F1D8434FC640E677A62204EC:\WINDOWS\System32\DRIVERS\usbhub.sys 1AB3CDDE553B6E064D2E754EFE20285CC:\WINDOWS\System32\DRIVERS\usbprint.sys A717C8721046828520C9EDF31288FC00C:\WINDOWS\System32\DRIVERS\usbscan.sys F8EDE2B6928970DCE3D5614C27D9E7F6C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS A32426D9B14A089EAA1D922E0C5801A9C:\WINDOWS\System32\DRIVERS\usbuhci.sys 26496F9DEE2D787FC3E61AD54821FFE6C:\WINDOWS\System32\drivers\vga.sys 0D3A8FAFCEACD8B7625CD549757A7DF1C:\WINDOWS\system32\Drivers\VolSnap.sys 4C8FCB5CC53AAB716D810740FE59D025C:\WINDOWS\System32\DRIVERS\wanarp.sys E20B95BAEDB550F32DD489265C1DA1F6C:\WINDOWS\System32\DRIVERS\wdcsam.sys D6EFAF429FD30C5DF613D220E344CCE7C:\WINDOWS\System32\drivers\wdmaud.sys 6768ACF64B18196494413695F0C3A00FC:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys F59ED5A43B988A18EF582BB07B2327A7C:\WINDOWS\System32\DRIVERS\WudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311C:\WINDOWS\System32\DRIVERS\wudfrd.sys 28B524262BCE6DE1F7EF9F510BA3985B ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-10 20:03 - 2014-04-10 20:25 - 00000000 ____D () C:\AdwCleaner2014-04-10 06:50 - 2014-04-10 06:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes2014-04-10 06:49 - 2014-04-10 07:48 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2014-04-10 06:49 - 2014-04-10 06:49 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-04-10 06:28 - 2014-04-10 06:28 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-04-09 23:33 - 2014-04-09 23:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$2014-04-09 22:51 - 2014-04-09 22:55 - 00012882 _____ () C:\WINDOWS\KB2936068-IE8.log2014-04-09 22:48 - 2014-04-09 23:34 - 00016295 _____ () C:\WINDOWS\KB2922229.log2014-04-09 12:08 - 2014-04-09 12:08 - 00002965 _____ () C:\Documents and Settings\James\Desktop\RKreport[0]_S_04092014_120833.txt2014-04-09 11:59 - 2014-04-09 12:08 - 00000000 ____D () C:\Documents and Settings\James\Desktop\RK_Quarantine2014-04-08 08:51 - 2014-04-08 08:55 - 00021986 _____ () C:\Program Files\Addition.txt2014-04-08 08:48 - 2014-04-10 21:08 - 00000000 ____D () C:\FRST2014-03-25 06:49 - 2014-03-25 06:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-03-25 06:45 - 2014-03-25 06:45 - 17523384 _____ (Malwarebytes Corporation ) C:\Program Files\mbam-setup-2.0.0.1000.exe2014-03-20 12:20 - 2014-03-27 03:02 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini2014-03-20 12:20 - 2014-03-24 13:40 - 00001517 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk2014-03-20 12:20 - 2014-03-20 12:20 - 00000000 ____D () C:\Documents and Settings\Administrator2014-03-20 12:20 - 2005-11-29 15:18 - 00000792 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Windows Media Player.lnk2014-03-20 12:20 - 2005-11-29 15:18 - 00000000 ___RD () C:\Documents and Settings\Administrator\Start Menu\Programs\Accessories2014-03-20 11:55 - 2014-04-04 10:21 - 95027928 ____T () C:\Documents and Settings\All Users\Application Data\gvfqljw.bbr2014-03-15 22:10 - 2014-03-15 22:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes2014-03-15 22:09 - 2014-03-15 22:10 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E12014-03-15 22:09 - 2014-03-15 22:09 - 00000000 ____D () C:\Program Files\iPod2014-03-15 21:54 - 2014-03-15 21:54 - 00000000 ____D () C:\Program Files\QuickTime2014-03-15 21:54 - 2014-03-15 21:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime2014-03-12 03:19 - 2014-04-10 20:30 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2014-03-12 03:19 - 2014-03-12 23:14 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2014-03-12 03:02 - 2014-03-12 03:02 - 00012796 _____ () C:\WINDOWS\KB2925418-IE8.log2014-03-12 03:01 - 2014-03-12 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$2014-03-12 03:01 - 2014-03-12 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$2014-03-12 00:53 - 2014-03-12 03:01 - 00012937 _____ () C:\WINDOWS\KB2930275.log2014-03-12 00:53 - 2014-03-12 03:01 - 00011686 _____ () C:\WINDOWS\KB2929961.log2014-03-11 03:02 - 2014-03-11 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$2014-03-11 03:00 - 2014-03-11 03:02 - 00005743 _____ () C:\WINDOWS\KB2934207.log ==================== One Month Modified Files and Folders ======= 2014-04-10 21:08 - 2014-04-08 08:48 - 00000000 ____D () C:\FRST2014-04-10 20:49 - 2013-06-30 13:41 - 00000000 ___RD () C:\Documents and Settings\James\My Documents\Dropbox2014-04-10 20:49 - 2013-06-30 13:34 - 00000000 ____D () C:\Documents and Settings\James\Application Data\Dropbox2014-04-10 20:33 - 2005-11-29 15:44 - 01969335 _____ () C:\WINDOWS\WindowsUpdate.log2014-04-10 20:31 - 2005-11-29 07:10 - 00000159 _____ () C:\WINDOWS\wiadebug.log2014-04-10 20:31 - 2005-11-29 07:10 - 00000049 _____ () C:\WINDOWS\wiaservc.log2014-04-10 20:30 - 2014-03-12 03:19 - 00000222 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Logon.job2014-04-10 20:30 - 2013-06-06 10:51 - 00000884 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-04-10 20:30 - 2013-06-06 10:51 - 00000880 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-04-10 20:30 - 2005-11-29 15:18 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-04-10 20:29 - 2005-11-29 15:22 - 00032626 _____ () C:\WINDOWS\SchedLgU.Txt2014-04-10 20:28 - 2005-11-29 15:23 - 00000178 ___SH () C:\Documents and Settings\James\ntuser.ini2014-04-10 20:28 - 2005-11-29 15:23 - 00000000 ____D () C:\Documents and Settings\James2014-04-10 20:25 - 2014-04-10 20:03 - 00000000 ____D () C:\AdwCleaner2014-04-10 07:48 - 2014-04-10 06:49 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes' Anti-Malware (portable)2014-04-10 06:50 - 2014-04-10 06:50 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\Malwarebytes2014-04-10 06:49 - 2014-04-10 06:49 - 00107224 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-04-10 06:28 - 2014-04-10 06:28 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-04-09 23:34 - 2014-04-09 22:48 - 00016295 _____ () C:\WINDOWS\KB2922229.log2014-04-09 23:34 - 2013-08-14 03:11 - 00830608 _____ () C:\WINDOWS\setupapi.log2014-04-09 23:34 - 2005-11-29 07:08 - 03157770 _____ () C:\WINDOWS\FaxSetup.log2014-04-09 23:34 - 2005-11-29 07:08 - 01538802 _____ () C:\WINDOWS\ocgen.log2014-04-09 23:34 - 2005-11-29 07:08 - 01216067 _____ () C:\WINDOWS\tsoc.log2014-04-09 23:34 - 2005-11-29 07:08 - 00849299 _____ () C:\WINDOWS\comsetup.log2014-04-09 23:34 - 2005-11-29 07:08 - 00516328 _____ () C:\WINDOWS\ntdtcsetup.log2014-04-09 23:34 - 2005-11-29 07:08 - 00498452 _____ () C:\WINDOWS\iis6.log2014-04-09 23:34 - 2005-11-29 07:08 - 00158879 _____ () C:\WINDOWS\msgsocm.log2014-04-09 23:34 - 2005-11-29 07:08 - 00136961 _____ () C:\WINDOWS\ocmsn.log2014-04-09 23:34 - 2005-11-29 07:08 - 00001355 _____ () C:\WINDOWS\imsins.log2014-04-09 23:33 - 2014-04-09 23:33 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2922229$2014-04-09 23:29 - 2013-08-03 14:13 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-04-09 22:56 - 2005-11-29 16:13 - 88028728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-04-09 22:55 - 2014-04-09 22:51 - 00012882 _____ () C:\WINDOWS\KB2936068-IE8.log2014-04-09 22:55 - 2009-06-18 10:33 - 00000000 ____D () C:\WINDOWS\ie8updates2014-04-09 22:55 - 2005-11-29 16:09 - 00281077 _____ () C:\WINDOWS\updspapi.log2014-04-09 