Go Back   Cyber Tech Help Support Forums > Software > Malware Removal Forum

Notices

Reply
 
Topic Tools
  #1  
Old December 26th, 2013, 01:41 AM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
Browser Hijacked-websearch.searchsunmy.info

Hi and Happy Holidays
My laptop has been infected with among other things websearch.searchsunmy.info. There is also
a new folder named Sk.Enabler with a file named "uninstall".
I ran malwarebytes and 32 items were removed most starting with PUP.Optional.
the full URL of the hijack link is
http://websearch.searchsunmy.info/?p...cc=US&unqvl=45
I'd appreciate any help to clean my machine.
Thank you!
Deborah
Reply With Quote


  #2  
Old December 26th, 2013, 01:05 PM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,431
Hello, Deborah
Welcome to the CyberTechHelp Forums. My name is Thomas (Tom is fine), and I will be helping you fixing your problems.



Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools. Doing so could cause changes to the directions I have to give you and prolong the time required. Further more, you should not be taking any advice relating to this computer from any other source throughout the course of this fix.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing. I would much rather clarify instructions or explain them differently than have something important broken.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean". We do not want to clean you part-way, only to have the system re-infect itself.
  • Do not start a new topic. The logs that you post should be pasted directly into the reply. Only attach them if requested or if they do not fit into the post.
  • Please set your system to show all files.
    Click Start, open My Computer, select the Tools menu and click Folder Options.
    Select the View Tab. Under the Hidden files and folders heading, select Show hidden files and folders.
    Uncheck: Hide file extensions for known file types
    Uncheck the Hide protected operating system files (recommended) option.
    Click Yes to confirm.



For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to the desktop.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to the desktop.

Please run it and click Scan, post back with the 2 logfiles.
Reply With Quote
  #3  
Old December 26th, 2013, 03:12 PM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
Thanks for your reply
I have attempted to download Farbar Recovery Tool and Firefox redirects to bad sites and many pop ups.
I tried Internet Explorer and on the bottom of bleeping.com page is pop up message in yellow bar along bottom of page:
Do you want to run or save FRST.exe from bleepingcomputer.com? click RUN or SAVE
Is this legitimate download link ? I do not use IE often --
Thank you
Deborah
Reply With Quote
  #4  
Old December 27th, 2013, 12:14 AM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
Tom:
I have posted the two logfile reports requested in two postings:
Deborah
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-12-2013
Ran by Kevin (administrator) on KEVIN-PC on 26-12-2013 17:54:02
Running from C:\Users\Kevin\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe
() C:\Program Files\IDriveWindows\idwservice_600.exe
() C:\Program Files\IDriveWindows\idwadminsrv.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
( ) C:\Program Files\IDriveWindows\idw_web.exe
(Pro Softnet Corporation) C:\Program Files\IDriveWindows\idwbg_600.exe
(Prosoftnet Corp) C:\Program Files\IDriveWindows\idrivetray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Spotify Ltd) C:\Users\Kevin\AppData\Roaming\Spotify\Data\Spotif yWebHelper.exe
(Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe
() C:\Windows\SMINST\BLService.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Spotify Ltd) C:\Users\Kevin\AppData\Roaming\Spotify\spotify.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Viewpoint Corporation) C:\Program Files\Viewpoint\Common\ViewpointService.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
() C:\Users\Kevin\AppData\Roaming\Spotify\Data\Spotif yHelper.exe
() C:\Users\Kevin\AppData\Roaming\Spotify\Data\Spotif yHelper.exe
() C:\Users\Kevin\AppData\Roaming\Spotify\Data\Spotif yHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Users\Kevin\AppData\Roaming\Spotify\Data\Spotif yHelper.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(iAnywhere Solutions, Inc.) C:\Program Files\Intuit\QuickBooks 2008\QBDBMgr.exe
(iAnywhere Solutions, Inc.) C:\Program Files\Intuit\QuickBooks 2008\QBDBMgr.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(RealNetworks, Inc.) C:\Program Files\RealNetworks\RealDownloader\recordingmanager .exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [QPService] - C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-06-12] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e [222504 2007-12-24] (CyberLink Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-25] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [PeachtreePrefetcher.exe] - C:\Program Files\Sage\Peachtree\PeachtreePrefetcher.exe [30064 2012-10-23] (Sage Software, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Plugin Install] - C:\Program Files\QuickTime\Plugins\DeleteMe1.exe [86016 2012-11-18] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295072 2013-01-12] (RealNetworks, Inc.)
HKLM\...\Run: [MaxMenuMgr] - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe [197928 2009-12-18] (Seagate LLC)
HKLM\...\Run: [IDrive Background process] - C:\Program Files\IDriveWindows\idwbg_600.exe [43608 2013-07-23] (Pro Softnet Corporation)
HKLM\...\Run: [IDrive Tray] - C:\Program Files\IDriveWindows\idrivetray.exe [854104 2013-07-23] (Prosoftnet Corp)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Kevin\AppData\Roaming\Spotify\Data\Spotif yWebHelper.exe [1168896 2013-12-08] (Spotify Ltd)
HKCU\...\Run: [DW6] - "C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe"
HKCU\...\Run: [Spotify] - C:\Users\Kevin\AppData\Roaming\Spotify\spotify.exe [5951488 2013-12-08] (Spotify Ltd)
HKCU\...\Run: [IDrive Background process] - C:\Program Files\IDriveWindows\idwbg_600.exe [43608 2013-07-23] (Pro Softnet Corporation)
HKCU\...\Run: [IDrive Tray] - C:\Program Files\IDriveWindows\idrivetray.exe [854104 2013-07-23] (Prosoftnet Corp)
HKCU\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe [455744 2013-12-10] (BillP Studios)
MountPoints2: {185e47b3-8c8b-11e1-abd2-001f16496176} - F:\setup.exe -a
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
AppInit_DLLs: c:\progra~1\sk7523~1.ena\psupport.dll [ ] ()
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...esario&pf=cnnb
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.com/?rlz=1W4CHBA_enUS553
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope {B4A538D5-ED95-4D15-8766-D7AF38B16F34} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
SearchScopes: HKLM - {266A3802-8562-4677-BE83-047E5A427D0F} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKLM - {B4A538D5-ED95-4D15-8766-D7AF38B16F34} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
SearchScopes: HKLM - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.searchsunmy.info/?l=1&q={searchTerms}&pid=34&r=2013/12/24&hid=7607547261751608629&lg=EN&cc=US&unqvl=45
SearchScopes: HKCU - DefaultScope {B4A538D5-ED95-4D15-8766-D7AF38B16F34} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
SearchScopes: HKCU - {266A3802-8562-4677-BE83-047E5A427D0F} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKCU - {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = http://www.ask.com/web?q={SEARCHTERMS}&o=15527&l=dis&prt=360&chn=s112 2&geo=US&ver=5
SearchScopes: HKCU - {B4A538D5-ED95-4D15-8766-D7AF38B16F34} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order. 1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF Homepage: hxxp://websearch.searchsunmy.info/?pid=34&r=2013/12/24&hid=7607547261751608629&lg=EN&cc=US&unqvl=45
FF Keyword.URL: hxxp://websearch.searchsunmy.info/?pid=34&r=2013/12/24&hid=7607547261751608629&lg=EN&cc=US&unqvl=45&l= 1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_90 0_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlchromebrowserrecordex t.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlpepperflashvideoshim. dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\npdlplugin.dll (RealDownloader)
FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @viewpoint.com/VMP - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll ()
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Kevin\AppData\Local\Citrix\Plugins\104\np appdetector.dll (Citrix Online)
FF SearchPlugin: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\searchplugins\safesearch.xm l
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\safesearch.xml
FF Extension: 20-20 3D Viewer - IKEA - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\Extensions\2020Player_IKEA@ 2020Technologies.com
FF Extension: greatsaver - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\Extensions\drxfttgb@awo.org
FF Extension: YoutubeAdblocker - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\Extensions\g.eayy@oslhxbiap al.edu
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: WOT - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: Bitdefender QuickScan - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext\

Chrome:
=======
CHR HomePage: hxxp://websearch.searchsunmy.info/?pid=34&r=2013/12/24&hid=7607547261751608629&lg=EN&cc=US&unqvl=45
CHR RestoreOnStartup: "hxxp://websearch.searchsunmy.info/?pid=34&r=2013/12/24&hid=7607547261751608629&lg=EN&cc=US&unqvl=45"
CHR Extension: (WOT) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpb ikblnp\1.4.6_0
CHR Extension: (YoutubeAdblocker) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoddonhaboomeaoifhlmejajef akhdeb\1.0
CHR Extension: (RealDownloader) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjb npdiji\1.3.0_0
CHR Extension: (greatsaver) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpegmfjmfkmlbclffnfiagdfc eedafm\2.7
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Chrome\Ext\realdownloader.crx

========================== Services (Whitelisted) =================

R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe [189736 2009-12-18] (Seagate Technology LLC)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard)
R2 IDriveService; C:\Program Files\IDriveWindows\idwservice_600.exe [182872 2013-07-23] ()
R2 IDWAdmin; C:\Program Files\IDriveWindows\idwadminsrv.exe [125528 2013-07-23] ()
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S3 Peachtree SmartPosting 2011; C:\Program Files\Sage\Peachtree\SmartPostingService2011.exe [44400 2012-10-23] (Sage Software, Inc.)
R2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435496 2009-08-13] (Pervasive Software Inc.)
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe [38608 2012-11-29] ()
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 Viewpoint Manager Service; C:\Program Files\Viewpoint\Common\ViewpointService.exe [24652 2007-01-04] (Viewpoint Corporation)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\ 20111223.001\BHDrvx86.sys [820344 2011-11-30] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-11-13] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2011-11-13] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\2 0120120.002\IDSvix86.sys [368248 2011-08-17] (Symantec Corporation)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs \20120121.009\NAVENG.SYS [86136 2011-08-05] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs \20120121.009\NAVEX15.SYS [1576312 2011-08-05] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP .SYS [516216 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\0501000.01D\SRTSP X.SYS [50168 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\0501000.01D\SYMDS .SYS [340088 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0501000.01D\SYMEF A.SYS [744568 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-08-05] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [24112 2008-02-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\0501000.01D\Ironx 86.SYS [136312 2010-11-15] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\0501000.01D\SYMNE TS.SYS [299640 2011-07-08] (Symantec Corporation)
S1 MpKslb279df3e; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{53EB6210-06D0-452D-9115-4D752ADB8E37}\MpKslb279df3e.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-26 17:54 - 2013-12-26 17:54 - 00023102 _____ C:\Users\Kevin\Desktop\FRST.txt
2013-12-26 17:53 - 2013-12-26 17:53 - 00000000 ____D C:\FRST
2013-12-26 17:53 - 2013-12-26 09:19 - 01061649 _____ (Farbar) C:\Users\Kevin\Desktop\FRST.exe
2013-12-26 09:23 - 2013-12-26 09:23 - 01061649 _____ (Farbar) C:\Users\Kevin\Downloads\FRST (1).exe
2013-12-26 09:19 - 2013-12-26 09:19 - 01061649 _____ (Farbar) C:\Users\Kevin\Downloads\FRST.exe
2013-12-25 19:09 - 2013-12-25 19:10 - 00000000 ____D C:\ProgramData\Sophos
2013-12-25 19:05 - 2013-12-25 19:06 - 81188920 _____ (Sophos Limited) C:\Users\Kevin\Downloads\Sophos Virus Removal Tool(1).exe
2013-12-24 23:18 - 2013-12-25 13:13 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\QuickScan
2013-12-24 23:05 - 2013-12-24 23:13 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-24 23:05 - 2013-12-24 23:06 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-24 23:05 - 2013-12-24 23:05 - 00002123 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-24 23:05 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2013-12-24 22:56 - 2013-12-24 22:57 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Kevin\Downloads\spybot-2.2.exe
2013-12-24 16:54 - 2013-12-26 17:41 - 00000444 ____H C:\Windows\Tasks\SK.Enabler-S-1495795506.job
2013-12-24 16:54 - 2013-12-24 22:09 - 00000000 ____D C:\ProgramData\YoutubeAdblocker
2013-12-24 16:54 - 2013-12-24 22:09 - 00000000 ____D C:\ProgramData\surof And keep
2013-12-24 16:54 - 2013-12-24 22:09 - 00000000 ____D C:\Program Files\YoutubeAdblocker
2013-12-24 16:54 - 2013-12-24 22:09 - 00000000 ____D C:\Program Files\WebSearch
2013-12-24 16:54 - 2013-12-24 22:09 - 00000000 ____D C:\Program Files\surof And keep
2013-12-24 16:54 - 2013-12-24 22:09 - 00000000 ____D C:\Program Files\Sk.Enabler
2013-12-24 16:54 - 2013-12-24 16:55 - 113416097 _____ C:\Users\Kevin\Desktop\Christmas Morning.zip
2013-12-24 16:54 - 2013-12-24 16:55 - 00000000 ____D C:\ProgramData\QuickSet
2013-12-24 16:54 - 2013-12-24 16:54 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\SendSpace
2013-12-24 16:54 - 2013-12-24 16:54 - 00000000 ____D C:\ProgramData\a0917284ad6b8d96
2013-12-17 11:49 - 2013-12-26 17:35 - 00000000 ____D C:\Users\Kevin\Desktop\Keebler
2013-12-12 16:50 - 2013-12-12 17:01 - 00000000 ____D C:\Users\Kevin\Desktop\QuickBooksAutoDataRecovery
2013-12-12 16:50 - 2013-12-12 16:50 - 00000000 ____D C:\Users\Kevin\Desktop\Restored_Neurocore, LLC_Files
2013-12-12 11:08 - 2013-12-26 17:36 - 00000000 ____D C:\Users\Kevin\Desktop\New folder
2013-11-30 00:24 - 2013-11-30 00:25 - 00000000 ____D C:\Program Files\Mozilla Firefox

