Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Slow, always running load (fan?) acts infected [Closed]

Started by ricksue , May 26 2013 10:20 AM

  • This topic is locked This topic is locked

#1
ricksue
Posted 26 May 2013 - 10:20 AM

ricksue

    New Member

  • Member
  • Pip
  • 4 posts
Hi I believe my computer is infected. It runs very slow. Yesterday I couldn't connect to the internet. Today I did an F8 to repair and that seemed to work. The computer has had issues on and off for some time. I am pretty computer illiterate.

If you wouldn't mind just taking a look and seeing if we can get this thing to run consistant and more efficiient, I would greatly appreaicate it.


okay, the OTL stops responding and it appears animalware service executable has stopped it (just looking at the windows task manager).
  • 0

Advertisements

#2
Dakeyras
Posted 27 May 2013 - 02:01 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi and welcome to Geeks to Go. :)

What exact Operating System is in use with your machine and is it either the 32 bit or 64 Bit version ? Please answer my query when ready and we will then go from there, thank you.
  • 0

#3
ricksue
Posted 27 May 2013 - 04:59 PM

ricksue

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
32 bit

Memory RAM 2.00 GB
Windows edition: Windows Vista Home Premium
  • 0

#4
Dakeyras
Posted 28 May 2013 - 02:44 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi. :)

32 bit

Memory RAM 2.00 GB
Windows edition: Windows Vista Home Premium

Thank you for the clarification, lets proceed as follows shall we...

Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Download/run Rkill:

Please download Rkill from one of the following links and save to your Desktop(If one fails to run/work, delete it and download/try another):

One, Two,Three, Four or Five

Note: If your security software warns about Rkill, please ignore and allow the download to continue.

  • Double-click on Rkill and follow the prompts.
  • A command window will open then disappear upon completion, this is normal.
  • Post the log created, found on the desktop rkill.txt. in your next reply.
Scan with Farbar Recovery Scan Tool:

Please download and save the Farbar Recovery Scan Tool 32-Bit to to your Desktop.

  • Right-click on FRST.exe and select Run as Administrator to start FRST.
  • Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
  • Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
  • At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
  • There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.
Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered?
  • Rkill Log.
  • Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#5
ricksue
Posted 30 May 2013 - 06:03 PM

ricksue

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
The computer is still running like poo. When I turned it on it was questionable if it would run, I did a F8 and memory diagnosis to get it going. Then I tried to manually see if there were any updates for windows and it like ... said is was checking but was just sitting there.

Thank you Dakeyras!

Rkill.txt-Notepad

Rkill 2.5.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 05/30/2013 06:44:47 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\System32\WLTRYSVC.EXE (PID: 1676) [WD-HEUR]
* C:\Windows\System32\bcmwltry.exe (PID: 1708) [WD-HEUR]
* C:\Windows\System32\WLTRAY.EXE (PID: 3832) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* SMTMP folder detected. Please see this link for more information: http://www.bleepingc...opic405109.html


Then, I Don't know if it was supposed to have two notepads but this note came up as well (after the above)

Rkill.txt-Notepad

Rkill 2.5.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 05/30/2013 06:44:47 PM in x86 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\Windows\System32\WLTRYSVC.EXE (PID: 1676) [WD-HEUR]
* C:\Windows\System32\bcmwltry.exe (PID: 1708) [WD-HEUR]
* C:\Windows\System32\WLTRAY.EXE (PID: 3832) [WD-HEUR]

3 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* SMTMP folder detected. Please see this link for more information: http://www.bleepingc...opic405109.html

* Reparse Point/Junctions Found (Most likely legitimate)!