22:55 - 2005-11-29 07:08 - 00001355 _____ () C:\WINDOWS\imsins.BAK2014-04-09 12:08 - 2014-04-09 12:08 - 00002965 _____ () C:\Documents and Settings\James\Desktop\RKreport[0]_S_04092014_120833.txt2014-04-09 12:08 - 2014-04-09 11:59 - 00000000 ____D () C:\Documents and Settings\James\Desktop\RK_Quarantine2014-04-09 12:08 - 2013-06-23 12:52 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat2014-04-09 11:18 - 2013-06-16 15:46 - 00000000 ____D () C:\Documents and Settings\James\Local Settings\Application Data\CRE2014-04-09 10:25 - 2014-02-28 23:50 - 00000000 ____D () C:\Documents and Settings\James\Desktop\personal2014-04-09 10:18 - 2014-02-17 06:51 - 00001734 _____ () C:\Documents and Settings\All Users\Desktop\Adobe Reader XI.lnk2014-04-09 10:18 - 2013-12-28 04:28 - 00001842 _____ () C:\Documents and Settings\James\Desktop\NortonLive Solutions Toolkit Report Saturday, December 28, 2013 3_28_02 AM.lnk2014-04-09 10:18 - 2013-12-11 03:02 - 00001844 _____ () C:\Documents and Settings\James\Desktop\NortonLive Solutions Toolkit Report Wednesday, December 11, 2013 2_02_44 AM.lnk2014-04-09 10:18 - 2013-11-17 10:22 - 00001549 _____ () C:\Documents and Settings\All Users\Desktop\EPSON Print CD.lnk2014-04-09 10:18 - 2013-07-14 13:51 - 00001801 _____ () C:\Documents and Settings\All Users\Desktop\Autodesk Revit 7.0.lnk2014-04-09 10:09 - 2014-02-28 23:50 - 00000000 ____D () C:\Documents and Settings\James\Desktop\Projects20142014-04-09 04:12 - 2013-06-08 09:59 - 00000000 ____D () C:\Documents and Settings\James\My Documents\NortonLive EasySupport2014-04-08 23:13 - 2014-01-29 11:54 - 00000000 ____D () C:\WINDOWS\system32\Drivers\N3602014-04-08 23:12 - 2014-01-29 11:56 - 00001851 _____ () C:\Documents and Settings\All Users\Desktop\Norton 360 Premier Edition.LNK2014-04-08 23:12 - 2014-01-29 11:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\Norton 3602014-04-08 08:55 - 2014-04-08 08:51 - 00021986 _____ () C:\Program Files\Addition.txt2014-04-08 08:17 - 2005-11-29 16:54 - 00108027 _____ () C:\WINDOWS\wmsetup.log2014-04-08 06:30 - 2013-06-08 09:58 - 00000000 ____D () C:\Program Files\NortonLive EasySupport2014-04-08 06:21 - 2002-09-03 10:14 - 00002206 _____ () C:\WINDOWS\system32\wpa.dbl2014-04-04 10:21 - 2014-03-20 11:55 - 95027928 ____T () C:\Documents and Settings\All Users\Application Data\gvfqljw.bbr2014-03-27 03:02 - 2014-03-20 12:20 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini2014-03-25 06:49 - 2014-03-25 06:49 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware2014-03-25 06:45 - 2014-03-25 06:45 - 17523384 _____ (Malwarebytes Corporation ) C:\Program Files\mbam-setup-2.0.0.1000.exe2014-03-24 13:46 - 2013-07-22 09:44 - 00000744 _____ () C:\Documents and Settings\James\Start Menu\Programs\Design Manager.lnk2014-03-24 13:46 - 2005-11-29 15:23 - 00001517 _____ () C:\Documents and Settings\James\Start Menu\Programs\Remote Assistance.lnk2014-03-24 13:42 - 2014-01-21 05:43 - 00001470 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Broadcom Advanced Control Suite.lnk2014-03-24 13:42 - 2013-10-11 08:00 - 00001787 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Search.lnk2014-03-24 13:42 - 2013-06-11 11:19 - 00000803 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady 7.0.lnk2014-03-24 13:42 - 2013-06-11 11:19 - 00000798 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop 7.0.lnk2014-03-24 13:42 - 2005-11-29 18:06 - 00000995 ____H () C:\Documents and Settings\All Users\Start Menu\Programs\Windows Media Connect.lnk2014-03-24 13:42 - 2005-11-29 17:24 - 00001766 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Works