==================== One Month Modified Files and Folders =======

2013-12-26 17:54 - 2013-12-26 17:54 - 00023102 _____ C:\Users\Kevin\Desktop\FRST.txt
2013-12-26 17:53 - 2013-12-26 17:53 - 00000000 ____D C:\FRST
2013-12-26 17:51 - 2013-08-11 00:36 - 00000000 ____D C:\Users\Kevin\Desktop\Table
2013-12-26 17:51 - 2010-01-28 17:59 - 01538067 _____ C:\Windows\WindowsUpdate.log
2013-12-26 17:51 - 2009-07-13 23:39 - 19399274 _____ C:\Windows\setupact.log
2013-12-26 17:50 - 2010-01-28 17:24 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-26 17:50 - 2010-01-28 17:24 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-26 17:49 - 2011-10-17 15:03 - 00000000 ____D C:\Users\Kevin\AppData\Local\Intuit
2013-12-26 17:47 - 2011-07-17 08:54 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Spotify
2013-12-26 17:43 - 2009-06-23 21:28 - 00000284 _____ C:\Users\Public\Documents\hpqp.ini
2013-12-26 17:42 - 2013-07-31 20:54 - 00000000 ____D C:\Program Files\IDriveWindows
2013-12-26 17:41 - 2013-12-24 16:54 - 00000444 ____H C:\Windows\Tasks\SK.Enabler-S-1495795506.job
2013-12-26 17:41 - 2011-09-04 08:37 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-26 17:41 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-26 17:36 - 2013-12-12 11:08 - 00000000 ____D C:\Users\Kevin\Desktop\New folder
2013-12-26 17:35 - 2013-12-17 11:49 - 00000000 ____D C:\Users\Kevin\Desktop\Keebler
2013-12-26 17:27 - 2012-04-14 08:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-26 17:21 - 2011-09-04 08:37 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-26 09:23 - 2013-12-26 09:23 - 01061649 _____ (Farbar) C:\Users\Kevin\Downloads\FRST (1).exe
2013-12-26 09:19 - 2013-12-26 17:53 - 01061649 _____ (Farbar) C:\Users\Kevin\Desktop\FRST.exe
2013-12-26 09:19 - 2013-12-26 09:19 - 01061649 _____ (Farbar) C:\Users\Kevin\Downloads\FRST.exe
2013-12-25 19:10 - 2013-12-25 19:09 - 00000000 ____D C:\ProgramData\Sophos
2013-12-25 19:06 - 2013-12-25 19:05 - 81188920 _____ (Sophos Limited) C:\Users\Kevin\Downloads\Sophos Virus Removal Tool(1).exe
2013-12-25 13:13 - 2013-12-24 23:18 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\QuickScan
2013-12-25 12:46 - 2010-01-28 17:49 - 00341272 _____ C:\Windows\PFRO.log
2013-12-24 23:13 - 2013-12-24 23:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-24 23:06 - 2013-12-24 23:05 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-24 23:05 - 2013-12-24 23:05 - 00002123 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-24 22:57 - 2013-12-24 22:56 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Kevin\Downloads\spybot-2.2.exe
2013-12-24 22:43 - 2011-04-10 21:11 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-24 22:13 - 2011-10-25 09:37 - 00000000 ____D C:\Windows\Intuit
2013-12-24 22:09 - 2013-12-24 16:54 - 00000000 ____D C:\ProgramData\YoutubeAdblocker
2013-12-24 22:09 - 2013-12-24 16:54 - 00000000 ____D C:\ProgramData\surof And keep
2013-12-24 22:09 - 2013-12-24 16:54 - 00000000 ____D C:\Program Files\YoutubeAdblocker
2013-12-24 22:09 - 2013-12-24 16:54 - 00000000 ____D C:\Program Files\WebSearch
2013-12-24 22:09 - 2013-12-24 16:54 - 00000000 ____D C:\Program Files\surof And keep
2013-12-24 22:09 - 2013-12-24 16:54 - 00000000 ____D C:\Program Files\Sk.Enabler
2013-12-24 22:09 - 2008-08-06 06:21 - 00000000 ____D C:\ProgramData\WildTangent
2013-12-24 17:03 - 2012-04-29 18:48 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-24 17:03 - 2012-04-29 18:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-24 16:55 - 2013-12-24 16:54 - 113416097 _____ C:\Users\Kevin\Desktop\Christmas Morning.zip
2013-12-24 16:55 - 2013-12-24 16:54 - 00000000 ____D C:\ProgramData\QuickSet
2013-12-24 16:54 - 2013-12-24 16:54 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\SendSpace
2013-12-24 16:54 - 2013-12-24 16:54 - 00000000 ____D C:\ProgramData\a0917284ad6b8d96
2013-12-18 23:02 - 2010-12-29 19:04 - 00000052 _____ C:\Windows\system32\DOErrors.log
2013-12-18 18:03 - 2011-07-17 08:54 - 00000000 ____D C:\Users\Kevin\AppData\Local\Spotify
2013-12-17 11:42 - 2010-01-28 18:11 - 00849456 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-14 12:06 - 2013-10-12 11:16 - 00000000 ____D C:\Users\Kevin\AppData\Local\Citrix
2013-12-12 17:01 - 2013-12-12 16:50 - 00000000 ____D C:\Users\Kevin\Desktop\QuickBooksAutoDataRecovery
2013-12-12 16:50 - 2013-12-12 16:50 - 00000000 ____D C:\Users\Kevin\Desktop\Restored_Neurocore, LLC_Files
2013-12-12 10:52 - 2013-07-31 20:54 - 00000000 ____D C:\Users\Kevin\AppData\Local\IDrive
2013-12-10 21:00 - 2010-04-03 17:11 - 00000000 ____D C:\Users\Kevin\AppData\Local\CrashDumps
2013-12-10 19:27 - 2012-04-14 08:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-10 19:27 - 2012-03-05 22:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-12-01 11:40 - 2012-05-06 19:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-11-30 00:25 - 2013-11-30 00:24 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-11-27 13:33 - 2012-02-26 21:30 - 00000710 _____ C:\Users\Kevin\AppData\Roaming\wklnhst.dat

Some content of TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\AdobeUpdater1234 5.exe
C:\Users\Kevin\AppData\Local\Temp\dibapi.dll
C:\Users\Kevin\AppData\Local\Temp\FastDownload.exe
C:\Users\Kevin\AppData\Local\Temp\lowproc.exe
C:\Users\Kevin\AppData\Local\Temp\SpotifyUpgrader. exe
C:\Users\Kevin\AppData\Local\Temp\stubhelper.dll
C:\Users\Kevin\AppData\Local\Temp\teaser.exe
C:\Users\Kevin\AppData\Local\Temp\The_Weather_Chan nel_Application.exe
C:\Users\Kevin\AppData\Local\Temp\{63A2510F-0303-4E51-AF12-F36E7B9EA37B}-20.0.1132.47_19.0.1084.56_chrome_updater.exe
C:\Users\Kevin\AppData\Local\Temp\{82C0C311-3FBA-4903-B9CF-74C327D4FA89}-25.0.1364.97_24.0.1312.57_chrome_updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-14 16:32

==================== End Of Log ============================
Reply With Quote
  #5  
Old December 27th, 2013, 12:15 AM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-12-2013
Ran by Kevin at 2013-12-26 17:55:13
Running from C:\Users\Kevin\Desktop
Boot Mode: Normal
================================================== ========


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Security Suite (Disabled - Up to date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
AS: Norton Security Suite (Disabled - Up to date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Security Suite (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}

==================== Installed Programs ======================

Update for Microsoft Office 2007 (KB2508958)
32 Bit HP CIO Components Installer (Version: 7.1.8)
7-Zip 9.20
Activation Assistant for the 2007 Microsoft Office suites
Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0)
ActiveCheck component for HP Active Support Library (Version: 3.0.0.2)
Adams Set Up an S-Corporation CD
Adobe AIR (Version: 2.7.1.19610)
Adobe Connect 9 Add-in (HKCU Version: 11,2,261,0)
Adobe Flash Player 11 Plugin (Version: 11.9.900.170)
Adobe Reader XI (Version: 11.0.00)
Adobe Shockwave Player (Version: 10.2.0.023)
AIM 6
Apple Application Support (Version: 2.3.4)
Apple Software Update (Version: 2.1.3.127)
Atheros Driver Installation Program (Version: 5.2)
BlackBerry App World Browser Plugin (Version: 3.1.0.6)
BlackBerry Desktop Software 7.1 (Version: 7.1.0.37)
BlackBerry Device Software Updater (Version: 7.0.0.31)
Bullzip PDF Printer 8.2.0.1394 (Version: 8.2.0.1394)
Business Contact Manager for Outlook 2007 SP2 (Version: 3.0.8619.1)
Cisco EAP-FAST Module (Version: 2.1.6)
Cisco LEAP Module (Version: 1.0.12)
Cisco PEAP Module (Version: 1.0.13)
Citrix Online Launcher (Version: 1.0.162)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HD Audio (Version: 4.58.1.0)
Crystal Reports 2008 Runtime SP1 (Version: 12.1.0.882)
CyberLink DVD Suite (Version: 5.5.1519)
CyberLink YouCam (Version: 2.0.1616)
ESET Online Scanner v3
ESU for Microsoft Vista (Version: 1.0.0)
FitLive 1.3.00
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
GoToMeeting 6.0.0.1259 (HKCU Version: 6.0.0.1259)
GPL Ghostscript (Version: 9.05)
HDAUDIO Soft Data Fax Modem with SmartCP
HP Active Support Library (Version: 3.1.4.1)
HP Customer Experience Enhancements (Version: 5.6.0.2510)
HP Daily Idea (Version: 0.1)
HP Daily Idea (Version: v0.1)
HP Doc Viewer (Version: 1.01.0005)
HP DVD Play 3.7
HP Help and Support (Version: 2.0.9.0)
HP PrecisionScan LT Software
HP Total Care Advisor (Version: 2.1.4047.2685)
HP Update (Version: 5.005.000.002)
HP User Guides 0118 (Version: 1.00.0000)
HP Wireless Assistant (Version: 3.00 J1)
HPAsset component for HP Active Support Library (Version: 3.0.2.2)
HPNetworkAssistant (Version: 1.1.70)
HPTCSSetup (Version: 1.0.964.2626)
IDrive Version - 6.0 (Version: 6.0)
Intel(R) Graphics Media Accelerator Driver
LabelPrint (Version: 2.20.2719)
LightScribe System Software 1.12.33.2 (Version: 1.12.33.2)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2003 Web Components (Version: 11.0.8173.0)
Microsoft Office 2007 Primary Interop Assemblies (Version: 12.0.4518.1014)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Accounting 2008 (Version: 3.0.8627.1)
Microsoft Office Accounting 2008 Equifax Addin (Version: 3.0.8231.0)
Microsoft Office Accounting 2008 Fixed Asset Manager (Version: 3.0.8231.0)
Microsoft Office Accounting 2008 PayPal Addin (Version: 3.0.8231.0)
Microsoft Office Accounting ADP Payroll Addin (Version: 0.0.0.0)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Professional 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Small Business Connectivity Components (Version: 2.0.7024.0)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs (Version: 12.0.4518.1014)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005
Microsoft SQL Server 2005 Express Edition (MSSMLBIZ) (Version: 9.4.5000.00)
Microsoft SQL Server 2005 Tools Express Edition (Version: 9.4.5000.00)
Microsoft SQL Server Native Client (Version: 9.00.5000.00)
Microsoft SQL Server Setup Support Files (English) (Version: 9.00.5000.00)
Microsoft SQL Server VSS Writer (Version: 9.00.5000.00)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual Studio 2005 Tools for Office Runtime
Microsoft Visual Studio 2005 Tools for Office Runtime (Version: 8.0.60940.0)
Microsoft Works (Version: 9.7.0621)
MotoHelper 2.0.45 Driver 5.0.0 (Version: 2.0.45)
MotoHelper MergeModules (Version: 1.2.0)
Motorola Mobile Drivers Installation 5.0.0 (Version: 5.0.0)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP2 Parser and SDK (Version: 4.20.9818.0)
muvee autoProducer 6.1 (Version: 6.10.050)
My HP Games (Version: 1.0.0.43)
NetWaiting (Version: 2.5.52)
Norton Security Suite (Version: 5.1.0.29)
Peachtree Accounting 2011 (Version: 18.00.00)
Peachtree Complete Accounting 2010
PeachTree Signature Ready Forms (Version: 6.11.1)
Pervasive PSQL v10 SP2 Workgroup (32-bit) (Version: 10.20.034)
Pervasive PSQL v10.10 Workgroup (32-bit) (Version: 10.10.126)
Power2Go (Version: 5.6.3919)
PowerDirector (Version: 6.5.2719)
QuickBooks (Version: 22.0.4012.2206)
QuickBooks Premier: Accountant Edition 2012 (Version: 22.0.4012.2206)
QuickBooks Pro 2012 (Version: 22.0.4012.2206)
QuickBooks Simple Start 2008 (Plus Pack) (Version: 18.0.4003.606)
QuickPlay SlingPlayer 0.4.6 (Version: 0.4.6)
QuickTime (Version: 7.74.80.86)
RealDownloader (Version: 1.3.0)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0)
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0)
RealPlayer (Version: 16.0.0)
Realtek 8169 8168 8101E 8102E Ethernet Driver (Version: 1.00.0000)
Realtek USB 2.0 Card Reader (Version: )
RealUpgrade 1.1 (Version: 1.1.0)
Sage Integration Services (Version: 2.2.2240)
Sage Message Center (Version: 2.00.0000)
Seagate Manager Installer (Version: 2.01.0700)
Search Assistant WebSearch 1.74 <==== ATTENTION
SK.Supporter 1.74
SoftPerfect WiFi Guard version 1.0.1 (Version: 1.0.1)
Spotify (HKCU Version: 0.8.3.222.g317ab79d)
Spotify (Version: 0.5.2)
Spybot - Search & Destroy (Version: 2.2.25)
SupportSoft Assisted Service (Version: 15)
Synaptics Pointing Device Driver (Version: 11.1.3.0)
TinyPDF 2.0 (Version: 2.0.2600.2000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Viewpoint Media Player
WinPatrol (Version: 26.1.2013.0)
WinPatrol (Version: 29.2.2013)
Yahoo! Toolbar