* C:\Windows\System32\config\systemprofile\AppData\Local\Application Data => C:\Windows\system32\config\systemprofile\AppData\Local [Dir]
* C:\Windows\System32\config\systemprofile\AppData\Local\History => C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History [Dir]
* C:\Windows\System32\config\systemprofile\AppData\Local\Temporary Internet Files => C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files [Dir]
* C:\Windows\System32\config\systemprofile\Application Data => C:\Windows\system32\config\systemprofile\AppData\Roaming [Dir]
* C:\Windows\System32\config\systemprofile\Cookies => C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies [Dir]
* C:\Windows\System32\config\systemprofile\Local Settings => C:\Windows\system32\config\systemprofile\AppData\Local [Dir]

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost
::1 localhost

Program finished at: 05/30/2013 06:51:29 PM
Execution time: 0 hours(s), 6 minute(s), and 41 seconds(s)


________________________________________________________________________________________________________________________-

FRST.txt-Notepad

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 30-05-2013
Ran by Owner (administrator) on 30-05-2013 18:49:00
Running from C:\Users\Owner\Desktop
Windows Vista ™ Home Premium Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Windows\system32\aestsrv.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
(IDT, Inc.) C:\Windows\system32\STacSV.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\system32\iashost.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Creative Technology Ltd.) C:\Windows\OEM02Mon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(IDT, Inc.) C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\HpqSRmon.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
() C:\Program Files\Shutterfly\Studio\Bin\SFlyStudio.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apntex.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\HidFind.exe
(OrdinarySoft) C:\Program Files\Vista Start Menu\VistaStartMenu.exe
(Google Inc.) C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Express Tray\ExpressTray.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_7_700_202.exe
(Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe [167936 2008-05-04] (Alps Electric Co., Ltd.)
HKLM\...\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe [36864 2008-03-04] (Creative Technology Ltd.)
HKLM\...\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [174872 2007-03-21] (Intel Corporation)
HKLM\...\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe [3444736 2008-05-19] (Dell Inc.)
HKLM\...\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe [405504 2007-11-12] (IDT, Inc.)
HKLM\...\Run: [hpqSRMon] C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [150016 2008-08-20] (Hewlett-Packard)
HKLM\...\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [947152 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2013-05-01] (Apple Inc.)
HKCU\...\Run: [ShutterflyStudio] C:\Program Files\Shutterfly\Studio\BIN\SFlyStudio.exe /trayonly [2500096 2008-05-06] ()
HKCU\...\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe [125952 2008-01-20] (Microsoft Corporation)
HKCU\...\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2752416 2011-05-24] (OrdinarySoft)
HKCU\...\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-10-13] (Google Inc.)
HKCU\...\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)
HKCU\...\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-20] (Microsoft Corporation)
MountPoints2: {462e3e3c-7d75-11dd-8675-806e6f6e6963} - E:\SETUP.EXE
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\MRI_DISABLED ()
BootExecute: autocheck autochk * C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/?fr=fp-yie9
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...=us&ibd=2080908
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=2080908
BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: No Name - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - No File
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
BHO: No Name - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - No File
BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: No Name - {E4E6BF2A-1667-11DF-A01F-1F9655D89593} - No File
BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU -No Name - {A057A204-BACC-4D26-8398-26FADCF27386} - No File
Toolbar: HKCU -Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
PDF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
PDF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [19968] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7723x2tt.default
FF SearchEngine: Google
FF Homepage: www.google.com
FF Keyword.URL: chrome://browser-region/locale/region.properties
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/MycameraPlugin - C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin: @ei.CouponAlert_2p.com/Plugin - C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
FF Plugin: @GamingWonderland.com/Plugin - C:\Program Files\GamingWonderland\bar\1.bin\NPgtStub.dll No File
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: ShopAtHome.com Toolbar - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7723x2tt.default\Extensions\[email protected]
FF Extension: No Name - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7723x2tt.default\Extensions\trash
FF Extension: Garmin Communicator - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7723x2tt.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7723x2tt.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: HP Detect - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7723x2tt.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}
FF Extension: Flash and Video Download - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\7723x2tt.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}

Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java™ Platform SE 6 U27) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Users\Owner\AppData\Roaming\Mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
CHR Plugin: (McAfee SiteAdvisor) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.40.135.1_0\McChPlg.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (Coupon Alert Installer Plugin Stub) - C:\Program Files\CouponAlert_2pEI\Installr\1.bin\NP2pEISB.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (My Web Search Plugin Stub) - C:\Program Files\MyWebSearch\bar\2.bin\NPMyWebS.dll No File
CHR Plugin: (Verizon Servicepoint) - C:\Program Files\Verizon\VSP\nprpspa.dll No File
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (Skype Click to Call) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0

