Jump to content

Bounced Emails I Did Not Send, Svchost Hogging Cpu


Recommended Posts

First post here, can't figure this one out.

 

Windows Vista SP2, 64 bit

 

Started 2-3 days ago (around 4-18), svchost hogging CPU, then I started getting bounced emails to addresses in  .DE with my return address. Once I shut off PC, the emails stopped.

 

Malwarebytes (premium) log found nothing and neither did norton, MBAR rook kit or FRST. 

 

Ran FRST posted log below.

 

Only lead I have is rougekiller which had a strange registry entry, I deleted it and rebooted but does not appear to be fixed. Roguekiller log is below with hooks to various DLL's, so I'm guessing I'm infected with something....  how can I fix this

 

 

 
FRST LOG
===========
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014
Ran by ernie (administrator) on ERNIE-PC on 22-04-2014 14:24:46
Running from C:\oh stuff
Windows Vista Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Code 42 Software, Inc.) C:\Program Files\CrashPlan\CrashPlanTray.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Agere Systems) C:\Program Files\LSI SoftModem\agr64svc.exe
(CrashPlan) C:\Program Files\CrashPlan\CrashPlanService.exe
(Sanford, L.P.) C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(HP) C:\Program Files (x86)\HP\ToolboxFX\bin\HPTLBXFX.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Verizon) C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe
(LeapFrog Enterprises, Inc.) C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Intuit) C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe
() C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\KBD\kbd.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Hewlett-Packard) c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Google Inc.) C:\Users\ernie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ernie\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ernie\AppData\Local\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [iAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [182808 2008-11-03] (Intel Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [KBD] => C:\Program Files (x86)\Hewlett-Packard\KBD\KbdStub.EXE [12288 2008-07-21] (Microsoft)
HKLM-x32\...\Run: [intuit SyncManager] => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe [1532760 2011-06-15] (Intuit Inc. All rights reserved.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-03-12] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [ToolBoxFX] => C:\Program Files (x86)\HP\ToolBoxFX\bin\HPTLBXFX.exe [53248 2008-01-10] (HP)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [DLSService] => "C:\Program Files (x86)\DYMO\DYMO Label Software\DLSService.exe"
HKLM-x32\...\Run: [Monitor] => C:\Program Files (x86)\LeapFrog\LeapFrog Connect\Monitor.exe [106496 2013-11-27] (LeapFrog Enterprises, Inc.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-19\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-926887384-2398991121-4048484460-1000\...\Run: [POP Peeper] => C:\Program Files (x86)\POP Peeper\POPPeeper.exe [1613824 2011-11-16] (Mortal Universe)
HKU\S-1-5-21-926887384-2398991121-4048484460-1000\...\Run: [Google Update] => C:\Users\ernie\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-15] (Google Inc.)
HKU\S-1-5-21-926887384-2398991121-4048484460-1000\...\Policies\Explorer: [NoSetActiveDesktop] 0
HKU\S-1-5-21-926887384-2398991121-4048484460-1000\...\MountPoints2: {bd92c53b-a20a-11e0-8f67-00248c6d2252} - L:\TLBootstrap_WPP.exe
HKU\S-1-5-21-926887384-2398991121-4048484460-1000\...\MountPoints2: {bd92c54d-a20a-11e0-8f67-00248c6d2252} - J:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-926887384-2398991121-4048484460-1000\...\MountPoints2: {cafa40d4-9a77-11e1-ab34-00248c6d2252} - J:\ToolLauncher-Bootstrap.exe
HKU\S-1-5-21-926887384-2398991121-4048484460-1000\...\MountPoints2: {d0fcd25b-1e24-11e0-983b-00248c6d2252} - M:\PMBP_Win.exe
HKU\S-1-5-21-926887384-2398991121-4048484460-1000\...\MountPoints2: {f8dfe04c-0c55-11e1-936e-00248c6d2252} - L:\ToolLauncher-Bootstrap.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=92&bd=Pavilion&pf=cndt
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {1B550B3D-2241-48AE-BCD1-9D0096CA1C01} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM - {1B550B3D-2241-48AE-BCD1-9D0096CA1C01} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM - {3F518B6F-A4B9-4752-ABB6-9DE717F7712F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - DefaultScope {1B550B3D-2241-48AE-BCD1-9D0096CA1C01} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - {1B550B3D-2241-48AE-BCD1-9D0096CA1C01} URL = http://search.live.com/results.aspx?q={searchTerms}&FORM=HPDTDF
SearchScopes: HKLM-x32 - {3F518B6F-A4B9-4752-ABB6-9DE717F7712F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKLM-x32 - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?&o=101881&l=dis&q={SEARCHTERMS}
SearchScopes: HKCU - {3F518B6F-A4B9-4752-ABB6-9DE717F7712F} URL = http://www.ask.com/web?q={searchterms}&l=dis&o=ushpd
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=360&chn=retail&geo=US&ver=21&locale=en_US&gct=kwd&qsrc=2869
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft Live Search Toolbar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Microsoft Live Search Toolbar - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - c:\Program Files (x86)\MSN\Toolbar\3.0.0541.0\msneshellx.dll (Microsoft Corp.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} -  No File
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 71.243.0.12
 
FireFox:
========
FF ProfilePath: C:\Users\ernie\AppData\Roaming\Mozilla\Firefox\Profiles\t80feenp.default
 
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin-x32: @dymo.com/DymoLabelFramework - C:\Program Files (x86)\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll ( Sanford L.P.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\ernie\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\ernie\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npbasic.dll ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\ernie\AppData\Roaming\Mozilla\Firefox\Profiles\t80feenp.default\searchplugins\amazon-search-suggestions.xml
FF SearchPlugin: C:\Users\ernie\AppData\Roaming\Mozilla\Firefox\Profiles\t80feenp.default\searchplugins\whocalledus-lookup.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\SafeSearch.xml
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn\
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-12-26]
 