==================== Restore Points =========================

13-10-2013 18:01:30 Windows Update
14-10-2013 01:08:52 Windows Update
18-10-2013 01:06:32 Windows Update
19-10-2013 18:52:18 Installed QuickTime
24-10-2013 17:18:36 Windows Update
31-10-2013 01:06:20 Windows Update
01-11-2013 20:58:06 Windows Update
07-11-2013 01:44:28 Windows Update
10-11-2013 15:31:45 Windows Update
14-11-2013 01:46:01 Windows Update
14-11-2013 02:00:38 Windows Update
15-11-2013 17:12:11 Windows Update
19-11-2013 01:18:13 Windows Update
27-11-2013 15:26:28 Windows Update
01-12-2013 16:51:43 Windows Update
08-12-2013 17:31:01 Windows Update
12-12-2013 16:03:17 Windows Update
17-12-2013 16:38:20 Windows Update
22-12-2013 14:56:12 Windows Update
25-12-2013 18:51:23 Windows Update
26-12-2013 00:08:14 Installed Sophos Virus Removal Tool.
26-12-2013 22:00:44 Removed Sophos Virus Removal Tool.

==================== Hosts content: ==========================

2006-11-02 05:23 - 2006-09-18 16:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0476314A-7176-43B5-9E6E-83EEBE25DBD5} - System32\Tasks\SK.Enabler-S-1495795506 => c:\programdata\quickset\sk.enabler\SK.Enabler.exe
Task: {08150B35-0E59-4FE6-9743-40F41F262C77} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-04] (Google Inc.)
Task: {090C4527-1CA8-4ECC-AA8E-3B74C4431C74} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-4001201957-2674272809-1492912165-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {09804292-56CD-4D48-A8F2-01A1D269A400} - System32\Tasks\MotoHelper MUM => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {0B4B54AF-1AF8-4817-B4E6-CE240510947D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {2DDDA2B6-87C2-469D-84D9-CC136EECF670} - System32\Tasks\MotoHelper Routing => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {423E90B5-FC47-43C3-980D-744FDC5B17C7} - System32\Tasks\RecoveryCD => C:\Program Files\Hewlett-Packard\HP TCS\RemEngine.exe [2008-04-11] ()
Task: {561375CB-FF5A-417B-B297-BA73DE149581} - System32\Tasks\Microsoft\Windows\Wired\GatherWired Info => C:\Windows\system32\gatherWiredInfo.vbs
Task: {6D9B786F-857A-48E8-BE6E-5F8E163F8F98} - System32\Tasks\MotoHelper Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {6F8186F2-202B-4A8D-A0CA-5BE4FC26142A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpda teService.exe [2013-12-10] (Adobe Systems Incorporated)
Task: {7728B879-56C9-4A8D-AC02-E1997230B9CD} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-4001201957-2674272809-1492912165-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {78F03A10-9CB0-49E3-8044-B25976E4A498} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-4001201957-2674272809-1492912165-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {7DAD4D7D-06E4-4AAB-B0C4-096A20921026} - System32\Tasks\MotoHelper Initial Update => C:\Program Files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-01-27] ()
Task: {9C3D6603-CF95-4CAE-B314-A46D509ED466} - System32\Tasks\RealDownloaderRealUpgradeScheduledT askS-1-5-21-4001201957-2674272809-1492912165-1000 => C:\Program Files\RealNetworks\RealDownloader\realupgrade.exe [2012-11-29] (RealNetworks, Inc.)
Task: {A4B16D45-44EF-423F-8A03-1E982D054288} - System32\Tasks\Symantec\Norton Error Analyzer 5.1.0.29 => C:\Program Files\Norton Security Suite\Engine\5.1.0.29\symerr.exe [2011-04-28] (Symantec Corporation)
Task: {A8381433-B001-457E-B41C-4D6973156B90} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {AA5E896F-082A-4B11-81D7-DF1149549DDA} - System32\Tasks\Symantec\Norton Error Processor 5.1.0.29 => C:\Program Files\Norton Security Suite\Engine\5.1.0.29\symerr.exe [2011-04-28] (Symantec Corporation)
Task: {BEE1D39E-739C-4641-B517-65EC94E44319} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2011-09-04] (Google Inc.)
Task: {D4D433E6-40A6-4761-AA12-DCFF8920E159} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-4001201957-2674272809-1492912165-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {D937E822-2E94-4E4A-AC56-2FADE5B52F11} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-4001201957-2674272809-1492912165-1000 => C:\Program Files\Real\RealUpgrade\realupgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWi relessInfo => C:\Windows\system32\gatherWirelessInfo.vbs
Task: {EBAFCF36-5C0D-47B9-AF2E-D237CC0EBC9D} - System32\Tasks\HP Health Check => C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-04-15] (Hewlett-Packard)
Task: {EC61A44A-1BD8-4D0C-A71D-4A23FFF86526} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {F6777392-1658-43BA-9835-123023FC7390} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {FBADAEAD-E2D2-4217-A511-B782CE25F208} - System32\Tasks\RealDownloaderDownloaderScheduledTa skS-1-5-21-4001201957-2674272809-1492912165-1000 => C:\Program Files\RealNetworks\RealDownloader\recordingmanager .exe [2012-11-29] (RealNetworks, Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\SK.Enabler-S-1495795506.job => c:\programdata\quickset\sk.enabler\SK.Enabler.exe

==================== Loaded Modules (whitelisted) =============

2008-08-06 06:11 - 2008-06-12 00:18 - 00120216 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLSchMgr.dll
2008-08-06 06:11 - 2008-06-12 00:18 - 00259480 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapEngine.dll
2008-08-06 06:11 - 2008-06-12 00:18 - 00345384 _____ () C:\Program Files\HP\QuickPlay\Kernel\TV\CLTinyDB.dll
2013-07-31 20:54 - 2013-07-23 16:31 - 00061440 _____ () C:\Program Files\IDriveWindows\LogViewerControl.dll
2013-12-24 23:05 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-12-24 23:05 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2007-07-12 14:55 - 2007-07-12 14:55 - 01581056 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-08-14 14:59 - 2007-08-14 14:59 - 06365184 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2007-07-12 14:55 - 2007-07-12 14:55 - 00131072 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2012-05-07 17:55 - 2013-12-08 12:44 - 36967424 _____ () C:\Users\Kevin\AppData\Roaming\Spotify\Data\libcef .dll
2010-01-29 20:34 - 2013-07-15 12:29 - 00620718 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2013-07-31 20:54 - 2013-07-23 16:18 - 00478720 _____ () C:\Program Files\IDriveWindows\idcontext.dll
2013-11-30 00:24 - 2013-11-30 00:24 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Faulty Device Manager Devices =============

Name: Symantec Network Security Intermediate Filter Driver
Description: Symantec Network Security Intermediate Filter Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: SymIM
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: BHDrvx86
Description: BHDrvx86
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: BHDrvx86
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: MpKslb279df3e
Description: MpKslb279df3e
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: MpKslb279df3e
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/26/2013 05:45:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521ea91c
Exception code: 0xc0000374
Fault offset: 0x000c3873
Faulting process id: 0x770
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (12/26/2013 05:43:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/26/2013 05:42:08 PM) (Source: PerfNet) (User: )
Description:

Error: (12/26/2013 05:39:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d6727a7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x05670fef
Faulting process id: 0x654
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3

Error: (12/26/2013 05:08:31 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/26/2013 05:08:17 PM) (Source: PerfNet) (User: )
Description:

Error: (12/26/2013 04:41:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/26/2013 04:40:25 PM) (Source: PerfNet) (User: )
Description:

Error: (12/26/2013 08:29:36 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/26/2013 08:29:08 AM) (Source: PerfNet) (User: )
Description:


System errors:
=============
Error: (12/26/2013 05:51:38 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.606.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608

Error: (12/26/2013 05:48:21 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy1.

Error: (12/26/2013 05:48:18 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy2.

Error: (12/26/2013 05:48:15 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy5.

Error: (12/26/2013 05:48:11 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy8.

Error: (12/26/2013 05:48:07 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy18.

Error: (12/26/2013 05:47:59 PM) (Source: Ntfs) (User: )
Description: The file system structure on the disk is corrupt and unusable.
Please run the chkdsk utility on the volume \Device\HarddiskVolumeShadowCopy15.

Error: (12/26/2013 05:43:22 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
BHDrvx86
SymIM

Error: (12/26/2013 05:22:21 PM) (Source: Microsoft-Windows-Application-Experience) (User: NT AUTHORITY)
Description: The Program Compatibility Assistant service failed to perform the phase two initialization.

Error: (12/26/2013 05:17:59 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

New Signature Version:

Previous Signature Version: 1.165.606.0

Update Source: %NT AUTHORITY59

Update Stage: 4.4.0304.00

Source Path: 4.4.0304.01

Signature Type: %NT AUTHORITY602

Update Type: %NT AUTHORITY604

User: NT AUTHORITY\SYSTEM

Current Engine Version: %NT AUTHORITY605

Previous Engine Version: %NT AUTHORITY606

Error code: %NT AUTHORITY607

Error description: %NT AUTHORITY608


Microsoft Office Sessions:
=========================
Error: (08/23/2013 11:54:05 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 995 seconds with 360 seconds of active time. This session ended with a crash.

Error: (08/11/2013 11:26:29 AM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8293 seconds with 0 seconds of active time. This session ended with a crash.

Error: (06/06/2013 00:45:11 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 275 seconds with 120 seconds of active time. This session ended with a crash.

Error: (01/07/2011 06:02:57 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 95 seconds with 60 seconds of active time. This session ended with a crash.


CodeIntegrity Errors:
===================================
Date: 2010-01-28 16:15:11.898
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2010-01-28 16:15:11.835
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2010-01-28 16:15:11.757
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2010-01-28 16:15:11.679
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2010-01-28 16:15:11.601
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\WINDOWS\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2008-08-06 08:23:54.806
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2008-08-06 08:23:54.790
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2008-08-06 08:23:54.790
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2008-08-06 08:23:54.774
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.

Date: 2008-08-06 08:23:51.015
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\t cpip.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 38%
Total physical RAM: 3003.19 MB
Available physical RAM: 1845.38 MB
Total Pagefile: 6004.67 MB
Available Pagefile: 4337 MB
Total Virtual: 2047.88 MB
Available Virtual: 1901.38 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:223.02 GB) (Free:117.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (PRESARIO_RP) (Fixed) (Total:9.86 GB) (Free:1.67 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

================================================== ======
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: D6369E72)
Partition 1: (Active) - (Size=223 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Reply With Quote
  #6  
Old December 27th, 2013, 10:11 AM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,431
Bleepingcomputer is a legit download link.