========================== Services (Whitelisted) =================

S4 AntiSpywareService; C:\Program Files\comcasttb\ComcastSpywareScan\ComcastAntiSpyService.exe [616408 2009-06-17] ()
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
S4 ITMRTSVC; C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe [283912 2007-09-26] (CA, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [20456 2013-01-27] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295232 2013-01-27] (Microsoft Corporation)
S4 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
S2 wltrysvc; C:\Windows\System32\bcmwltry.exe [2506752 2008-05-19] (Dell Inc.)
S4 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 -ad [x]
S3 msiserver; %systemroot%\system32\msiexec /V [x]

==================== Drivers (Whitelisted) ====================

R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [195296 2013-01-20] (Microsoft Corporation)
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 silabenm; C:\Windows\System32\DRIVERS\silabenm.sys [47176 2011-10-14] (Silicon Laboratories)
S3 silabser; C:\Windows\System32\DRIVERS\silabser.sys [61312 2011-10-14] (Silicon Laboratories)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [81168 2012-10-03] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [205072 2012-10-03] (Trend Micro Inc.)
S3 tmeevw; C:\Windows\System32\DRIVERS\tmeevw.sys [55056 2012-10-03] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [68368 2012-10-03] (Trend Micro Inc.)
S3 tmnciesc; C:\Windows\System32\DRIVERS\tmnciesc.sys [171280 2012-10-03] (Trend Micro Inc.)
R1 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [92432 2012-10-03] (Trend Micro Inc.)
S3 BCM42RLY; system32\drivers\BCM42RLY.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\acpi.sys 82B296AE1892FE3DBEE00C9CF92F8AC7
C:\Windows\system32\drivers\adp94xx.sys 04F0FCAC69C7C71A3AC4EB97FAFC8303
C:\Windows\system32\drivers\adpahci.sys 60505E0041F7751BDBB80F88BF45C2CE
C:\Windows\system32\drivers\adpu160m.sys 8A42779B02AEC986EAB64ECFC98F8BD7
C:\Windows\system32\drivers\adpu320.sys 241C9E37F8CE45EF51C3DE27515CA4E5
C:\Windows\system32\drivers\afd.sys 3911B972B55FEA0478476B2E777B29FA
C:\Windows\system32\drivers\agp440.sys 13F9E33747E6B41A3FF305C37DB0D360
C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys 9EAEF5FC9B8E351AFA7E78A6FAE91F91
C:\Windows\system32\drivers\amdagp.sys C47344BC706E5F0B9DCE369516661578
C:\Windows\system32\drivers\amdide.sys 9B78A39A4C173FDBC1321E0DD659B34C
C:\Windows\system32\drivers\amdk7.sys 18F29B49AD23ECEE3D2A826C725C8D48
C:\Windows\system32\drivers\amdk8.sys 93AE7F7DD54AB986A6F1A1B37BE7442D
C:\Windows\System32\DRIVERS\Apfiltr.sys A80230BD04F0B8BF05185B369BB1CBB8
C:\Windows\system32\drivers\arc.sys 5D2888182FB46632511ACEE92FDAD522
C:\Windows\system32\drivers\arcsas.sys 5E2A321BD7C8B3624E41FDEC3E244945
C:\Windows\System32\DRIVERS\asyncmac.sys 53B202ABEE6455406254444303E87BE1