Chrome: 
=======
 
CHR Plugin: (Shockwave Flash) - C:\Users\ernie\AppData\Local\Google\Chrome\Application\21.0.1180.75\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\ernie\AppData\Local\Google\Chrome\Application\34.0.1847.116\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\ernie\AppData\Local\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\ernie\AppData\Local\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Ringman Plugin for Mozilla) - C:\Program Files (x86)\Mozilla Firefox\plugins\npbasic.dll ( )
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (Motive Plugin) - C:\Program Files (x86)\Common Files\Motive\npMotive.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Java Platform SE 7 U5) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Java Deployment Toolkit 7.0.50.5) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Windows Presentation Foundation) - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
CHR Extension: (YouTube) - C:\Users\ernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-08-01]
CHR Extension: (Google Search) - C:\Users\ernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-08-01]
CHR Extension: (Google Wallet) - C:\Users\ernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-25]
CHR Extension: (Gmail) - C:\Users\ernie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-08-01]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\Exts\Chrome.crx [2014-03-24]
 
==================== Services (Whitelisted) =================
 
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agr64svc.exe [16896 2008-08-26] (Agere Systems)
R2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2012-03-15] (CrashPlan)
R2 DymoPnpService; C:\Program Files (x86)\DYMO\DYMO Label Software\DymoPnpService.exe [32336 2011-01-28] (Sanford, L.P.)
R2 IHA_MessageCenter; C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [350792 2013-09-13] (Verizon)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\21.2.0.38\N360.exe [265040 2014-03-12] (Symantec Corporation)
R2 TVCapSvc; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVCapSvc.exe [296320 2009-04-22] ()
R2 TVSched; C:\Program Files (x86)\Hewlett-Packard\Media\TV\Kernel\TV\TVSched.exe [116104 2009-04-22] ()
S2 Norton Internet Security; "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "C:\Program Files (x86)\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1
 