Task Launcher.lnk2014-03-24 13:42 - 2005-11-29 15:18 - 00001517 _____ () C:\Documents and Settings\Default User\Start Menu\Programs\Remote Assistance.lnk2014-03-24 13:42 - 2005-11-29 15:18 - 00001487 _____ () C:\Documents and Settings\All Users\Start Menu\Set Program Access and Defaults.lnk2014-03-24 13:42 - 2005-11-29 15:18 - 00001431 _____ () C:\Documents and Settings\All Users\Start Menu\Windows Update.lnk2014-03-24 13:42 - 2005-11-29 15:15 - 00001830 _____ () C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk2014-03-24 13:41 - 2013-06-10 11:35 - 00000649 _____ () C:\Documents and Settings\All Users\Desktop\EPSON Scan.lnk2014-03-24 13:40 - 2014-03-20 12:20 - 00001517 _____ () C:\Documents and Settings\Administrator\Start Menu\Programs\Remote Assistance.lnk2014-03-20 12:20 - 2014-03-20 12:20 - 00000000 ____D () C:\Documents and Settings\Administrator2014-03-15 22:10 - 2014-03-15 22:10 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\iTunes2014-03-15 22:10 - 2014-03-15 22:09 - 00000000 ____D () C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E12014-03-15 22:09 - 2014-03-15 22:09 - 00000000 ____D () C:\Program Files\iPod2014-03-15 22:09 - 2013-10-01 13:57 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-03-15 21:54 - 2014-03-15 21:54 - 00000000 ____D () C:\Program Files\QuickTime2014-03-15 21:54 - 2014-03-15 21:54 - 00000000 ____D () C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime2014-03-15 21:23 - 2013-10-01 14:00 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job2014-03-15 20:51 - 2014-02-17 10:08 - 00001813 _____ () C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk2014-03-14 03:38 - 2014-03-05 13:29 - 00000000 ____D () C:\Documents and Settings\James\Application Data\vlc2014-03-12 23:16 - 2005-11-29 07:08 - 00633708 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-03-12 23:14 - 2014-03-12 03:19 - 00000216 _____ () C:\WINDOWS\Tasks\Microsoft Windows XP End of Service Notification Monthly.job2014-03-12 10:19 - 2013-06-04 19:54 - 00000000 ____D () C:\Documents and Settings\James\Application Data\U32014-03-12 03:48 - 2009-03-21 07:06 - 00993280 ____C (Microsoft Corporation) C:\WINDOWS\system32\dllcache\kernel32.dll2014-03-12 03:48 - 2002-09-03 09:39 - 00993280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll2014-03-12 03:19 - 2005-11-29 07:07 - 00299640 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-03-12 03:02 - 2014-03-12 03:02 - 00012796 _____ () C:\WINDOWS\KB2925418-IE8.log2014-03-12 03:01 - 2014-03-12 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2930275$2014-03-12 03:01 - 2014-03-12 03:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2929961$2014-03-12 03:01 - 2014-03-12 00:53 - 00012937 _____ () C:\WINDOWS\KB2930275.log2014-03-12 03:01 - 2014-03-12 00:53 - 00011686 _____ () C:\WINDOWS\KB2929961.log2014-03-11 03:02 - 2014-03-11 03:02 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2934207$2014-03-11 03:02 - 2014-03-11 03:00 - 00005743 _____ () C:\WINDOWS\KB2934207.log Some content of TEMP:====================C:\Documents and Settings\James\Local Settings\Temp\ntdll_dump.dllC:\Documents and Settings\James\Local Settings\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\WINDOWS\explorer.exe => MD5 is legitC:\WINDOWS\system32\winlogon.exe => MD5 is legitC:\WINDOWS\system32\svchost.exe => MD5 is legitC:\WINDOWS\system32\services.exe => MD5 is legitC:\WINDOWS\system32\User32.dll => MD5 is legitC:\WINDOWS\system32\userinit.exe => MD5 is legitC:\WINDOWS\system32\rpcss.dll => MD5 is legitC:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================