C:\Windows\System32\drivers\atapi.sys 1F05B78AB91C9075565A9D8A4B880BC4
C:\Windows\System32\DRIVERS\bcmwl6.sys CDF7F28FFD693B1B4137845DD1EF1CCC
C:\Windows\System32\Drivers\Beep.sys 67E506B75BD5326A3EC7B70BD014DFB6
C:\Windows\system32\drivers\blbdrive.sys D4DF28447741FD3D953526E33A617397
C:\Windows\System32\DRIVERS\bowser.sys 35F376253F687BDE63976CCB3F2108CA
C:\Windows\system32\drivers\brfiltlo.sys ==> MD5 is legit
C:\Windows\system32\drivers\brfiltup.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserid.sys ==> MD5 is legit
C:\Windows\system32\drivers\brserwdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbmdm.sys ==> MD5 is legit
C:\Windows\system32\drivers\brusbser.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys 7ADD03E75BEB9E6DD102C3081D29840A
C:\Windows\System32\DRIVERS\cdrom.sys 6B4BFFB9BECD728097024276430DB314
C:\Windows\system32\drivers\circlass.sys E5D4133F37219DBCFE102BC61072589D
C:\Windows\System32\CLFS.sys D7659D3B5B92C31E84E53C1431F35132
C:\Windows\System32\DRIVERS\CmBatt.sys 99AFC3795B58CC478FBBBCDC658FCB56
C:\Windows\system32\drivers\cmdide.sys 0CA25E686A4928484E9FDABD168AB629
C:\Windows\System32\DRIVERS\compbatt.sys 6AFEF0B60FA25DE07C0968983EE4F60A
C:\Windows\System32\drivers\crcdisk.sys 741E9DFF4F42D2D8477D0FC1DC0DF871
C:\Windows\system32\drivers\crusoe.sys 1F07BECDCA750766A96CDA811BA86410
C:\Windows\System32\Drivers\dfsc.sys 622C41A07CA7E6DD91770F50D532CB6C
C:\Windows\System32\drivers\disk.sys 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\DRIVERS\Dot4.sys 4F59C172C094E1A1D46463A8DC061CBD
C:\Windows\System32\DRIVERS\Dot4Prt.sys 80BF3BA09F6F2523C8F6B7CC6DBF7BD5
C:\Windows\System32\DRIVERS\dot4usb.sys C55004CA6B419B6695970DFE849B122F
C:\Windows\System32\drivers\drmkaud.sys 97FEF831AB90BEE128C9AF390E243F80
C:\Windows\System32\drivers\dxgkrnl.sys 5DE0FAEC9E5D1AAE74F8568897891A01
C:\Windows\System32\DRIVERS\e1e6032.sys 908ED85B7806E8AF3AF5E9B74F7809D4
C:\Windows\System32\DRIVERS\E1G60I32.sys 5425F74AC0C1DBD96A1E04F17D63F94C
C:\Windows\System32\drivers\ecache.sys 7F64EA048DCFAC7ACF8B4D7B4E6FE371
C:\Windows\system32\drivers\elxstor.sys 23B62471681A124889978F6295B3F4C6
C:\Windows\system32\drivers\errdev.sys 3DB974F3935483555D7148663F726C61
C:\Windows\System32\Drivers\exfat.sys 22B408651F9123527BCEE54B4F6C5CAE
C:\Windows\System32\Drivers\fastfat.sys 1E9B9A70D332103C52995E957DC09EF8
C:\Windows\System32\DRIVERS\fdc.sys AFE1E8B9782A0DD7FB46BBD88E43F89A
C:\Windows\System32\drivers\fileinfo.sys A8C0139A884861E3AAE9CFE73B208A9F
C:\Windows\System32\drivers\filetrace.sys 0AE429A696AECBC5970E3CF2C62635AE
C:\Windows\System32\DRIVERS\flpydisk.sys 85B7CF99D532820495D68D747FDA9EBD
C:\Windows\System32\drivers\fltmgr.sys 01334F9EA68E6877C4EF05D3EA8ABB05
C:\Windows\System32\Drivers\Fs_Rec.sys B972A66758577E0BFD1DE0F91AAA27B5
C:\Windows\system32\drivers\gagp30kx.sys 34582A6E6573D54A07ECE5FE24A126B5