==================== Drivers (Whitelisted) ====================
 
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys [1525976 2014-03-18] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2014-02-01] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2014-01-13] (Symantec Corporation)
S3 HPEWSFXBULK; C:\Windows\System32\drivers\hpfx64bulk.sys [20504 2009-02-25] (Hewlett Packard)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140421.001\IDSvia64.sys [525016 2014-04-08] (Symantec Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [88280 2014-04-03] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140421.033\ENG64.SYS [126040 2014-04-18] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140421.033\EX64.SYS [2099288 2014-04-18] (Symantec Corporation)
R3 Ps2; C:\Windows\System32\DRIVERS\PS2.sys [21504 2006-09-07] ()
S3 SNP2STD; C:\Windows\System32\DRIVERS\snp2sxp.sys [12379136 2008-02-13] ()
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS [875736 2014-02-12] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)
S3 sscdserd; C:\Windows\System32\DRIVERS\sscdserd.sys [141384 2010-04-26] (MCCI Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-12-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)
R1 SYMTDIv; C:\Windows\System32\Drivers\N360x64\1502000.026\SYMTDIV.SYS [510168 2014-02-17] (Symantec Corporation)
S3 ALSysIO; \??\C:\Users\ernie\AppData\Local\Temp\ALSysIO64.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PCD5SRVC{8AAF211B-043E02A9-05040000}; \??\C:\PROGRA~1\PC-DOC~1\PCD5SRVC_x64.pkms [X]
S1 SASDIFSV; \??\C:\Users\ernie\AppData\Local\Temp\SAS_SelfExtract\SASDIFSV.SYS [X]
S3 SASENUM; \??\C:\Users\ernie\AppData\Local\Temp\SAS_SelfExtract\SASENUM.SYS [X]
S1 SASKUTIL; \??\C:\Users\ernie\AppData\Local\Temp\SAS_SelfExtract\SASKUTIL.sys [X]
S3 SYMFW; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMFW.SYS [X]
S3 SYMNDISV; \SystemRoot\System32\Drivers\N360x64\0308000.029\SYMNDISV.SYS [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\acpi.sys 1965AAFFAB07E3FB03C77F81BEBA3547
C:\Windows\system32\drivers\adp94xx.sys F14215E37CF124104575073F782111D2
C:\Windows\system32\drivers\adpahci.sys 7D05A75E3066861A6610F7EE04FF085C
C:\Windows\system32\drivers\adpu160m.sys 820A201FE08A0C345B3BEDBC30E1A77C
C:\Windows\system32\drivers\adpu320.sys 9B4AB6854559DC168FBB4C24FC52E794
C:\Windows\system32\drivers\afd.sys 2BA159E1F9FD75F6A496742B20F1D9CF
C:\Windows\System32\DRIVERS\agrsm64.sys 70E15CDA25E151DFC60636EF73F5A7BE
C:\Windows\system32\drivers\agp440.sys F6F6793B7F17B550ECFDBD3B229173F7
C:\Windows\system32\drivers\djsvs.sys 222CB641B4B8A1D1126F8033F9FD6A00
C:\Windows\system32\drivers\aliide.sys 157D0898D4B73F075CE9FA26B482DF98
C:\Windows\system32\drivers\amdide.sys 970FA5059E61E30D25307B99903E991E
C:\Windows\system32\drivers\amdk8.sys CDC3632A3A5EA4DBB83E46076A3165A1
C:\Windows\system32\drivers\arc.sys BA8417D4765F3988FF921F30F630E303
C:\Windows\system32\drivers\arcsas.sys 9D41C435619733B34CC16A511E644B11
C:\Windows\System32\DRIVERS\asyncmac.sys 22D13FF3DAFEC2A80634752B1EAA2DE6
C:\Windows\system32\drivers\atapi.sys 1898FAE8E07D97F2F6C2D5326C633FAC
C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\BASHDefs\20140409.001\BHDrvx64.sys 6FF763C82B98C8F3955B2C34A55C5E70
C:\Windows\system32\drivers\blbdrive.sys 79FEEB40056683F8F61398D81DDA65D2
C:\Windows\System32\DRIVERS\bowser.sys 2348447A80920B2493A9B582A23E81E1
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys F0F0BA4D815BE446AA6A4583CA3BCA9B
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys E0777B34E05F8A82A21856EFC900C29F
C:\Windows\system32\drivers\N360x64\1502000.026\ccSetx64.sys 0510396A957E9FD7205BA62D3CAE4528
C:\Windows\System32\DRIVERS\cdfs.sys B4D787DB8D30793A4D4DF9FEED18F136
C:\Windows\System32\DRIVERS\cdrom.sys C025AA69BE3D0D25C7A2E746EF6F94FC
C:\Windows\system32\drivers\circlass.sys 02EA568D498BBDD4BA55BF3FCE34D456
C:\Windows\System32\CLFS.sys 3DCA9A18B204939CFB24BEA53E31EB48
C:\Windows\system32\drivers\cmdide.sys E5D5499A1C50A54B5161296B6AFE6192
C:\Windows\system32\drivers\compbatt.sys 7FB8AD01DB0EABE60C8A861531A8F431
C:\Windows\System32\drivers\crcdisk.sys A8585B6412253803CE8EFCBD6D6DC15C
C:\Windows\System32\Drivers\dfsc.sys 8B722BA35205C71E7951CDC4CDBADE19
C:\Windows\System32\drivers\disk.sys B0107E40ECDB5FA692EBF832F295D905
C:\Windows\System32\DRIVERS\Dot4.sys 74C02B1717740C3B8039539E23E4B53F
C:\Windows\System32\DRIVERS\Dot4Prt.sys 08321D1860235BF42CF2854234337AEA
C:\Windows\System32\DRIVERS\Dot4Scan.sys 8B73CA3010D7C5C5CB939686C637E5D1
C:\Windows\System32\DRIVERS\dot4usb.sys 4ADCCF0124F2B6911D3786A5D0E779E5
C:\Windows\System32\drivers\drmkaud.sys F1A78A98CFC2EE02144C6BEC945447E6
C:\Windows\System32\drivers\dxgkrnl.sys 0A3C78677FF62E9E0AE7CC25C790A968
C:\Windows\System32\DRIVERS\E1G6032E.sys 264CEE7B031A9D6C827F3D0CB031F2FE
C:\Windows\System32\drivers\ecache.sys 5F94962BE5A62DB6E447FF6470C4F48A
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 1B7AA375F711F66D5FF2B855F9EC987F