Next, download ComboFix Save to the Desktop
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.
Please provide the contents of the ComboFix report in your reply.
Reply With Quote
  #7  
Old December 27th, 2013, 02:33 PM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
Hi Tom
Here is ComboFix report:
thank you
ComboFix 13-12-26.01 - Kevin 12/27/2013 7:44.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3003.1851 [GMT -5:00]
Running from: c:\users\Kevin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
AV: Norton Security Suite *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Security Suite *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Norton Security Suite *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-11-27 to 2013-12-27 )))))))))))))))))))))))))))))))
.
.
2013-12-27 13:23 . 2013-12-27 13:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-12-27 12:34 . 2013-12-27 12:34 40392 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53EB6210-06D0-452D-9115-4D752ADB8E37}\MpKsl0217ee84.sys
2013-12-27 12:28 . 2013-12-27 12:28 62576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53EB6210-06D0-452D-9115-4D752ADB8E37}\offreg.dll
2013-12-26 22:53 . 2013-12-26 22:53 -------- d-----w- C:\FRST
2013-12-26 00:09 . 2013-12-26 00:10 -------- d-----w- c:\programdata\Sophos
2013-12-25 18:53 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{53EB6210-06D0-452D-9115-4D752ADB8E37}\mpengine.dll
2013-12-25 04:18 . 2013-12-25 18:13 -------- d-----w- c:\users\Kevin\AppData\Roaming\QuickScan
2013-12-25 04:05 . 2013-09-20 15:49 18968 ----a-w- c:\windows\system32\sdnclean.exe
2013-12-25 04:05 . 2013-12-27 12:38 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-12-25 04:05 . 2013-12-25 04:06 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2013-12-24 21:54 . 2013-12-24 21:54 -------- d-----w- c:\users\Kevin\AppData\Roaming\SendSpace
2013-12-24 21:54 . 2013-12-25 03:09 -------- d-----w- c:\program files\WebSearch
2013-12-24 21:54 . 2013-12-24 21:55 -------- d-----w- c:\programdata\QuickSet
2013-12-24 21:54 . 2013-12-25 03:09 -------- d-----w- c:\program files\Sk.Enabler
2013-12-24 21:54 . 2013-12-25 03:09 -------- d-----w- c:\programdata\YoutubeAdblocker
2013-12-24 21:54 . 2013-12-25 03:09 -------- d-----w- c:\program files\YoutubeAdblocker
2013-12-24 21:54 . 2013-12-25 03:09 -------- d-----w- c:\programdata\surof And keep
2013-12-24 21:54 . 2013-12-25 03:09 -------- d-----w- c:\program files\surof And keep
2013-12-24 21:54 . 2013-12-24 21:54 -------- d-----w- c:\programdata\a0917284ad6b8d96
2013-12-24 19:07 . 2013-12-04 02:57 7760024 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-12-08 17:34 . 2013-10-18 01:06 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B174B379-998B-40AE-84C3-20A7BEB8090E}\gapaengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))) ))
.
2013-12-11 00:27 . 2012-04-14 13:03 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-12-11 00:27 . 2012-03-06 03:03 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-11-19 10:21 . 2009-12-01 02:19 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-11-15 17:15 . 2013-11-15 17:15 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-11-15 17:15 . 2013-11-15 17:15 194048 ----a-w- c:\windows\system32\elshyph.dll
2013-11-15 17:15 . 2013-11-15 17:15 71680 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-11-15 17:15 . 2013-11-15 17:15 645120 ----a-w- c:\windows\system32\jsIntl.dll
2013-11-15 17:15 . 2013-11-15 17:15 182272 ----a-w- c:\windows\system32\msls31.dll
2013-11-15 17:15 . 2013-11-15 17:15 1818112 ----a-w- c:\windows\system32\wininet.dll
2013-11-15 17:15 . 2013-11-15 17:15 62464 ----a-w- c:\windows\system32\tdc.ocx
2013-11-15 17:15 . 2013-11-15 17:15 34816 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-11-15 17:15 . 2013-11-15 17:15 337408 ----a-w- c:\windows\system32\html.iec
2013-11-15 17:14 . 2013-11-15 17:14 61952 ----a-w- c:\windows\system32\iesetup.dll
2013-11-15 17:14 . 2013-11-15 17:14 24576 ----a-w- c:\windows\system32\licmgr10.dll
2013-11-15 17:14 . 2013-11-15 17:14 1926656 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-15 17:14 . 2013-11-15 17:14 1051136 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-11-15 17:14 . 2013-11-15 17:14 139264 ----a-w- c:\windows\system32\wextract.exe
2013-11-15 17:14 . 2013-11-15 17:14 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-15 17:14 . 2013-11-15 17:14 454656 ----a-w- c:\windows\system32\vbscript.dll
2013-11-15 17:14 . 2013-11-15 17:14 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-15 17:14 . 2013-11-15 17:14 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-15 17:14 . 2013-11-15 17:14 151552 ----a-w- c:\windows\system32\iexpress.exe
2013-11-15 17:14 . 2013-11-15 17:14 13312 ----a-w- c:\windows\system32\mshta.exe
2013-11-15 17:14 . 2013-11-15 17:14 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-15 17:14 . 2013-11-15 17:14 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-15 17:14 . 2013-11-15 17:14 74240 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-11-15 17:14 . 2013-11-15 17:14 61952 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-11-15 17:14 . 2013-11-15 17:14 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-15 17:14 . 2013-11-15 17:14 36352 ----a-w- c:\windows\system32\imgutil.dll
2013-11-15 17:14 . 2013-11-15 17:14 111616 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-11-15 17:14 . 2013-11-15 17:14 4240384 ----a-w- c:\windows\system32\jscript9.dll
2013-11-15 17:14 . 2013-11-15 17:14 86016 ----a-w- c:\windows\system32\iesysprep.dll
2013-11-15 17:14 . 2013-11-15 17:14 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-11-07 01:38 . 2013-09-03 15:07 736952 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsV2\S portsTemplateCore-2\Microsoft.MediaCenter.Sports.UI.dll
2013-10-18 01:06 . 2012-06-13 01:04 719224 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-10-12 02:03 . 2013-11-14 02:00 656896 ----a-w- c:\windows\system32\nshwfp.dll
2013-10-12 02:01 . 2013-11-14 02:00 679424 ----a-w- c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01 . 2013-11-14 02:00 216576 ----a-w- c:\windows\system32\FWPUCLNT.DLL
2013-10-05 19:57 . 2013-11-14 02:00 1168384 ----a-w- c:\windows\system32\crypt32.dll
2013-10-04 01:58 . 2013-11-14 02:00 152576 ----a-w- c:\windows\system32\SmartcardCredentialProvider.dl l
2013-10-04 01:56 . 2013-11-14 02:00 168960 ----a-w- c:\windows\system32\credui.dll
2013-10-04 01:56 . 2013-11-14 02:00 1796096 ----a-w- c:\windows\system32\authui.dll
2013-10-03 01:58 . 2013-11-14 02:00 305152 ----a-w- c:\windows\system32\gdi32.dll
2013-10-02 02:46 . 2013-11-15 17:18 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui
2013-10-02 00:42 . 2013-11-15 17:18 49152 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2013-10-02 00:32 . 2013-11-15 17:18 12800 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyCon trol.exe
2013-10-02 00:30 . 2013-11-15 17:18 14336 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExt ension.dll
2013-10-02 00:14 . 2013-11-15 17:18 50176 ----a-w- c:\windows\system32\MsRdpWebAccess.dll
2013-10-02 00:14 . 2013-11-15 17:18 17920 ----a-w- c:\windows\system32\wksprtPS.dll
2013-10-01 23:58 . 2013-11-15 17:18 53248 ----a-w- c:\windows\system32\tsgqec.dll
2013-10-01 23:45 . 2013-11-15 17:18 32256 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll
2013-10-01 23:08 . 2013-11-15 17:18 855552 ----a-w- c:\windows\system32\rdvidcrl.dll
2013-10-01 23:00 . 2013-11-15 17:18 76288 ----a-w- c:\windows\system32\TSWbPrxy.exe
2013-10-01 22:53 . 2013-11-15 17:18 350208 ----a-w- c:\windows\system32\wksprt.exe
2013-10-01 22:34 . 2013-11-15 17:18 1068544 ----a-w- c:\windows\system32\mstsc.exe
2013-10-01 20:55 . 2013-11-15 17:18 5698048 ----a-w- c:\windows\system32\mstscax.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Curre ntVersion\Run]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"Spotify Web Helper"="c:\users\Kevin\AppData\Roaming\Spotify\Da ta\SpotifyWebHelper.exe" [2013-12-08 1168896]
"Spotify"="c:\users\Kevin\AppData\Roaming\Spotify\ Spotify.exe" [2013-12-08 5951488]
"IDrive Background process"="c:\program files\IDriveWindows\idwbg_600.exe" [2013-07-23 43608]
"IDrive Tray"="c:\program files\IDriveWindows\idrivetray.exe" [2013-07-23 854104]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2013-12-10 455744]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e" [2007-12-24 222504]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-26 136216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-26 171032]
"Persistence"="c:\windows\system32\igfxpers.ex e" [2010-08-26 170520]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-10-26 2643320]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"RIMBBLaunchAgent.exe"="c:\program files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe" [2011-11-02 90448]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 948440]
"PeachtreePrefetcher.exe"="c:\program files\Sage\Peachtree\PeachtreePrefetcher.exe" [2012-10-23 30064]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Plugin Install"="c:\program files\QuickTime\Plugins\DeleteMe1.exe" [2012-11-18 86016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2013-01-12 295072]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"IDrive Background process"="c:\program files\IDriveWindows\idwbg_600.exe" [2013-07-23 43608]
"IDrive Tray"="c:\program files\IDriveWindows\idrivetray.exe" [2013-07-23 854104]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2013-05-01 421888]
"SDTray"="c:\program files\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2012-12-6 6186872]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-12-6 1176464]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2012\QBW32.EXE -silent [2012-12-6 1181584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Contro l\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\setup\disabledrunkeys]
"QlbCtrl.exe"=c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
.
R1 BHDrvx86;BHDrvx86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\ 20111223.001\BHDrvx86.sys [2011-12-01 820344]
R3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys [2009-01-29 6016]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2011-11-13 106104]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2013-11-15 108032]
R3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys [2009-07-10 25856]
R3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys [2010-12-03 20352]
R3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRI VERS\motccgpfl.sys [2009-01-29 8320]
R3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys [2010-04-01 23424]
S1 IDSVix86;IDSVix86;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\2 0120120.002\IDSvix86.sys [2011-08-18 368248]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService .exe [2009-12-18 189736]
S2 IDriveService;IDriveService;c:\program files\IDriveWindows\idwservice_600.exe [2013-07-23 182872]
S2 IDWAdmin;IDWAdmin;c:\program files\IDriveWindows\idwadminsrv.exe [2013-07-23 125528]
S2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [2011-01-27 226624]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys [2008-06-04 113664]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL0217EE84
*Deregistered* - CO_Mon
*Deregistered* - SYMREDRV
*Deregistered* - SYMTDI
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-12-08 17:43 1210320 ----a-w- c:\program files\Google\Chrome\Application\31.0.1650.63\Insta ller\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpda teService.exe [2012-04-14 00:27]
.
2013-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 13:37]
.
2013-12-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-09-04 13:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{A272D05A-42A2-42C1-8905-ABD2BCAFFB51}\45D2D4F62696C6560224C61636B624562727 970233937313: NameServer = 68.87.64.150,68.87.75.198
FF - ProfilePath - c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.searchsunmy.info/?pid=34&r=2013/12/24&hid=7607547261751608629&lg=EN&cc=US&unqvl=45&l= 1&q=
FF - prefs.js: browser.startup.homepage - hxxp://websearch.searchsunmy.info/?pid=34&r=2013/12/24&hid=7607547261751608629&lg=EN&cc=US&unqvl=45
FF - prefs.js: keyword.URL - hxxp://websearch.searchsunmy.info/?pid=34&r=2013/12/24&hid=7607547261751608629&lg=EN&cc=US&unqvl=45&l= 1&q=
FF - ExtSQL: 2013-12-24 16:54; drxfttgb@awo.org; c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\extensions\drxfttgb@awo.org
FF - ExtSQL: 2013-12-24 16:55; g.eayy@oslhxbiapal.edu; c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\extensions\g.eayy@oslhxbiap al.edu
FF - ExtSQL: 2013-12-24 23:18; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - ExtSQL: !HIDDEN! 2010-01-28 17:38; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-DW6 - c:\program files\The Weather Channel FW\Desktop\DesktopWeather.exe
Notify-SDWinLogon - SDWinLogon.dll
AddRemove-RealPlayer 16.0 - c:\program files\real\realplayer\Update\r1puninst.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\N 360]
"ImagePath"="\"c:\program files\Norton Security Suite\Engine\5.1.0.29\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Cl ass\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PC W\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(868)
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\System32\gameux.dll
c:\windows\system32\MsftEdit.dll
.
Completion time: 2013-12-27 08:26:33
ComboFix-quarantined-files.txt 2013-12-27 13:26
.
Pre-Run: 130,581,655,552 bytes free
Post-Run: 132,099,076,096 bytes free
.
- - End Of File - - 3DB82E4D06C0BAF14E6F23C3F179143E
A36C5E4F47E84449FF07ED3517B43A31
Reply With Quote
  #8  
Old December 27th, 2013, 02:39 PM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
Just checked after running Combofix...
Firefox and Chrome browswers still appear hijacked by
http://websearch.searchsunmy.info/?p...cc=US&unqvl=45
:-(
Reply With Quote
  #9  
Old December 28th, 2013, 01:01 PM
schrauber's Avatar
schrauber schrauber is offline
Cyber Tech Help Moderator
 
Join Date: Apr 2009
O/S: Windows 7 64-bit
Location: Germany
Age: 33
Posts: 4,431
Please download Malwarebytes Anti-Malware and save it to your desktop.
alternate download link 1
alternate download link 2

MBAM may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
MBAM will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button to close that box and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
On the Scanner tab:
  • Make sure the "Perform Quick Scan" option is selected.
  • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
Back at the main Scanner screen:
  • Click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
  • Exit MBAM when done.
Note: If MBAM encounters a file that is difficult to remove, you will be asked to reboot your computer so MBAM can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware.




Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.



I'd like us to scan your machine with ESET OnlineScan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt



Also please post back with a fresh FRST logfile and tell me how the system is running.
Reply With Quote
  #10  
Old December 28th, 2013, 04:52 PM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
Hi Tom
Malwarebytes scanned clean

Below are results of AdwCleaner scan
# AdwCleaner v3.016 - Report created 28/12/2013 at 10:41:31
# Updated 23/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Kevin - KEVIN-PC
# Running from : C:\Users\Kevin\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Viewpoint Manager Service

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\QuickSet
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\ProgramData\YoutubeAdblocker
Folder Deleted : C:\ProgramData\surof And keep
Folder Deleted : C:\Program Files\Sk.Enabler
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\WebSearch
Folder Deleted : C:\Program Files\YoutubeAdblocker
Folder Deleted : C:\Program Files\surof And keep
Folder Deleted : C:\Users\Kevin\AppData\Roaming\SendSpace
Folder Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\Extensions\2020Player_IKEA@ 2020Technologies.com
Folder Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\Extensions\drxfttgb@awo.org
Folder Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\Extensions\g.eayy@oslhxbiap al.edu
Folder Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
Folder Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
Folder Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\searchplugins\safesearch.xm l
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\safesearch.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{20a82645-c095-46ed-80e3-08825760534b}]
Key Deleted : HKLM\SOFTWARE\Classes\and
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSe condary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSe condary.1
Key Deleted : HKLM\SOFTWARE\Classes\surf
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SP_495a9825
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\SP_b0285714
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Exp lorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext \Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext \PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\Software\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\ViewpointMediaPlayer
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Ins taller\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default\prefs.js ]

Line Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Line Deleted : user_pref("aol_toolbar.default.search.check", false);
Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.searchsunmy.info/?pid=34&r=2013/12/24&hid=7607547261751608629&lg=EN&cc=US&unqvl=45&l= 1&q=");
Line Deleted : user_pref("browser.search.order.1", "WebSearch");
Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.JPhkcfZ48AqW.scode", "(function(){if(window.self.location.hostname.inde xOf(\"acebook.co\")>-1){return};if(window.self.location.protocol.indexO f('hxxp')>-1 && window.self==window.[...]
Line Deleted : user_pref("extensions.qJOs8.scode", "(function(){if(window.self.location.hostname.inde xOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement('script');script.typ[...]
Line Deleted : user_pref("keyword.URL", "hxxp://websearch.searchsunmy.info/?pid=34&r=2013/12/24&hid=7607547261751608629&lg=EN&cc=US&unqvl=45&l= 1&q=");
Line Deleted : user_pref("plugin.blocklisted.npviewpoint", true);
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search .defaultenginename", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.search .selectedEngine", "");
Line Deleted : user_pref("sweetim.toolbar.previous.browser.startu p.homepage", "");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejecte dGuard_DS", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.UserRejecte dGuard_HP", "");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [8157 octets] - [28/12/2013 10:32:54]
AdwCleaner[S0].txt - [8266 octets] - [28/12/2013 10:41:31]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8326 octets] ##########
Reply With Quote
  #11  
Old December 28th, 2013, 11:13 PM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
Tom:
Below are scan results from ESET scan-
message after scan:
Infected files: 4
Cleaned files: #

thank you


C:\Users\All Users\InstallMate\{7B249469-B208-48C1-AA2A-FA2AA0C7B69F}\Custom.dll Win32/InstalleRex.M application
C:\AdwCleaner\Quarantine\C\Program Files\Sk.Enabler\uninstall.exe.vir a variant of Win32/SProtector.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files\WebSearch\uninstall.exe.vir a variant of Win32/SProtector.B application cleaned by deleting - quarantined
C:\ProgramData\InstallMate\{7B249469-B208-48C1-AA2A-FA2AA0C7B69F}\Custom.dll Win32/InstalleRex.M application cleaned by deleting - quarantined



ESET log.txt
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=36882
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=59aa3ea29d139c45acc5bfd627b3b3a1
# engine=13507
# end=finished
# remove_checked=false
# archives_checked=false
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-03-29 09:57:41
# local_time=2013-03-29 05:57:41 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 34009834 116095852 0 0
# scanned=355020
# found=0
# cleaned=0
# scan_time=29184
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=59aa3ea29d139c45acc5bfd627b3b3a1
# engine=16430
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2013-12-28 09:13:02
# local_time=2013-12-28 04:13:02 (-0500, Eastern Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 6643522 139809973 0 0
# scanned=252922
# found=4
# cleaned=3
# scan_time=18826
sh=2A622F9767B15216B00C7EC03DE0100CE8BDCED3 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M application" ac=I fn="C:\Users\All Users\InstallMate\{7B249469-B208-48C1-AA2A-FA2AA0C7B69F}\Custom.dll"
sh=6BB16D37C39BB23A500B12BCE5CDA4182C805D6F ft=1 fh=1a2102acc8b58f79 vn="a variant of Win32/SProtector.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\Sk.Enabler\uninstall.exe.vir"
sh=6BB16D37C39BB23A500B12BCE5CDA4182C805D6F ft=1 fh=1a2102acc8b58f79 vn="a variant of Win32/SProtector.B application (cleaned by deleting - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files\WebSearch\uninstall.exe.vir"
sh=2A622F9767B15216B00C7EC03DE0100CE8BDCED3 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M application (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\InstallMate\{7B249469-B208-48C1-AA2A-FA2AA0C7B69F}\Custom.dll"
Reply With Quote
  #12  
Old December 28th, 2013, 11:14 PM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
Correction:
Infected files: 4
Cleaned files: 3
Reply With Quote
  #13  
Old December 28th, 2013, 11:32 PM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
Tom
and finally, below is latest FRST scan result--I do not see the second "additional" result log file on desktop after scan (?)
Will scan with FRST again.
regards,
Deborah


Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2013 01
Ran by Kevin (administrator) on KEVIN-PC on 28-12-2013 17:17:00
Running from C:\Users\Kevin\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe
() C:\Program Files\IDriveWindows\idwservice_600.exe
() C:\Program Files\IDriveWindows\idwadminsrv.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe
() C:\Windows\SMINST\BLService.exe
(Pro Softnet Corporation) C:\Program Files\IDriveWindows\idwbg_600.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
( ) C:\Program Files\IDriveWindows\idw_web.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Prosoftnet Corp) C:\Program Files\IDriveWindows\idrivetray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Spotify Ltd) C:\Users\Kevin\AppData\Roaming\Spotify\Data\Spotif yWebHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [QPService] - C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-06-12] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e [222504 2007-12-24] (CyberLink Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-25] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [PeachtreePrefetcher.exe] - C:\Program Files\Sage\Peachtree\PeachtreePrefetcher.exe [30064 2012-10-23] (Sage Software, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Plugin Install] - C:\Program Files\QuickTime\Plugins\DeleteMe1.exe [86016 2012-11-18] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295072 2013-01-12] (RealNetworks, Inc.)
HKLM\...\Run: [MaxMenuMgr] - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe [197928 2009-12-18] (Seagate LLC)
HKLM\...\Run: [IDrive Background process] - C:\Program Files\IDriveWindows\idwbg_600.exe [43608 2013-07-23] (Pro Softnet Corporation)
HKLM\...\Run: [IDrive Tray] - C:\Program Files\IDriveWindows\idrivetray.exe [854104 2013-07-23] (Prosoftnet Corp)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Kevin\AppData\Roaming\Spotify\Data\Spotif yWebHelper.exe [1168896 2013-12-08] (Spotify Ltd)
HKCU\...\Run: [Spotify] - C:\Users\Kevin\AppData\Roaming\Spotify\spotify.exe [5951488 2013-12-08] (Spotify Ltd)
HKCU\...\Run: [IDrive Background process] - C:\Program Files\IDriveWindows\idwbg_600.exe [43608 2013-07-23] (Pro Softnet Corporation)
HKCU\...\Run: [IDrive Tray] - C:\Program Files\IDriveWindows\idrivetray.exe [854104 2013-07-23] (Prosoftnet Corp)
HKCU\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe [455744 2013-12-10] (BillP Studios)
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {266A3802-8562-4677-BE83-047E5A427D0F} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKLM - {B4A538D5-ED95-4D15-8766-D7AF38B16F34} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
SearchScopes: HKCU - DefaultScope {B4A538D5-ED95-4D15-8766-D7AF38B16F34} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
SearchScopes: HKCU - {266A3802-8562-4677-BE83-047E5A427D0F} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKCU - {B4A538D5-ED95-4D15-8766-D7AF38B16F34} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_90 0_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlchromebrowserrecordex t.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlpepperflashvideoshim. dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\npdlplugin.dll (RealDownloader)
FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Kevin\AppData\Local\Citrix\Plugins\104\np appdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\Peppe rFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoo gleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.d ll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (BlackBerry AppWorld) - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlchromebrowserrecordex t.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlpepperflashvideoshim. dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_50 2_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: () - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpb ikblnp\1.4.6_0
CHR Extension: (YoutubeAdblocker) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoddonhaboomeaoifhlmejajef akhdeb\1.0
CHR Extension: (RealDownloader) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjb npdiji\1.3.0_0
CHR Extension: (Google Wallet) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda\0.0.6.0_0
CHR Extension: (greatsaver) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpegmfjmfkmlbclffnfiagdfc eedafm\2.7
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Chrome\Ext\realdownloader.crx