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 185ADA973B5020655CEE342059A86CBB
C:\Windows\System32\DRIVERS\HDAudBus.sys 062452B7FFD68C8C042A6261FE8DFF4A
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys CCA4B519B17E23A00B826C55716809CC
C:\Windows\system32\drivers\hpcisss.sys 16EE7B23A009E00D835CDB79574A91A6
C:\Windows\System32\DRIVERS\HSX_DPV.sys 99F85640054BA65190B860D878A7C9AE
C:\Windows\System32\DRIVERS\HSXHWAZL.sys CFBC2B81972E298F0E19EE68FA9E73DA
C:\Windows\System32\drivers\HTTP.sys F870AA3E254628EBEAFE754108D664DE
C:\Windows\system32\drivers\i2omp.sys C6B032D69650985468160FC9937CF5B4
C:\Windows\System32\DRIVERS\i8042prt.sys 22D56C8184586B7A1F6FA60BE5F5A2BD
C:\Windows\System32\drivers\iastor.sys 997E8F5939F2D12CD9F2E6B395724C16
C:\Windows\system32\drivers\iastorv.sys 54155EA1B0DF185878E0FC9EC3AC3A14
C:\Windows\System32\DRIVERS\igdkmd32.sys C134E69CE901422D1F2D7EA8D69098FE
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\IntcHdmi.sys 98D303CCB3415E9202E82043B37D66DC
C:\Windows\System32\DRIVERS\intelide.sys 83AA759F3189E6370C30DE5DC5590718
C:\Windows\System32\DRIVERS\intelppm.sys 224191001E78C89DFA78924C3EA595FF
C:\Windows\System32\DRIVERS\ipfltdrv.sys 62C265C38769B864CB25B4BCF62DF6C3
C:\Windows\system32\drivers\ipmidrv.sys B25AAF203552B7B3491139D582B39AD1
C:\Windows\System32\DRIVERS\ipnat.sys 8793643A67B42CEC66490B2A0CF92D68
C:\Windows\System32\drivers\irenum.sys 109C0DFB82C3632FBD11949B73AEEAC9
C:\Windows\system32\drivers\isapnp.sys 6C70698A3E5C4376C6AB5C7C17FB0614
C:\Windows\System32\DRIVERS\msiscsi.sys 232FA340531D940AAC623B121A595034
C:\Windows\system32\drivers\iteatapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\iteraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys 37605E0A8CF00CBBA538E753E4344C6E
C:\Windows\System32\DRIVERS\kbdhid.sys 18247836959BA67E3511B62846B9C2E0
C:\Windows\System32\Drivers\ksecdd.sys 4A1445EFA932A3BAF5BDB02D7131EE20
C:\Windows\System32\DRIVERS\lltdio.sys D1C5883087A0C3F1344D9D55A44901F6
C:\Windows\system32\drivers\lsi_fc.sys C7E15E82879BF3235B559563D4185365
C:\Windows\system32\drivers\lsi_sas.sys EE01EBAE8C9BF0FA072E0FF68718920A
C:\Windows\system32\drivers\lsi_scsi.sys 912A04696E9CA30146A62AFA1463DD5C
C:\Windows\system32\drivers\luafv.sys 8F5C7426567798E62A3B3614965D62CC
C:\Windows\System32\DRIVERS\mdmxsdk.sys 0CEA2D0D3FA284B85ED5B68365114F76
C:\Windows\system32\drivers\megasas.sys 0001CE609D66632FA17B84705F658879
C:\Windows\system32\drivers\megasr.sys C252F32CD9A49DBFC25ECF26EBD51A99
C:\Windows\System32\drivers\modem.sys E13B5EA0F51BA5B1512EC671393D09BA
C:\Windows\System32\DRIVERS\monitor.sys 0A9BB33B56E294F686ABB7C1E4E2D8A8
C:\Windows\System32\DRIVERS\mouclass.sys 5BF6A1326A335C5298477754A506D263
C:\Windows\System32\DRIVERS\mouhid.sys 93B8D4869E12CFBE663915502900876F
C:\Windows\System32\drivers\mountmgr.sys BDAFC88AA6B92F7842416EA6A48E1600