C:\Windows\system32\drivers\elxstor.sys C4636D6E10469404AB5308D9FD45ED07
C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 7230C8B80DDE1F0524C353240B78CC0E
C:\Windows\system32\drivers\errdev.sys BC3A58E938BB277E46BF4B3003B01ABD
C:\Windows\System32\Drivers\exfat.sys 486844F47B6636044A42454614ED4523
C:\Windows\System32\Drivers\fastfat.sys 1A4BEE34277784619DDAF0422C0C6E23
C:\Windows\System32\DRIVERS\fdc.sys 81B79B6DF71FA1D2C6D688D830616E39
C:\Windows\System32\drivers\fileinfo.sys 457B7D1D533E4BD62A99AED9C7BB4C59
C:\Windows\System32\drivers\filetrace.sys D421327FD6EFCCAF884A54C58E1B0D7F
C:\Windows\System32\DRIVERS\flpydisk.sys 230923EA2B80F79B0F88D90F87B87EBD
C:\Windows\System32\drivers\fltmgr.sys E3041BC26D6930D61F42AEDB79C91720
C:\Windows\System32\Drivers\Fs_Rec.sys 5779B86CD8B32519FBECB136394D946A
C:\Windows\system32\drivers\gagp30kx.sys C8E416668D3DC2BE3D4FE4C79224997F
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys AF4DEE5531395DEE72B35B36C9671FD0
C:\Windows\System32\DRIVERS\HDAudBus.sys F942C5820205F2FB453243EDFEC82A3D
C:\Windows\system32\drivers\hidbth.sys B4881C84A180E75B8C25DC1D726C375F
C:\Windows\system32\drivers\hidir.sys 4E77A77E2C986E8F88F996BB3E1AD829
C:\Windows\System32\DRIVERS\hidusb.sys 443BDD2D30BB4F00795C797E2CF99EDF
C:\Windows\system32\drivers\hpcisss.sys D7109A1E6BD2DFDBCBA72A6BC626A13B
C:\Windows\System32\drivers\hpfx64bulk.sys DBD2BB97A574FC565B1EB5C0A03F917A
C:\Windows\System32\drivers\hpfx64fax.sys 219C2A07FD07023D3905C332BF6F9BA8
C:\Windows\System32\drivers\HTTP.sys 098F1E4E5C9CB5B0063A959063631610
C:\Windows\system32\drivers\i2omp.sys DA94C854CEA5FAC549D4E1F6E88349E8
C:\Windows\System32\DRIVERS\i8042prt.sys CBB597659A2713CE0C9CC20C88C7591F
C:\Windows\System32\drivers\iastor.sys 5979854E6FDA990107E3170327022117
C:\Windows\system32\drivers\iastorv.sys 3E3BF3627D886736D0B4E90054F929F6
C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\IPSDefs\20140421.001\IDSvia64.sys F6F8CDA3CC5207BFD0B319A26E33ACD3
C:\Windows\System32\DRIVERS\igdkmd64.sys A124C87CD0B39C9E510E138534468383
C:\Windows\system32\drivers\iirsp.sys 8C3951AD2FE886EF76C7B5027C3125D3
C:\Windows\System32\drivers\RTKVHD64.sys 1EDAB7F9B9DE4424BECCDEF950CE2FF0
C:\Windows\system32\drivers\intelide.sys DF797A12176F11B2D301C5B234BB200E
C:\Windows\System32\DRIVERS\intelppm.sys BFD84AF32FA1BAD6231C4585CB469630
C:\Windows\System32\DRIVERS\ipfltdrv.sys D8AABC341311E4780D6FCE8C73C0AD81
C:\Windows\system32\drivers\ipmidrv.sys 9C2EE2E6E5A7203BFAE15C299475EC67
C:\Windows\System32\DRIVERS\ipnat.sys B7E6212F581EA5F6AB0C3A6CEEEB89BE
C:\Windows\System32\drivers\irenum.sys 8C42CA155343A2F11D29FECA67FAA88D
C:\Windows\system32\drivers\isapnp.sys 0672BFCEDC6FC468A2B0500D81437F4F
C:\Windows\System32\DRIVERS\msiscsi.sys E4FDF99599F27EC25D2CF6D754243520
C:\Windows\system32\drivers\iteatapi.sys 63C766CDC609FF8206CB447A65ABBA4A
C:\Windows\system32\drivers\iteraid.sys 1281FE73B17664631D12F643CBEA3F59
C:\Windows\System32\DRIVERS\kbdclass.sys 423696F3BA6472DD17699209B933BC26
C:\Windows\System32\DRIVERS\kbdhid.sys DBDF75D51464FBC47D0104EC3D572C05
C:\Windows\System32\Drivers\ksecdd.sys 88956AD9FA510848AD176777A6C6C1F5
C:\Windows\system32\drivers\ksthunk.sys 1D419CF43DB29396ECD7113D129D94EB
C:\Windows\System32\DRIVERS\btblan.sys 797289607A5EBF31353AA5EAD141F872
C:\Windows\System32\DRIVERS\lltdio.sys 96ECE2659B6654C10A0C310AE3A6D02C
C:\Windows\system32\drivers\lsi_fc.sys ACBE1AF32D3123E330A07BFBC5EC4A9B
C:\Windows\system32\drivers\lsi_sas.sys 799FFB2FC4729FA46D2157C0065B3525
C:\Windows\system32\drivers\lsi_scsi.sys F445FF1DAAD8A226366BFAF42551226B
C:\Windows\system32\drivers\luafv.sys 52F87B9CC8932C2A7375C3B2A9BE5E3E
C:\Windows\System32\drivers\LVUSBS64.sys 0034F69D0007D3F77F6B96FA51228E85
C:\Windows\system32\drivers\mbamchameleon.sys 4A1356200B82B852E137B687F03E8054
C:\Windows\system32\drivers\mbam.sys FD5465B876D55534117963FAAA4B9DFC
C:\Windows\system32\drivers\MBAMSwissArmy.sys 6140163BFE9D8F2DFDBA088ED5521C13
C:\Windows\system32\drivers\mwac.sys 07B9C6E899E5109410F561F6DEE84B9E
C:\Windows\system32\drivers\megasas.sys 5C5CD6AACED32FB26C3FB34B3DCF972F
C:\Windows\system32\drivers\megasr.sys 859BC2436B076C77C159ED694ACFE8F8
C:\Windows\System32\drivers\modem.sys 59848D5CC74606F0EE7557983BB73C2E
C:\Windows\System32\DRIVERS\monitor.sys C247CC2A57E0A0C8C6DCCF7807B3E9E5
C:\Windows\System32\DRIVERS\mouclass.sys 9367304E5E412B120CF5F4EA14E4E4F1
C:\Windows\System32\DRIVERS\mouhid.sys C2C2BD5C5CE5AAF786DDD74B75D2AC69
C:\Windows\System32\drivers\mountmgr.sys 11BC9B1E8801B01F7F6ADB9EAD30019B
C:\Windows\system32\drivers\mpio.sys F8276EB8698142884498A528DFEA8478
C:\Windows\System32\drivers\mpsdrv.sys C92B9ABDB65A5991E00C28F13491DBA2
C:\Windows\system32\drivers\mraid35x.sys 3C200630A89EF2C0864D515B7A75802E
C:\Windows\system32\drivers\mrxdav.sys 7C1DE4AA96DC0C071611F9E7DE02A68D
C:\Windows\System32\DRIVERS\mrxsmb.sys 1485811B320FF8C7EDAD1CAEBB1C6C2B
C:\Windows\System32\DRIVERS\mrxsmb10.sys 3B929A60C833FC615FD97FBA82BC7632