========================== Services (Whitelisted) =================

R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe [189736 2009-12-18] (Seagate Technology LLC)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard)
R2 IDriveService; C:\Program Files\IDriveWindows\idwservice_600.exe [182872 2013-07-23] ()
R2 IDWAdmin; C:\Program Files\IDriveWindows\idwadminsrv.exe [125528 2013-07-23] ()
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S3 Peachtree SmartPosting 2011; C:\Program Files\Sage\Peachtree\SmartPostingService2011.exe [44400 2012-10-23] (Sage Software, Inc.)
R2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435496 2009-08-13] (Pervasive Software Inc.)
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe [38608 2012-11-29] ()
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\ 20111223.001\BHDrvx86.sys [820344 2011-11-30] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-11-13] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2011-11-13] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\2 0120120.002\IDSvix86.sys [368248 2011-08-17] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-12-28] (Malwarebytes Corporation)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKslddc1db3f; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D8EDC982-B1D7-446C-BDCA-A76375E9838D}\MpKslddc1db3f.sys [40392 2013-12-28] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs \20120121.009\NAVENG.SYS [86136 2011-08-05] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs \20120121.009\NAVEX15.SYS [1576312 2011-08-05] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP .SYS [516216 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\0501000.01D\SRTSP X.SYS [50168 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\0501000.01D\SYMDS .SYS [340088 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0501000.01D\SYMEF A.SYS [744568 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-08-05] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [24112 2008-02-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\0501000.01D\Ironx 86.SYS [136312 2010-11-15] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\0501000.01D\SYMNE TS.SYS [299640 2011-07-08] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Kevin\AppData\Local\Temp\catchme.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-28 17:16 - 2013-12-28 17:16 - 00000000 ____D C:\Users\Kevin\Desktop\FRST-OlderVersion
2013-12-28 17:07 - 2013-12-28 17:07 - 00000556 _____ C:\Users\Kevin\Desktop\ESETScan 12.28.13.txt
2013-12-28 10:55 - 2013-12-28 10:55 - 02347384 _____ (ESET) C:\Users\Kevin\Desktop\esetsmartinstaller_enu (1).exe
2013-12-28 10:32 - 2013-12-28 10:41 - 00000000 ____D C:\AdwCleaner
2013-12-28 10:32 - 2013-12-28 10:32 - 01233962 _____ C:\Users\Kevin\Desktop\adwcleaner.exe
2013-12-28 10:00 - 2013-12-28 10:00 - 00024962 _____ C:\HijackPatrol.log
2013-12-28 09:48 - 2013-12-28 09:48 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-12-27 08:41 - 2013-12-27 08:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-27 08:26 - 2013-12-27 08:26 - 00018366 _____ C:\ComboFix.txt
2013-12-27 07:41 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-27 07:41 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-27 07:41 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-27 07:41 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-27 07:41 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-27 07:41 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-27 07:41 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-27 07:41 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-27 07:38 - 2013-12-27 07:38 - 00000000 ____D C:\Users\Kevin\Documents\ProcAlyzer Dumps
2013-12-27 07:34 - 2013-12-27 08:26 - 00000000 ____D C:\Qoobox
2013-12-27 07:34 - 2013-12-27 08:24 - 00000000 ____D C:\Windows\erdnt
2013-12-27 07:33 - 2013-12-27 07:32 - 05158590 ____R (Swearware) C:\Users\Kevin\Desktop\ComboFix.exe
2013-12-27 07:32 - 2013-12-27 07:32 - 05158590 _____ (Swearware) C:\Users\Kevin\Downloads\ComboFix.exe
2013-12-26 17:55 - 2013-12-26 17:55 - 00030748 _____ C:\Users\Kevin\Desktop\Addition.txt
2013-12-26 17:54 - 2013-12-28 17:17 - 00023442 _____ C:\Users\Kevin\Desktop\FRST.txt
2013-12-26 17:53 - 2013-12-28 17:16 - 01064037 _____ (Farbar) C:\Users\Kevin\Desktop\FRST.exe
2013-12-26 17:53 - 2013-12-28 17:16 - 00000000 ____D C:\FRST
2013-12-26 09:23 - 2013-12-26 09:23 - 01061649 _____ (Farbar) C:\Users\Kevin\Downloads\FRST (1).exe
2013-12-26 09:19 - 2013-12-26 09:19 - 01061649 _____ (Farbar) C:\Users\Kevin\Downloads\FRST.exe
2013-12-25 19:09 - 2013-12-25 19:10 - 00000000 ____D C:\ProgramData\Sophos
2013-12-25 19:05 - 2013-12-25 19:06 - 81188920 _____ (Sophos Limited) C:\Users\Kevin\Downloads\Sophos Virus Removal Tool(1).exe
2013-12-24 23:18 - 2013-12-27 08:40 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\QuickScan
2013-12-24 23:05 - 2013-12-27 08:31 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-24 23:05 - 2013-12-27 07:38 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-24 23:05 - 2013-12-24 23:05 - 00002123 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-24 23:05 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2013-12-24 22:56 - 2013-12-24 22:57 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Kevin\Downloads\spybot-2.2.exe
2013-12-24 16:54 - 2013-12-24 16:55 - 113416097 _____ C:\Users\Kevin\Desktop\Christmas Morning.zip
2013-12-24 16:54 - 2013-12-24 16:54 - 00000000 ____D C:\ProgramData\a0917284ad6b8d96
2013-12-17 11:49 - 2013-12-26 17:35 - 00000000 ____D C:\Users\Kevin\Desktop\Keebler
2013-12-12 16:50 - 2013-12-12 17:01 - 00000000 ____D C:\Users\Kevin\Desktop\QuickBooksAutoDataRecovery
2013-12-12 16:50 - 2013-12-12 16:50 - 00000000 ____D C:\Users\Kevin\Desktop\Restored_Neurocore, LLC_Files
2013-12-12 11:08 - 2013-12-26 17:36 - 00000000 ____D C:\Users\Kevin\Desktop\New folder

==================== One Month Modified Files and Folders =======

2013-12-28 17:18 - 2013-12-26 17:54 - 00023442 _____ C:\Users\Kevin\Desktop\FRST.txt
2013-12-28 17:16 - 2013-12-28 17:16 - 00000000 ____D C:\Users\Kevin\Desktop\FRST-OlderVersion
2013-12-28 17:16 - 2013-12-26 17:53 - 01064037 _____ (Farbar) C:\Users\Kevin\Desktop\FRST.exe
2013-12-28 17:16 - 2013-12-26 17:53 - 00000000 ____D C:\FRST
2013-12-28 17:16 - 2009-07-13 23:39 - 19466724 _____ C:\Windows\setupact.log
2013-12-28 17:07 - 2013-12-28 17:07 - 00000556 _____ C:\Users\Kevin\Desktop\ESETScan 12.28.13.txt
2013-12-28 17:02 - 2012-04-14 08:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-28 17:02 - 2011-09-04 08:37 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-28 17:02 - 2010-01-28 17:59 - 01653793 _____ C:\Windows\WindowsUpdate.log
2013-12-28 10:55 - 2013-12-28 10:55 - 02347384 _____ (ESET) C:\Users\Kevin\Desktop\esetsmartinstaller_enu (1).exe
2013-12-28 10:54 - 2010-01-28 17:24 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-28 10:54 - 2010-01-28 17:24 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-28 10:46 - 2013-07-31 20:54 - 00000000 ____D C:\Program Files\IDriveWindows
2013-12-28 10:46 - 2009-06-23 21:28 - 00000284 _____ C:\Users\Public\Documents\hpqp.ini
2013-12-28 10:45 - 2011-09-04 08:37 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-28 10:45 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-28 10:41 - 2013-12-28 10:32 - 00000000 ____D C:\AdwCleaner
2013-12-28 10:32 - 2013-12-28 10:32 - 01233962 _____ C:\Users\Kevin\Desktop\adwcleaner.exe
2013-12-28 10:10 - 2013-07-31 20:54 - 00000000 ____D C:\Users\Kevin\AppData\Local\IDrive
2013-12-28 10:00 - 2013-12-28 10:00 - 00024962 _____ C:\HijackPatrol.log
2013-12-28 09:48 - 2013-12-28 09:48 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-12-28 09:34 - 2011-07-17 08:54 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Spotify
2013-12-28 09:29 - 2011-07-17 08:54 - 00000000 ____D C:\Users\Kevin\AppData\Local\Spotify
2013-12-28 09:27 - 2012-05-06 19:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-28 09:27 - 2010-01-28 17:49 - 00341824 _____ C:\Windows\PFRO.log
2013-12-27 08:41 - 2013-12-27 08:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-27 08:40 - 2013-12-24 23:18 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\QuickScan
2013-12-27 08:31 - 2013-12-24 23:05 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-27 08:26 - 2013-12-27 08:26 - 00018366 _____ C:\ComboFix.txt
2013-12-27 08:26 - 2013-12-27 07:34 - 00000000 ____D C:\Qoobox
2013-12-27 08:26 - 2009-07-13 21:37 - 00000000 __RHD C:\Users\Default
2013-12-27 08:26 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-12-27 08:24 - 2013-12-27 07:34 - 00000000 ____D C:\Windows\erdnt
2013-12-27 08:23 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2013-12-27 07:50 - 2010-04-03 17:11 - 00000000 ____D C:\Users\Kevin\AppData\Local\CrashDumps
2013-12-27 07:38 - 2013-12-27 07:38 - 00000000 ____D C:\Users\Kevin\Documents\ProcAlyzer Dumps
2013-12-27 07:38 - 2013-12-24 23:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-27 07:32 - 2013-12-27 07:33 - 05158590 ____R (Swearware) C:\Users\Kevin\Desktop\ComboFix.exe
2013-12-27 07:32 - 2013-12-27 07:32 - 05158590 _____ (Swearware) C:\Users\Kevin\Downloads\ComboFix.exe
2013-12-26 17:55 - 2013-12-26 17:55 - 00030748 _____ C:\Users\Kevin\Desktop\Addition.txt
2013-12-26 17:51 - 2013-08-11 00:36 - 00000000 ____D C:\Users\Kevin\Desktop\Table
2013-12-26 17:49 - 2011-10-17 15:03 - 00000000 ____D C:\Users\Kevin\AppData\Local\Intuit
2013-12-26 17:36 - 2013-12-12 11:08 - 00000000 ____D C:\Users\Kevin\Desktop\New folder
2013-12-26 17:35 - 2013-12-17 11:49 - 00000000 ____D C:\Users\Kevin\Desktop\Keebler
2013-12-26 09:23 - 2013-12-26 09:23 - 01061649 _____ (Farbar) C:\Users\Kevin\Downloads\FRST (1).exe
2013-12-26 09:19 - 2013-12-26 09:19 - 01061649 _____ (Farbar) C:\Users\Kevin\Downloads\FRST.exe
2013-12-25 19:10 - 2013-12-25 19:09 - 00000000 ____D C:\ProgramData\Sophos
2013-12-25 19:06 - 2013-12-25 19:05 - 81188920 _____ (Sophos Limited) C:\Users\Kevin\Downloads\Sophos Virus Removal Tool(1).exe
2013-12-24 23:05 - 2013-12-24 23:05 - 00002123 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-24 22:57 - 2013-12-24 22:56 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Kevin\Downloads\spybot-2.2.exe
2013-12-24 22:43 - 2011-04-10 21:11 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-24 22:13 - 2011-10-25 09:37 - 00000000 ____D C:\Windows\Intuit
2013-12-24 22:09 - 2008-08-06 06:21 - 00000000 ____D C:\ProgramData\WildTangent
2013-12-24 17:03 - 2012-04-29 18:48 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-24 17:03 - 2012-04-29 18:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-24 16:55 - 2013-12-24 16:54 - 113416097 _____ C:\Users\Kevin\Desktop\Christmas Morning.zip
2013-12-24 16:54 - 2013-12-24 16:54 - 00000000 ____D C:\ProgramData\a0917284ad6b8d96
2013-12-18 23:02 - 2010-12-29 19:04 - 00000052 _____ C:\Windows\system32\DOErrors.log
2013-12-17 11:42 - 2010-01-28 18:11 - 00849456 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-14 12:06 - 2013-10-12 11:16 - 00000000 ____D C:\Users\Kevin\AppData\Local\Citrix
2013-12-12 17:01 - 2013-12-12 16:50 - 00000000 ____D C:\Users\Kevin\Desktop\QuickBooksAutoDataRecovery
2013-12-12 16:50 - 2013-12-12 16:50 - 00000000 ____D C:\Users\Kevin\Desktop\Restored_Neurocore, LLC_Files
2013-12-10 19:27 - 2012-04-14 08:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-10 19:27 - 2012-03-05 22:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-14 16:32

==================== End Of Log ============================
Reply With Quote
  #14  
Old December 28th, 2013, 11:59 PM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
Below are new copies of two FRST log files-
FRST.txt and Addition.txt
-computer seems to be running ok :-)
Deborah