C:\Windows\System32\DRIVERS\mrxsmb20.sys C64AB3E1F53B4F5B5BB6D796B2D7BEC3
C:\Windows\system32\drivers\msahci.sys 1AC860612B85D8E85EE257D372E39F4D
C:\Windows\system32\drivers\msdsm.sys 264BBB4AAF312A485F0E44B65A6B7202
C:\Windows\System32\Drivers\Msfs.sys 704F59BFC4512D2BB0146AEC31B10A7C
C:\Windows\System32\drivers\msisadrv.sys 00EBC952961664780D43DCA157E79B27
C:\Windows\System32\drivers\MSKSSRV.sys 0EA73E498F53B96D83DBFCA074AD4CF8
C:\Windows\System32\drivers\MSPCLOCK.sys 52E59B7E992A58E740AA63F57EDBAE8B
C:\Windows\System32\drivers\MSPQM.sys 49084A75BAE043AE02D5B44D02991BB2
C:\Windows\System32\Drivers\MsRPC.sys DC6CCF440CDEDE4293DB41C37A5060A5
C:\Windows\System32\DRIVERS\mssmbios.sys 855796E59DF77EA93AF46F20155BF55B
C:\Windows\System32\drivers\MSTEE.sys 86D632D75D05D5B7C7C043FA3564AE86
C:\Windows\System32\Drivers\mup.sys 0CC49F78D8ACA0877D885F149084E543
C:\Windows\System32\DRIVERS\nwifi.sys 2007B826C4ACD94AE32232B41F0842B9
C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140421.033\ENG64.SYS 702E07EC32F96ACDB873E9A5465D4401
C:\Program Files (x86)\Norton 360\NortonData\21.1.0.18\Definitions\VirusDefs\20140421.033\EX64.SYS 302EA314A1AF0D7CEF0A3D0195F79561
C:\Windows\System32\drivers\ndis.sys 65950E07329FCEE8E6516B17C8D0ABB6
C:\Windows\System32\DRIVERS\ndistapi.sys 64DF698A425478E321981431AC171334
C:\Windows\System32\DRIVERS\ndisuio.sys 8BAA43196D7B5BB972C9A6B2BBF61A19
C:\Windows\System32\DRIVERS\ndiswan.sys F8158771905260982CE724076419EF19
C:\Windows\System32\Drivers\NDProxy.sys 9CB77ED7CB72850253E973A2D6AFDF49
C:\Windows\System32\DRIVERS\netbios.sys A499294F5029A7862ADC115BDA7371CE
C:\Windows\System32\DRIVERS\netbt.sys FC2C792EBDDC8E28DF939D6A92C83D61
C:\Windows\system32\drivers\nfrd960.sys 4AC08BD6AF2DF42E0C3196D826C8AEA7
C:\Windows\System32\Drivers\Npfs.sys B298874F8E0EA93F06EC40AA8D146478
C:\Windows\System32\drivers\nsiproxy.sys 1523AF19EE8B030BA682F7A53537EAEB
C:\Windows\System32\Drivers\Ntfs.sys 2ACCAA3C3C55370A32F17B3595E1A217
C:\Windows\System32\Drivers\Null.sys DD5D684975352B85B52E3FD5347C20CB
C:\Windows\system32\drivers\nvraid.sys 2C040B7ADA5B06F6FACADAC8514AA034
C:\Windows\system32\drivers\nvstor.sys F7EA0FE82842D05EDA3EFDD376DBFDBA
C:\Windows\system32\drivers\nv_agp.sys 19067CA93075EF4823E3938A686F532F
C:\Windows\System32\DRIVERS\ohci1394.sys B5B1CE65AC15BBD11C0619E3EF7CFC28
C:\Windows\system32\drivers\parport.sys AECD57F94C887F58919F307C35498EA0
C:\Windows\System32\drivers\partmgr.sys B43751085E2ABE389DA466BC62A4B987
C:\Windows\System32\drivers\pci.sys 47AB1E0FC9D0E12BB53BA246E3A0906D
C:\Windows\system32\drivers\pciide.sys 8D618C829034479985A9ED56106CC732
C:\Windows\system32\drivers\pcmcia.sys 037661F3D7C507C9993B7010CEEE6288
C:\Windows\System32\drivers\peauth.sys 58865916F53592A61549B04941BFD80D
C:\Windows\System32\DRIVERS\LV302V64.SYS 37EA62238E17AE88E4713D9246CA1C1C
C:\Windows\System32\DRIVERS\raspptp.sys 23386E9952025F5F21C368971E2E7301
C:\Windows\system32\drivers\processr.sys 5080E59ECEE0BC923F14018803AA7A01
C:\Windows\System32\DRIVERS\PS2.sys 1D0A3F565397D08707F3D75B88586645
C:\Windows\System32\DRIVERS\pacer.sys C5AB7F0809392D0DA027F4A2A81BFA31
C:\Windows\system32\drivers\ql2300.sys 0B83F4E681062F3839BE2EC1D98FD94A
C:\Windows\system32\drivers\ql40xx.sys E1C80F8D4D1E39EF9595809C1369BF2A
C:\Windows\system32\drivers\qwavedrv.sys E8D76EDAB77EC9C634C27B8EAC33ADC5
C:\Windows\System32\DRIVERS\rasacd.sys 1013B3B663A56D3DDD784F581C1BD005
C:\Windows\System32\DRIVERS\rasl2tp.sys AC7BC4D42A7E558718DFDEC599BBFC2C
C:\Windows\System32\DRIVERS\raspppoe.sys 4517FBF8B42524AFE4EDE1DE102AAE3E
C:\Windows\System32\DRIVERS\rassstp.sys C6A593B51F34C33E5474539544072527
C:\Windows\System32\DRIVERS\rdbss.sys 322DB5C6B55E8D8EE8D6F358B2AAABB1
C:\Windows\System32\DRIVERS\RDPCDD.sys 603900CC05F6BE65CCBF373800AF3716
C:\Windows\system32\drivers\rdpdr.sys C045D1FB111C28DF0D1BE8D4BDA22C06
C:\Windows\System32\drivers\rdpencdd.sys CAB9421DAF3D97B33D0D055858E2C3AB
C:\Windows\System32\Drivers\RDPWD.sys AE4BD9E1C33D351D8E607FC81F15160C
C:\Windows\System32\DRIVERS\rspndr.sys 22A9CB08B1A6707C1550C6BF099AAE73
C:\Windows\System32\DRIVERS\Rtlh64.sys D53C84EC99AB4D78A90001E5CE5386EC
C:\Windows\system32\drivers\sbp2port.sys CD9C693589C60AD59BBBCFB0E524E01B
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ser2pl64.sys 9F6490423AC3271E84A90A0DD9D30A3B
C:\Windows\System32\DRIVERS\serenum.sys F71BFE7AC6C52273B7C82CBF1BB2A222
C:\Windows\system32\drivers\serial.sys E62FAC91EE288DB29A9696A9D279929C
C:\Windows\system32\drivers\sermouse.sys A842F04833684BCEEA7336211BE478DF
C:\Windows\system32\drivers\sffdisk.sys 14D4B4465193A87C127933978E8C4106
C:\Windows\system32\drivers\sffp_mmc.sys 7073AEE3F82F3D598E3825962AA98AB2
C:\Windows\system32\drivers\sffp_sd.sys 35E59EBE4A01A0532ED67975161C7B82
C:\Windows\system32\drivers\sfloppy.sys 6B7838C94135768BD455CBDC23E39E5F
C:\Windows\system32\drivers\sisraid2.sys 7A5DE502AEB719D4594C6471060A78B3
C:\Windows\system32\drivers\sisraid4.sys 3A2F769FAB9582BC720E11EA1DFB184D
C:\Windows\System32\DRIVERS\smb.sys 290B6F6A0EC4FCDFC90F5CB6D7020473
C:\Windows\System32\DRIVERS\snp2sxp.sys AC8F1EF394FAF226B64A8E937E6D812B
C:\Windows\System32\Drivers\spldr.sys 386C3C63F00A7040C7EC5E384217E89D
C:\Windows\System32\Drivers\N360x64\1502000.026\SRTSP64.SYS F718A57D946EAC76EFCB351D74E269F4
C:\Windows\system32\drivers\N360x64\1502000.026\SRTSPX64.SYS B18CE01B9C09C59422BA7C7064248B35
C:\Windows\System32\DRIVERS\srv.sys 880A57FCCB571EBD063D4DD50E93E46D
C:\Windows\System32\DRIVERS\srv2.sys A1AD14A6D7A37891FFFECA35EBBB0730
C:\Windows\System32\DRIVERS\srvnet.sys 4BED62F4FA4D8300973F1151F4C4D8A7
C:\Windows\System32\DRIVERS\sscdbus.sys F4F1E1FF6986FE8914525AF751EA3EAC
C:\Windows\System32\DRIVERS\sscdmdfl.sys 5447690D2CFE1BDE1BE3A5A5A3E2F796
C:\Windows\System32\DRIVERS\sscdmdm.sys BFDA292053AEB76A0C1D63B2279D5138
C:\Windows\System32\DRIVERS\sscdserd.sys 208731A751357DD71C5A0345C77AFD0A
C:\Windows\System32\DRIVERS\serscan.sys 14B4DB4381E4A55F570D8BB699B791D6
C:\Windows\System32\DRIVERS\swenum.sys 8A851CA908B8B974F89C50D2E18D4F0C
C:\Windows\system32\drivers\symc8xx.sys 2F26A2C6FC96B29BEFF5D8ED74E6625B
C:\Windows\System32\drivers\N360x64\1502000.026\SYMDS64.SYS 5C9EE2303CA7F267665D75237862B39C
C:\Windows\System32\drivers\N360x64\1502000.026\SYMEFA64.SYS 9F31630D7FC2DD9D5DA1CE359AAD1F46
C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 97E11C50CE52277B377396EA8838E539
C:\Windows\system32\drivers\N360x64\1502000.026\Ironx64.SYS 48C2934683CBD06F662B088EEF49EF6A
C:\Windows\System32\Drivers\N360x64\1502000.026\SYMTDIV.SYS 018D1F8343C301B4AF9DD042D2FFBCC8
C:\Windows\system32\drivers\sym_hi.sys A909667976D3BCCD1DF813FED517D837
C:\Windows\system32\drivers\sym_u3.sys 36887B56EC2D98B9C362F6AE4DE5B7B0
C:\Windows\System32\drivers\tcpip.sys C2CB949645C299E23FBFD26CAD3FC96E
C:\Windows\System32\DRIVERS\tcpip.sys C2CB949645C299E23FBFD26CAD3FC96E
C:\Windows\System32\drivers\tcpipreg.sys C7E72A4071EE0200E3C075DACFB2B334
C:\Windows\System32\drivers\tdpipe.sys 1D8BF4AAA5FB7A2761475781DC1195BC
C:\Windows\System32\drivers\tdtcp.sys 7F7E00CDF609DF657F4CDA02DD1C9BB1
C:\Windows\System32\DRIVERS\tdx.sys 458919C8C42E398DC4802178D5FFEE27
C:\Windows\System32\DRIVERS\termdd.sys 8C19678D22649EC002EF2282EAE92F98
C:\Windows\System32\DRIVERS\tssecsrv.sys B2388462329ACD17AF50D8701E0C1B18
C:\Windows\System32\DRIVERS\tunmp.sys 89EC74A9E602D16A75A4170511029B3C
C:\Windows\System32\DRIVERS\tunnel.sys 30A9B3F45AD081BFFC3BCAA9C812B609
C:\Windows\system32\drivers\uagp35.sys FEC266EF401966311744BD0F359F7F56
C:\Windows\System32\DRIVERS\udfs.sys FAF2640A2A76ED03D449E443194C4C34
C:\Windows\system32\drivers\uliagpkx.sys 4EC9447AC3AB462647F60E547208CA00
C:\Windows\system32\drivers\uliahci.sys 697F0446134CDC8F99E69306184FBBB4
C:\Windows\system32\drivers\ulsata.sys 31707F09846056651EA2C37858F5DDB0
C:\Windows\system32\drivers\ulsata2.sys 85E5E43ED5B48C8376281BAB519271B7
C:\Windows\System32\DRIVERS\umbus.sys 46E9A994C4FED537DD951F60B86AD3F4
C:\Windows\System32\drivers\usbaudio.sys A565B509000BD3E42A9B93B9FFD40D3D
C:\Windows\System32\DRIVERS\usbccgp.sys 858CC93477F9A9383E07861892600FF9
C:\Windows\system32\drivers\usbcir.sys 9247F7E0B65852C1F6631480984D6ED2
C:\Windows\System32\DRIVERS\usbehci.sys 82C3790E4E6F35087EF00994C7A72988
C:\Windows\System32\DRIVERS\usbhub.sys BE2EB33AF6EE2E5DA07EB987E0A321F5
C:\Windows\system32\drivers\usbohci.sys EBA14EF0C07CEC233F1529C698D0D154
C:\Windows\System32\DRIVERS\usbprint.sys 28B693B6D31E7B9332C1BDCEFEF228C1
C:\Windows\System32\DRIVERS\USBSTOR.SYS B854C1558FCA0C269A38663E8B59B581
C:\Windows\System32\DRIVERS\usbuhci.sys 308F6DDC052C970D679DA37D8A305279
C:\Windows\System32\Drivers\usbvideo.sys BF7A051DCCBA57C95541135B29CE0FB4
C:\Windows\System32\DRIVERS\vgapnp.sys 916B94BCF1E09873FFF2D5FB11767BBC
C:\Windows\System32\drivers\vga.sys B83AB16B51FEDA65DD81B8C59D114D63
C:\Windows\system32\drivers\viaide.sys 8294B6C3FDB6C33F24E150DE647ECDAA
C:\Windows\System32\drivers\volmgr.sys 2B7E885ED951519A12C450D24535DFCA
C:\Windows\System32\drivers\volmgrx.sys CEC5AC15277D75D9E5DEC2E1C6EAF877
C:\Windows\System32\drivers\volsnap.sys 582F710097B46140F5A89A19A6573D4B
C:\Windows\system32\drivers\vsmraid.sys A68F455ED2673835209318DD61BFBB0E
C:\Windows\system32\drivers\wacompen.sys FEF8FE5923FEAD2CEE4DFABFCE3393A7
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\System32\DRIVERS\wanarp.sys B8E7049622300D20BA6D8BE0C47C0CFD
C:\Windows\system32\drivers\wd.sys 0C17A0816F65B89E362E682AD5E7266E
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\system32\drivers\wmiacpi.sys E18AEBAAA5A773FE11AA2C70F65320F5
C:\Windows\System32\DRIVERS\wpdusb.sys 5E2401B3FC1089C90E081291357371A9
C:\Windows\system32\drivers\ws2ifsl.sys 8A900348370E359B6BFF6A550E4649E1
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-04-22 14:24 - 2014-04-22 14:24 - 00000000 ____D () C:\FRST
2014-04-22 14:00 - 2014-04-22 14:00 - 00005307 _____ () C:\Users\ernie\Desktop\RKreport[0]_D_04222014_140000.txt
2014-04-22 13:53 - 2014-04-22 13:53 - 00005242 _____ () C:\Users\ernie\Desktop\RKreport[0]_S_04222014_135322.txt