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 28-12-2013 01
Ran by Kevin (administrator) on KEVIN-PC on 28-12-2013 17:44:33
Running from C:\Users\Kevin\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe
() C:\Program Files\IDriveWindows\idwservice_600.exe
() C:\Program Files\IDriveWindows\idwadminsrv.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
(Symantec Corporation) C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ccsvchst.exe
() C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(CyberLink Corp.) C:\Program Files\HP\QuickPlay\QPService.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Windows\System32\schtasks.exe
(Hewlett-Packard) C:\Program Files\HP\HP Software Update\hpwuschd2.exe
(Pervasive Software Inc.) C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe
(Intuit) C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
(Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\Update\realsched.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe
() C:\Windows\SMINST\BLService.exe
(Pro Softnet Corporation) C:\Program Files\IDriveWindows\idwbg_600.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
( ) C:\Program Files\IDriveWindows\idw_web.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Prosoftnet Corp) C:\Program Files\IDriveWindows\idrivetray.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Spotify Ltd) C:\Users\Kevin\AppData\Roaming\Spotify\Data\Spotif yWebHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Intuit Inc.) C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\Presen tationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1049896 2008-04-17] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [488752 2008-04-15] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [QPService] - C:\Program Files\HP\QuickPlay\QPService.exe [468264 2008-06-12] (CyberLink Corp.)
HKLM\...\Run: [UCam_Menu] - C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.ex e [222504 2007-12-24] (CyberLink Corp.)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Intuit SyncManager] - C:\Program Files\Common Files\Intuit\Sync\IntuitSyncManager.exe [2643320 2012-10-25] (Intuit Inc. All rights reserved.)
HKLM\...\Run: [HP Software Update] - C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208 2011-05-10] (Hewlett-Packard)
HKLM\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-02] (Research In Motion Limited)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [PeachtreePrefetcher.exe] - C:\Program Files\Sage\Peachtree\PeachtreePrefetcher.exe [30064 2012-10-23] (Sage Software, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [QuickTime Plugin Install] - C:\Program Files\QuickTime\Plugins\DeleteMe1.exe [86016 2012-11-18] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [926896 2012-09-23] (Adobe Systems Incorporated)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\Update\realsched.exe [295072 2013-01-12] (RealNetworks, Inc.)
HKLM\...\Run: [MaxMenuMgr] - C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe [197928 2009-12-18] (Seagate LLC)
HKLM\...\Run: [IDrive Background process] - C:\Program Files\IDriveWindows\idwbg_600.exe [43608 2013-07-23] (Pro Softnet Corporation)
HKLM\...\Run: [IDrive Tray] - C:\Program Files\IDriveWindows\idrivetray.exe [854104 2013-07-23] (Prosoftnet Corp)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2289664 2008-02-26] (Hewlett-Packard Company)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Kevin\AppData\Roaming\Spotify\Data\Spotif yWebHelper.exe [1168896 2013-12-08] (Spotify Ltd)
HKCU\...\Run: [Spotify] - C:\Users\Kevin\AppData\Roaming\Spotify\spotify.exe [5951488 2013-12-08] (Spotify Ltd)
HKCU\...\Run: [IDrive Background process] - C:\Program Files\IDriveWindows\idwbg_600.exe [43608 2013-07-23] (Pro Softnet Corporation)
HKCU\...\Run: [IDrive Tray] - C:\Program Files\IDriveWindows\idrivetray.exe [854104 2013-07-23] (Prosoftnet Corp)
HKCU\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe [455744 2013-12-10] (BillP Studios)
HKU\Default\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir...ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKLM - {266A3802-8562-4677-BE83-047E5A427D0F} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKLM - {B4A538D5-ED95-4D15-8766-D7AF38B16F34} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
SearchScopes: HKCU - DefaultScope {B4A538D5-ED95-4D15-8766-D7AF38B16F34} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
SearchScopes: HKCU - {266A3802-8562-4677-BE83-047E5A427D0F} URL = http://www.ask.com/web?q={searchTerms}&l=dis&o=uscql
SearchScopes: HKCU - {B4A538D5-ED95-4D15-8766-D7AF38B16F34} URL = http://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=hp-psnb
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO: Symantec NCO BHO - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
BHO: Symantec Intrusion Prevention - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\ips\ipsbho.dll (Symantec Corporation)
BHO: No Name - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
Toolbar: HKCU - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Security Suite\Engine\5.1.0.29\coieplg.dll (Symantec Corporation)
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: <Company name>)
Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files\Intuit\QuickBooks 2012\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Pro files\2ltagzw2.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_90 0_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlchromebrowserrecordex t.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.0 - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlpepperflashvideoshim. dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 - c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\npdlplugin.dll (RealDownloader)
FF Plugin: @rim.com/npappworld - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
FF Plugin: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Kevin\AppData\Local\Citrix\Plugins\104\np appdetector.dll (Citrix Online)
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\
FF Extension: Symantec Intrusion Prevention - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\IPSFFPlgn\
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3
FF Extension: No Name - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\coFFPlgn_2011_7_4_3
FF HKLM\...\Firefox\Extensions: [{34712C68-7391-4c47-94F3-8F88D49AD632}] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext\
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext\
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext
FF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Firefox\Ext

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR RestoreOnStartup: "hxxp://www.google.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\Peppe rFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoo gleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.d ll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll (RealPlayer)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll No File
CHR Plugin: (RIM Handheld Application Loader) - C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (BlackBerry AppWorld) - C:\Program Files\Research In Motion Limited\BlackBerry App World Browser Plugin\npappworld.dll ()
CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll No File
CHR Plugin: (RealNetworks(tm) RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlchromebrowserrecordex t.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks(tm) RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\MozillaPlugins\nprndlpepperflashvideoshim. dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_50 2_146.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10516.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: () - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpb ikblnp\1.4.6_0
CHR Extension: (YoutubeAdblocker) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\hoddonhaboomeaoifhlmejajef akhdeb\1.0
CHR Extension: (RealDownloader) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjb npdiji\1.3.0_0
CHR Extension: (Google Wallet) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccm gmieda\0.0.6.0_0
CHR Extension: (greatsaver) - C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpegmfjmfkmlbclffnfiagdfc eedafm\2.7
CHR HKLM\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\Browser Plugins\Chrome\Ext\realdownloader.crx

========================== Services (Whitelisted) =================

R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService .exe [189736 2009-12-18] (Seagate Technology LLC)
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [94208 2008-04-15] (Hewlett-Packard)
R2 IDriveService; C:\Program Files\IDriveWindows\idwservice_600.exe [182872 2013-07-23] ()
R2 IDWAdmin; C:\Program Files\IDriveWindows\idwadminsrv.exe [125528 2013-07-23] ()
R2 MotoHelper; C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe [226624 2011-01-27] ()
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
R2 N360; C:\Program Files\Norton Security Suite\Engine\5.1.0.29\diMaster.dll [262584 2011-03-31] (Symantec Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
S3 Peachtree SmartPosting 2011; C:\Program Files\Sage\Peachtree\SmartPostingService2011.exe [44400 2012-10-23] (Sage Software, Inc.)
R2 psqlWGE; C:\Program Files\Pervasive Software\PSQL\bin\w3dbsmgr.exe [435496 2009-08-13] (Pervasive Software Inc.)
R2 QBVSS; C:\Program Files\Common Files\Intuit\DataProtect\QBIDPService.exe [1248256 2011-08-19] (Intuit Inc.)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc. exe [38608 2012-11-29] ()
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2007-01-09] ()
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\ 20111223.001\BHDrvx86.sys [820344 2011-11-30] (Symantec Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [374392 2011-11-13] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106104 2011-11-13] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\2 0120120.002\IDSvix86.sys [368248 2011-08-17] (Symantec Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\mbamswissarmy.sys [40776 2013-12-28] (Malwarebytes Corporation)
S3 motandroidusb; C:\Windows\System32\Drivers\motoandroid.sys [25856 2009-07-10] (Motorola)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKslddc1db3f; c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D8EDC982-B1D7-446C-BDCA-A76375E9838D}\MpKslddc1db3f.sys [40392 2013-12-28] (Microsoft Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs \20120121.009\NAVENG.SYS [86136 2011-08-05] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs \20120121.009\NAVEX15.SYS [1576312 2011-08-05] (Symantec Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP .SYS [516216 2011-03-30] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360\0501000.01D\SRTSP X.SYS [50168 2011-03-30] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360\0501000.01D\SYMDS .SYS [340088 2011-01-27] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360\0501000.01D\SYMEF A.SYS [744568 2011-03-14] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-08-05] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [24112 2008-02-19] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360\0501000.01D\Ironx 86.SYS [136312 2010-11-15] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360\0501000.01D\SYMNE TS.SYS [299640 2011-07-08] (Symantec Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\Users\Kevin\AppData\Local\Temp\catchme.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athr.sys 614A60AEE03A6151FDCBAC295854A9CB
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\BASHDefs\ 20111223.001\BHDrvx86.sys E685BA3267C5A4EC4CE9E2B4A1481725
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\motfilt.sys 4813DF77EDE536A52E3737971F910BAA
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\System32\drivers\CHDRT32.sys DDA0CB141150FEF87419926790CD26C8
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4.sys B5E479EB83707DD698F66953E922042C
C:\Windows\System32\DRIVERS\Dot4Prt.sys CAEFD09B6A6249C53A67D55A9A9FCABF
C:\Windows\System32\DRIVERS\dot4usb.sys CF491FF38D62143203C065260567E2F7
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 75E8B69F28C813675B16DB357F20720F
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 720B18D76DE9E603B626DFCD6F1FCA7C
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 5AE3A887ECE5BBB72CFAB273C2FD1CFA
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HpqKbFiltr.sys 35956140E686D53BF676CF0C778880FC
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HSX_DPV.sys CC267848CB3508E72762BE65734E764D
C:\Windows\System32\DRIVERS\HSXHWAZL.sys A2882945CC4B6E3E4E9E825590438888
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\IPSDefs\2 0120120.002\IDSvix86.sys 9BC8840DE4140E8E2A6FC3192E054A8C
C:\Windows\System32\DRIVERS\igdkmd32.sys 8266AE06DF974E5BA047B3E9E9E70B3F
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\IntcHdmi.sys AB8B0206BCDFF0ED03CEC500FA03A32A
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys F286830298323272260332D6ABC905C1
C:\Windows\System32\Drivers\ksecpkg.sys D7C760D57B1656DD748B9E4AB6CB5A51
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbamswissarmy.sys 0DB7527DB188C7D967A37BB51BBF3963
C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\Drivers\motoandroid.sys 0A43169E115B5E9346A4BA1EFFCB04CB
C:\Windows\System32\DRIVERS\motccgp.sys 1088F75C09EBB0A8B0F13B886FD67C52
C:\Windows\System32\DRIVERS\motccgpfl.sys B812DA6605CAF02641312F1F65C75419
C:\Windows\System32\DRIVERS\motmodem.sys 8F408E9ED2FEB8A8B8837C380FAF7AD6
C:\Windows\System32\DRIVERS\motswch.sys FD8C2CEF7AD8B23C6714103D621FAC1F
C:\Windows\System32\DRIVERS\Motousbnet.sys DDC489D40B49F443787E7FFA75373522
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys E77DC03DD3C8E5A388BF9EED2A28F3D1
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{D8EDC982-B1D7-446C-BDCA-A76375E9838D}\MpKslddc1db3f.sys 06D4F934E09C359B0EFBFB3146F1D910
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs \20120121.009\NAVENG.SYS 862F55824AC81295837B0AB63F91071F
C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_5.0.0.125\Definitions\VirusDefs \20120121.009\NAVEX15.SYS 529D571B551CB9DA44237389B936F1AE
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 32FF06EC6D946EF791D98D6C838A3090
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RimUsb.sys 4F4A4C09CC5BE58A76CAC1C337E004E6
C:\Windows\System32\DRIVERS\RimSerial.sys 3A5633AD615E2B15291BD0B1B97CCD8A
C:\Windows\System32\Drivers\RootMdm.sys 564297827D213F52C7A3A2FF749568CA
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rtlh86.sys 125C504A34D0A2E152517E342E7E432C
C:\Windows\System32\drivers\RTSTOR.SYS B0538DEA03E088B80482CA939F4E8740
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\N360\0501000.01D\SRTSP .SYS ==> MD5 is legit
C:\Windows\system32\drivers\N360\0501000.01D\SRTSP X.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys EDB05BD63148796F23EA78506404A538
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\N360\0501000.01D\SYMDS .SYS ==> MD5 is legit
C:\Windows\System32\drivers\N360\0501000.01D\SYMEF A.SYS ==> MD5 is legit
C:\Windows\system32\Drivers\SYMEVENT.SYS ==> MD5 is legit
C:\Windows\System32\DRIVERS\SymIMv.sys 9BCBEF50804A8C25A16781CB53231BFA
C:\Windows\system32\drivers\N360\0501000.01D\Ironx 86.SYS ==> MD5 is legit
C:\Windows\System32\Drivers\N360\0501000.01D\SYMNE TS.SYS 2C688094650D23B62B0A809DECD0B12F
C:\Windows\System32\DRIVERS\SynTP.sys 00B19F27858F56181EDB58B71A7C67A0
C:\Windows\System32\drivers\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\DRIVERS\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 71D97F1A3CC47A56728F7A400A3F8295
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys C4FB8E7ADEA9B5CEEA885A1B504B7E40
C:\Windows\System32\DRIVERS\usbhub.sys 86AA95ACB611001E26CD2C0145F2225A
C:\Windows\system32\drivers\usbohci.sys DCDF9855145A14DFCA0AB32308871961
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 8E51D04175BAA14C4F79AA5F6D248770
C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
C:\Windows\system32\drivers\usb8023x.sys AF77716205C97E902E6C5B78DECE2CCA
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\System32\DRIVERS\vwifimp.sys A3F04CBEA6C2A10E6CB01F8B47611882
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HSX_CNXT.sys 0ACD399F5DB3DF1B58903CF4949AB5A8
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\DRIVERS\xaudio.sys DAB33CFA9DD24251AAA389FF36B64D4B

==================== NetSvcs (Whitelisted) ===================
Reply With Quote
  #15  
Old December 28th, 2013, 11:59 PM
Deborahh's Avatar
Deborahh Deborahh is offline
Member
 
Join Date: May 2012
O/S: Windows 7 32-bit
Location: USA
Posts: 62
FRST.txt cont'd.
==================== One Month Created Files and Folders ========