2014-04-22 13:28 - 2014-04-22 13:28 - 00005217 _____ () C:\Users\ernie\Desktop\RKreport[0]_S_04222014_132829.txt
2014-04-22 13:10 - 2014-04-22 13:10 - 00006185 _____ () C:\Users\ernie\Desktop\RKreport[0]_D_04222014_131020.txt
2014-04-22 12:54 - 2014-04-22 12:54 - 00006065 _____ () C:\Users\ernie\Desktop\RKreport[0]_S_04222014_125456.txt
2014-04-22 12:18 - 2014-04-22 14:23 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-22 12:17 - 2014-04-22 12:42 - 00000000 ____D () C:\Users\ernie\Desktop\mbar
2014-04-22 12:17 - 2014-04-22 11:20 - 00000110 _____ () C:\Users\ernie\Desktop\xxyx.txt
2014-04-21 16:18 - 2014-04-21 16:18 - 00000225 _____ () C:\Users\ernie\Desktop\router.txt
2014-04-16 12:00 - 2014-04-16 12:18 - 00018720 _____ () C:\Users\ernie\Desktop\MyContacts.csv
2014-04-16 09:48 - 2014-04-16 09:48 - 00921000 _____ (Oracle Corporation) C:\Users\ernie\Downloads\JavaSetup7u55.exe
2014-04-16 09:39 - 2014-03-17 22:02 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-16 09:38 - 2014-03-17 22:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-16 09:38 - 2014-03-17 22:02 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-16 09:38 - 2014-03-17 22:02 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-16 09:35 - 2014-04-16 09:38 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log
2014-04-15 18:09 - 2014-03-06 23:53 - 02925760 _____ (Sysinternals - www.sysinternals.com) C:\procexp.exe
2014-04-15 18:07 - 2014-03-06 23:53 - 02925760 _____ (Sysinternals - www.sysinternals.com) C:\Users\ernie\Desktop\procexp.exe
2014-04-15 18:06 - 2014-04-16 10:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-15 08:43 - 2014-04-15 08:43 - 04968079 _____ (Tim Kosse) C:\Users\ernie\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-04-10 20:00 - 2014-04-22 13:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-10 19:57 - 2014-04-10 19:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-10 19:57 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-10 19:57 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-09 08:04 - 2014-03-08 00:54 - 17848832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 08:04 - 2014-03-08 00:06 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-09 08:04 - 2014-03-07 23:49 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-09 08:04 - 2014-03-07 23:41 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-09 08:04 - 2014-03-07 23:40 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-09 08:04 - 2014-03-07 23:39 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-09 08:04 - 2014-03-07 23:38 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-09 08:04 - 2014-03-07 23:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-09 08:04 - 2014-03-07 23:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-09 08:04 - 2014-03-07 23:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-09 08:04 - 2014-03-07 23:33 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-09 08:04 - 2014-03-07 23:32 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-09 08:04 - 2014-03-07 23:32 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-09 08:04 - 2014-03-07 23:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-09 08:04 - 2014-03-07 23:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 08:04 - 2014-03-07 23:24 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-09 08:04 - 2014-03-07 19:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 08:04 - 2014-03-07 19:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-09 08:04 - 2014-03-07 19:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-09 08:04 - 2014-03-07 19:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-09 08:04 - 2014-03-07 19:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-09 08:04 - 2014-03-07 19:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-09 08:04 - 2014-03-07 19:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-09 08:04 - 2014-03-07 18:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-09 08:04 - 2014-03-07 18:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-09 08:04 - 2014-03-07 18:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-09 08:04 - 2014-03-07 18:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-09 08:04 - 2014-03-07 18:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-09 08:04 - 2014-03-07 18:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-09 08:04 - 2014-03-07 18:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 08:04 - 2014-03-07 18:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-09 08:04 - 2014-03-07 18:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-09 03:47 - 2014-02-06 00:21 - 01212416 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 03:47 - 2014-02-05 21:57 - 00861696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-29 14:02 - 2014-03-29 14:02 - 00025815 _____ () C:\Users\ernie\Desktop\Coin Collection for dealers.xlsx
2014-03-28 09:10 - 2014-03-28 09:10 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
 
==================== One Month Modified Files and Folders =======
 
2014-04-22 14:24 - 2014-04-22 14:24 - 00000000 ____D () C:\FRST
2014-04-22 14:24 - 2010-05-19 13:38 - 00000000 ____D () C:\oh stuff
2014-04-22 14:23 - 2014-04-22 12:18 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-04-22 14:19 - 2011-02-04 15:29 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-22 14:19 - 2011-02-04 15:29 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-22 14:00 - 2014-04-22 14:00 - 00005307 _____ () C:\Users\ernie\Desktop\RKreport[0]_D_04222014_140000.txt
2014-04-22 13:54 - 2012-08-01 17:15 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-926887384-2398991121-4048484460-1000UA.job
2014-04-22 13:53 - 2014-04-22 13:53 - 00005242 _____ () C:\Users\ernie\Desktop\RKreport[0]_S_04222014_135322.txt
2014-04-22 13:49 - 2006-11-02 08:46 - 00759582 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-22 13:48 - 2009-04-02 16:10 - 01756237 _____ () C:\Windows\WindowsUpdate.log
2014-04-22 13:44 - 2014-04-10 20:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-22 13:43 - 2012-09-11 13:32 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-22 13:41 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-22 13:40 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-22 13:40 - 2006-11-02 11:22 - 00003616 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-22 13:37 - 2006-11-02 11:42 - 00032562 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-22 13:28 - 2014-04-22 13:28 - 00005217 _____ () C:\Users\ernie\Desktop\RKreport[0]_S_04222014_132829.txt
2014-04-22 13:11 - 2009-05-07 11:06 - 00168448 _____ () C:\Users\ernie\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-22 13:10 - 2014-04-22 13:10 - 00006185 _____ () C:\Users\ernie\Desktop\RKreport[0]_D_04222014_131020.txt
2014-04-22 12:54 - 2014-04-22 12:54 - 00006065 _____ () C:\Users\ernie\Desktop\RKreport[0]_S_04222014_125456.txt
2014-04-22 12:42 - 2014-04-22 12:17 - 00000000 ____D () C:\Users\ernie\Desktop\mbar
2014-04-22 12:18 - 2009-05-06 21:42 - 00000000 ____D () C:\Users\ernie\AppData\Roaming\POP Peeper
2014-04-22 11:57 - 2010-05-18 14:06 - 00000732 _____ () C:\Users\ernie\AppData\Local\d3d9caps64.dat
2014-04-22 11:20 - 2014-04-22 12:17 - 00000110 _____ () C:\Users\ernie\Desktop\xxyx.txt
2014-04-22 09:39 - 2008-01-20 23:26 - 01429972 _____ () C:\Windows\PFRO.log
2014-04-22 09:26 - 2009-05-11 15:53 - 00000000 ____D () C:\Users\ernie\AppData\Roaming\Binary Boy
2014-04-22 01:54 - 2012-08-01 17:15 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-926887384-2398991121-4048484460-1000Core.job
2014-04-21 16:18 - 2014-04-21 16:18 - 00000225 _____ () C:\Users\ernie\Desktop\router.txt
2014-04-21 09:13 - 2010-12-14 15:15 - 00000000 ____D () C:\Users\ernie\AppData\Roaming\vlc
2014-04-21 09:05 - 2009-08-21 12:20 - 00000317 _____ () C:\Windows\1way.ini
2014-04-20 22:00 - 2009-05-23 19:48 - 00000000 ____D () C:\Users\ernie\AppData\Local\QuickPar
2014-04-17 22:48 - 2012-09-11 13:32 - 00003682 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-17 22:48 - 2012-03-31 12:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-17 22:48 - 2011-06-06 00:47 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-17 22:48 - 2009-05-07 08:30 - 00000000 ____D () C:\Users\ernie\AppData\Local\Adobe
2014-04-17 22:40 - 2006-11-02 08:34 - 00000237 _____ () C:\Windows\win.ini
2014-04-17 17:06 - 2010-12-20 13:55 - 00000000 ____D () C:\Users\ernie\AppData\Roaming\FileZilla
2014-04-16 18:49 - 2010-05-10 10:27 - 00000000 ____D () C:\Users\ernie\AppData\Roaming\HpUpdate
2014-04-16 12:18 - 2014-04-16 12:00 - 00018720 _____ () C:\Users\ernie\Desktop\MyContacts.csv
2014-04-16 10:46 - 2014-04-15 18:06 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-16 10:25 - 2009-05-11 15:53 - 00000000 ____D () C:\Users\ernie\Documents\Binary Boy
2014-04-16 09:48 - 2014-04-16 09:48 - 00921000 _____ (Oracle Corporation) C:\Users\ernie\Downloads\JavaSetup7u55.exe
2014-04-16 09:39 - 2013-10-19 13:33 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-16 09:38 - 2014-04-16 09:35 - 00004129 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_55-b13.log
2014-04-16 09:38 - 2013-07-07 16:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-15 08:45 - 2010-12-20 13:55 - 00000000 ____D () C:\Program Files (x86)\FileZilla FTP Client
2014-04-15 08:43 - 2014-04-15 08:43 - 04968079 _____ (Tim Kosse) C:\Users\ernie\Downloads\FileZilla_3.8.0_win32-setup.exe
2014-04-13 19:52 - 2013-07-24 19:32 - 00001022 _____ () C:\Users\Public\Desktop\Vz  In-Home Agent.lnk
2014-04-10 19:57 - 2014-04-10 19:57 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-10 19:57 - 2010-05-18 15:05 - 00000000 ____D () C:\Users\ernie\AppData\Roaming\Malwarebytes
2014-04-10 19:57 - 2010-05-18 15:04 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-09 08:44 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\spool
2014-04-09 08:33 - 2012-08-01 17:17 - 00002084 _____ () C:\Users\ernie\Desktop\Google Chrome.lnk
2014-04-09 08:03 - 2009-05-06 21:49 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-04-09 08:02 - 2013-08-14 03:11 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-09 07:57 - 2006-11-02 08:35 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-04-09 07:37 - 2009-05-06 19:40 - 00000456 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2014-04-06 11:46 - 2014-01-20 15:59 - 00000817 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-04-06 11:02 - 2009-05-06 21:58 - 00000000 ____D () C:\EBW
2014-04-04 22:30 - 2011-07-24 09:58 - 00000000 ____D () C:\Users\ernie\AppData\Local\CrashDumps
2014-04-03 09:51 - 2014-04-10 19:57 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-10 19:57 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2010-05-18 15:04 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-29 14:14 - 2011-02-04 15:29 - 00003892 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-29 14:14 - 2011-02-04 15:29 - 00003640 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-29 14:02 - 2014-03-29 14:02 - 00025815 _____ () C:\Users\ernie\Desktop\Coin Collection for dealers.xlsx
2014-03-28 09:10 - 2014-03-28 09:10 - 00000000 ____D () C:\Windows\System32\Tasks\Norton 360
2014-03-28 09:04 - 2009-05-06 19:51 - 00000000 ____D () C:\Windows\system32\Drivers\N360x64
2014-03-28 09:03 - 2012-06-04 13:43 - 00003206 _____ () C:\Windows\System32\Tasks\Norton WSC Integration
2014-03-26 01:49 - 2012-08-01 17:15 - 00003792 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-926887384-2398991121-4048484460-1000UA
2014-03-26 01:49 - 2012-08-01 17:15 - 00003396 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-926887384-2398991121-4048484460-1000Core
2014-03-24 10:40 - 2012-04-27 15:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-23 19:10 - 2013-10-11 11:38 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
 
Some content of TEMP:
====================
C:\Users\ernie\AppData\Local\Temp\ntdll_dump.dll
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-us
inherit                 {globalsettings}
default                 {current}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30
resume                  No
customactions           0x1000085000001
                        0x54000001
custom:54000001         {863df33e-9817-11dc-b72e-001b24047e4e}
 
Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Microsoft Windows Vista
locale                  en-us
inherit                 {bootloadersettings}
recoverysequence        {572bcd55-ffa7-11d9-aae2-0007e994107d}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {1eb3a075-fda5-11dd-81b8-00248c07366c}
nx                      OptIn
 
Windows Boot Loader
-------------------
identifier              {572bcd55-ffa7-11d9-aae2-0007e994107d}
device                  ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             HP Recovery Manager
osdevice                ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes
 
Windows Boot Loader
-------------------
identifier              {863df33e-9817-11dc-b72e-001b24047e4e}
device                  ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
path                    \windows\system32\boot\winload.exe
description             F11 Boot from BCD
osdevice                ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
systemroot              \windows
nx                      OptIn
detecthal               Yes
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {1eb3a075-fda5-11dd-81b8-00248c07366c}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
Windows Legacy OS Loader
------------------------
identifier              {ntldr}
device                  partition=C:
path                    \ntldr
description             Earlier Version of Windows
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
extendedinput           Yes
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {ad6c7bc8-fa0f-11da-8ddf-0013200354d8}
description             Ramdisk Device Options
ramdisksdidevice        partition=D:
ramdisksdipath          \boot\boot.sdi
 
Setup Ramdisk Options
---------------------
identifier              {ramdiskoptions}
description             RAM Disk Settings
ramdisksdidevice        partition=D:
ramdisksdipath          \boot\boot.sdi
 
 
 
LastRegBack: 2014-04-22 13:47
 
==================== End Of Log ============================
 
 
Link to post
Share on other sites

  • 3 weeks later...
  • 1 month later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.