2013-12-28 17:16 - 2013-12-28 17:16 - 00000000 ____D C:\Users\Kevin\Desktop\FRST-OlderVersion
2013-12-28 17:07 - 2013-12-28 17:07 - 00000556 _____ C:\Users\Kevin\Desktop\ESETScan 12.28.13.txt
2013-12-28 10:55 - 2013-12-28 10:55 - 02347384 _____ (ESET) C:\Users\Kevin\Desktop\esetsmartinstaller_enu (1).exe
2013-12-28 10:32 - 2013-12-28 10:41 - 00000000 ____D C:\AdwCleaner
2013-12-28 10:32 - 2013-12-28 10:32 - 01233962 _____ C:\Users\Kevin\Desktop\adwcleaner.exe
2013-12-28 10:00 - 2013-12-28 10:00 - 00024962 _____ C:\HijackPatrol.log
2013-12-28 09:48 - 2013-12-28 09:48 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-12-27 08:41 - 2013-12-27 08:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-27 08:26 - 2013-12-27 08:26 - 00018366 _____ C:\ComboFix.txt
2013-12-27 07:41 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-27 07:41 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-27 07:41 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-27 07:41 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-27 07:41 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-27 07:41 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-27 07:41 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-27 07:41 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-27 07:38 - 2013-12-27 07:38 - 00000000 ____D C:\Users\Kevin\Documents\ProcAlyzer Dumps
2013-12-27 07:34 - 2013-12-27 08:26 - 00000000 ____D C:\Qoobox
2013-12-27 07:34 - 2013-12-27 08:24 - 00000000 ____D C:\Windows\erdnt
2013-12-27 07:33 - 2013-12-27 07:32 - 05158590 ____R (Swearware) C:\Users\Kevin\Desktop\ComboFix.exe
2013-12-27 07:32 - 2013-12-27 07:32 - 05158590 _____ (Swearware) C:\Users\Kevin\Downloads\ComboFix.exe
2013-12-26 17:55 - 2013-12-26 17:55 - 00030748 _____ C:\Users\Kevin\Desktop\Addition.txt
2013-12-26 17:54 - 2013-12-28 17:44 - 00041827 _____ C:\Users\Kevin\Desktop\FRST.txt
2013-12-26 17:53 - 2013-12-28 17:16 - 01064037 _____ (Farbar) C:\Users\Kevin\Desktop\FRST.exe
2013-12-26 17:53 - 2013-12-28 17:16 - 00000000 ____D C:\FRST
2013-12-26 09:23 - 2013-12-26 09:23 - 01061649 _____ (Farbar) C:\Users\Kevin\Downloads\FRST (1).exe
2013-12-26 09:19 - 2013-12-26 09:19 - 01061649 _____ (Farbar) C:\Users\Kevin\Downloads\FRST.exe
2013-12-25 19:09 - 2013-12-25 19:10 - 00000000 ____D C:\ProgramData\Sophos
2013-12-25 19:05 - 2013-12-25 19:06 - 81188920 _____ (Sophos Limited) C:\Users\Kevin\Downloads\Sophos Virus Removal Tool(1).exe
2013-12-24 23:18 - 2013-12-27 08:40 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\QuickScan
2013-12-24 23:05 - 2013-12-27 08:31 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-24 23:05 - 2013-12-27 07:38 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-24 23:05 - 2013-12-24 23:05 - 00002123 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-24 23:05 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2013-12-24 22:56 - 2013-12-24 22:57 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Kevin\Downloads\spybot-2.2.exe
2013-12-24 16:54 - 2013-12-24 16:55 - 113416097 _____ C:\Users\Kevin\Desktop\Christmas Morning.zip
2013-12-24 16:54 - 2013-12-24 16:54 - 00000000 ____D C:\ProgramData\a0917284ad6b8d96
2013-12-17 11:49 - 2013-12-26 17:35 - 00000000 ____D C:\Users\Kevin\Desktop\Keebler
2013-12-12 16:50 - 2013-12-12 17:01 - 00000000 ____D C:\Users\Kevin\Desktop\QuickBooksAutoDataRecovery
2013-12-12 16:50 - 2013-12-12 16:50 - 00000000 ____D C:\Users\Kevin\Desktop\Restored_Neurocore, LLC_Files
2013-12-12 11:08 - 2013-12-26 17:36 - 00000000 ____D C:\Users\Kevin\Desktop\New folder

==================== One Month Modified Files and Folders =======

2013-12-28 17:44 - 2013-12-26 17:54 - 00041827 _____ C:\Users\Kevin\Desktop\FRST.txt
2013-12-28 17:44 - 2009-07-13 23:39 - 19474818 _____ C:\Windows\setupact.log
2013-12-28 17:27 - 2012-04-14 08:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-28 17:21 - 2011-09-04 08:37 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-28 17:16 - 2013-12-28 17:16 - 00000000 ____D C:\Users\Kevin\Desktop\FRST-OlderVersion
2013-12-28 17:16 - 2013-12-26 17:53 - 01064037 _____ (Farbar) C:\Users\Kevin\Desktop\FRST.exe
2013-12-28 17:16 - 2013-12-26 17:53 - 00000000 ____D C:\FRST
2013-12-28 17:07 - 2013-12-28 17:07 - 00000556 _____ C:\Users\Kevin\Desktop\ESETScan 12.28.13.txt
2013-12-28 17:02 - 2010-01-28 17:59 - 01653793 _____ C:\Windows\WindowsUpdate.log
2013-12-28 10:55 - 2013-12-28 10:55 - 02347384 _____ (ESET) C:\Users\Kevin\Desktop\esetsmartinstaller_enu (1).exe
2013-12-28 10:54 - 2010-01-28 17:24 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-28 10:54 - 2010-01-28 17:24 - 00011104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-28 10:46 - 2013-07-31 20:54 - 00000000 ____D C:\Program Files\IDriveWindows
2013-12-28 10:46 - 2009-06-23 21:28 - 00000284 _____ C:\Users\Public\Documents\hpqp.ini
2013-12-28 10:45 - 2011-09-04 08:37 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-28 10:45 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-28 10:41 - 2013-12-28 10:32 - 00000000 ____D C:\AdwCleaner
2013-12-28 10:32 - 2013-12-28 10:32 - 01233962 _____ C:\Users\Kevin\Desktop\adwcleaner.exe
2013-12-28 10:10 - 2013-07-31 20:54 - 00000000 ____D C:\Users\Kevin\AppData\Local\IDrive
2013-12-28 10:00 - 2013-12-28 10:00 - 00024962 _____ C:\HijackPatrol.log
2013-12-28 09:48 - 2013-12-28 09:48 - 00040776 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamswissarmy.sys
2013-12-28 09:34 - 2011-07-17 08:54 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\Spotify
2013-12-28 09:29 - 2011-07-17 08:54 - 00000000 ____D C:\Users\Kevin\AppData\Local\Spotify
2013-12-28 09:27 - 2012-05-06 19:07 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-28 09:27 - 2010-01-28 17:49 - 00341824 _____ C:\Windows\PFRO.log
2013-12-27 08:41 - 2013-12-27 08:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-27 08:40 - 2013-12-24 23:18 - 00000000 ____D C:\Users\Kevin\AppData\Roaming\QuickScan
2013-12-27 08:31 - 2013-12-24 23:05 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-12-27 08:26 - 2013-12-27 08:26 - 00018366 _____ C:\ComboFix.txt
2013-12-27 08:26 - 2013-12-27 07:34 - 00000000 ____D C:\Qoobox
2013-12-27 08:26 - 2009-07-13 21:37 - 00000000 __RHD C:\Users\Default
2013-12-27 08:26 - 2009-07-13 21:37 - 00000000 ___RD C:\Users\Public
2013-12-27 08:24 - 2013-12-27 07:34 - 00000000 ____D C:\Windows\erdnt
2013-12-27 08:23 - 2009-07-13 21:04 - 00000215 _____ C:\Windows\system.ini
2013-12-27 07:50 - 2010-04-03 17:11 - 00000000 ____D C:\Users\Kevin\AppData\Local\CrashDumps
2013-12-27 07:38 - 2013-12-27 07:38 - 00000000 ____D C:\Users\Kevin\Documents\ProcAlyzer Dumps
2013-12-27 07:38 - 2013-12-24 23:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-27 07:32 - 2013-12-27 07:33 - 05158590 ____R (Swearware) C:\Users\Kevin\Desktop\ComboFix.exe
2013-12-27 07:32 - 2013-12-27 07:32 - 05158590 _____ (Swearware) C:\Users\Kevin\Downloads\ComboFix.exe
2013-12-26 17:55 - 2013-12-26 17:55 - 00030748 _____ C:\Users\Kevin\Desktop\Addition.txt
2013-12-26 17:51 - 2013-08-11 00:36 - 00000000 ____D C:\Users\Kevin\Desktop\Table
2013-12-26 17:49 - 2011-10-17 15:03 - 00000000 ____D C:\Users\Kevin\AppData\Local\Intuit
2013-12-26 17:36 - 2013-12-12 11:08 - 00000000 ____D C:\Users\Kevin\Desktop\New folder
2013-12-26 17:35 - 2013-12-17 11:49 - 00000000 ____D C:\Users\Kevin\Desktop\Keebler
2013-12-26 09:23 - 2013-12-26 09:23 - 01061649 _____ (Farbar) C:\Users\Kevin\Downloads\FRST (1).exe
2013-12-26 09:19 - 2013-12-26 09:19 - 01061649 _____ (Farbar) C:\Users\Kevin\Downloads\FRST.exe
2013-12-25 19:10 - 2013-12-25 19:09 - 00000000 ____D C:\ProgramData\Sophos
2013-12-25 19:06 - 2013-12-25 19:05 - 81188920 _____ (Sophos Limited) C:\Users\Kevin\Downloads\Sophos Virus Removal Tool(1).exe
2013-12-24 23:05 - 2013-12-24 23:05 - 00002123 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2013-12-24 22:57 - 2013-12-24 22:56 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Kevin\Downloads\spybot-2.2.exe
2013-12-24 22:43 - 2011-04-10 21:11 - 00000000 ____D C:\ProgramData\InstallMate
2013-12-24 22:13 - 2011-10-25 09:37 - 00000000 ____D C:\Windows\Intuit
2013-12-24 22:09 - 2008-08-06 06:21 - 00000000 ____D C:\ProgramData\WildTangent
2013-12-24 17:03 - 2012-04-29 18:48 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-24 17:03 - 2012-04-29 18:47 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-24 16:55 - 2013-12-24 16:54 - 113416097 _____ C:\Users\Kevin\Desktop\Christmas Morning.zip
2013-12-24 16:54 - 2013-12-24 16:54 - 00000000 ____D C:\ProgramData\a0917284ad6b8d96
2013-12-18 23:02 - 2010-12-29 19:04 - 00000052 _____ C:\Windows\system32\DOErrors.log
2013-12-17 11:42 - 2010-01-28 18:11 - 00849456 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-14 12:06 - 2013-10-12 11:16 - 00000000 ____D C:\Users\Kevin\AppData\Local\Citrix
2013-12-12 17:01 - 2013-12-12 16:50 - 00000000 ____D C:\Users\Kevin\Desktop\QuickBooksAutoDataRecovery
2013-12-12 16:50 - 2013-12-12 16:50 - 00000000 ____D C:\Users\Kevin\Desktop\Restored_Neurocore, LLC_Files
2013-12-10 19:27 - 2012-04-14 08:03 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-12-10 19:27 - 2012-03-05 22:03 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Kevin\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {current}
resumeobject {f0dae6fd-d611-11dc-9a85-0016d3016530}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {572bcd55-ffa7-11d9-aae2-0007e994107d}
device ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
path \windows\system32\boot\winload.exe
description HP Recovery Manager
osdevice ramdisk=[D:]\sources\boot.wim,{ramdiskoptions}
systemroot \windows
nx OptIn
detecthal Yes
winpe Yes

Windows Boot Loader
-------------------
identifier {af7c6c0e-0c61-11df-884d-001f16496176}
device ramdisk=[C:]\Recovery\af7c6c0e-0c61-11df-884d-001f16496176\Winre.wim,{af7c6c0f-0c61-11df-884d-001f16496176}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\af7c6c0e-0c61-11df-884d-001f16496176\Winre.wim,{af7c6c0f-0c61-11df-884d-001f16496176}
systemroot \windows
nx OptIn
winpe Yes

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {af7c6c0e-0c61-11df-884d-001f16496176}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {f0dae6fd-d611-11dc-9a85-0016d3016530}
nx OptIn

Resume from Hibernate
---------------------
identifier {f0dae6fd-d611-11dc-9a85-0016d3016530}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Setup Ramdisk Options
---------------------
identifier {ramdiskoptions}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \boot\boot.sdi

Device options
--------------
identifier {af7c6c0f-0c61-11df-884d-001f16496176}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\af7c6c0e-0c61-11df-884d-001f16496176\boot.sdi



LastRegBack: 2013-12-14 16:32

==================== End Of Log ============================
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump




All times are GMT +1. The time now is 02:59 PM.