C:\Windows\System32\DRIVERS\MpFilter.sys CF105EE42E3F71E648CEBB3F666E1CF0
C:\Windows\system32\drivers\mpio.sys 511D011289755DD9F9A7579FB0B064E6
C:\Windows\System32\drivers\mpsdrv.sys 22241FEBA9B2DEFA669C8CB0A8DD7D2E
C:\Windows\system32\drivers\mraid35x.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 82CEA0395524AACFEB58BA1448E8325C
C:\Windows\System32\DRIVERS\mrxsmb.sys 1E94971C4B446AB2290DEB71D01CF0C2
C:\Windows\System32\DRIVERS\mrxsmb10.sys 4FCCB34D793B116423209C0F8B7A3B03
C:\Windows\System32\DRIVERS\mrxsmb20.sys C3CB1B40AD4A0124D617A1199B0B9D7C
C:\Windows\system32\drivers\msahci.sys F70590424EEFBF5C27A40C67AFDB8383
C:\Windows\system32\drivers\msdsm.sys 4468B0F385A86ECDDAF8D3CA662EC0E7
C:\Windows\System32\Drivers\Msfs.sys A9927F4A46B816C92F461ACB90CF8515
C:\Windows\System32\drivers\msisadrv.sys 0F400E306F385C56317357D6DEA56F62
C:\Windows\System32\drivers\MSKSSRV.sys D8C63D34D9C9E56C059E24EC7185CC07
C:\Windows\System32\drivers\MSPCLOCK.sys 1D373C90D62DDB641D50E55B9E78D65E
C:\Windows\System32\drivers\MSPQM.sys B572DA05BF4E098D4BBA3A4734FB505B
C:\Windows\System32\Drivers\MsRPC.sys B49456D70555DE905C311BCDA6EC6ADB
C:\Windows\System32\DRIVERS\mssmbios.sys E384487CB84BE41D09711C30CA79646C
C:\Windows\System32\drivers\MSTEE.sys 7199C1EEC1E4993CAF96B8C0A26BD58A
C:\Windows\System32\Drivers\mup.sys 6A57B5733D4CB702C8EA4542E836B96C
C:\Windows\System32\DRIVERS\nwifi.sys 85C44FDFF9CF7E72A40DCB7EC06A4416
C:\Windows\System32\drivers\ndis.sys 1357274D1883F68300AEADD15D7BBB42
C:\Windows\System32\DRIVERS\ndistapi.sys 0E186E90404980569FB449BA7519AE61
C:\Windows\System32\DRIVERS\ndisuio.sys D6973AA34C4D5D76C0430B181C3CD389
C:\Windows\System32\DRIVERS\ndiswan.sys 818F648618AE34F729FDB47EC68345C3
C:\Windows\System32\Drivers\NDProxy.sys 71DAB552B41936358F3B541AE5997FB3
C:\Windows\System32\DRIVERS\netbios.sys BCD093A5A6777CF626434568DC7DBA78
C:\Windows\System32\DRIVERS\netbt.sys ECD64230A59CBD93C85F1CD1CAB9F3F6
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 832E098BCA8235436FE2D8AE50AC3718
C:\Windows\System32\Drivers\Npfs.sys D36F239D7CCE1931598E8FB90A0DBC26
C:\Windows\System32\drivers\nsiproxy.sys 609773E344A97410CE4EBF74A8914FCF
C:\Windows\System32\Drivers\Ntfs.sys 2C1121F2B87E9A6B12485DF53CD848C7
C:\Windows\system32\drivers\ntrigdigi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NuidFltr.sys CF7E041663119E09D2E118521ADA9300
C:\Windows\System32\Drivers\Null.sys C5DBBCDA07D780BDA9B685DF333BB41E
C:\Windows\system32\drivers\nvraid.sys 2EDF9E7751554B42CBB60116DE727101
C:\Windows\system32\drivers\nvstor.sys ABED0C09758D1D97DB0042DBB2688177
C:\Windows\system32\drivers\nv_agp.sys 18BBDF913916B71BD54575BDB6EEAC0B
C:\Windows\System32\DRIVERS\OEM02Dev.sys 19CAC780B858822055F46C58A111723C
C:\Windows\System32\DRIVERS\OEM02Vfx.sys 86326062A90494BDD79CE383511D7D69
C:\Windows\System32\DRIVERS\ohci1394.sys 6F310E890D46E246E0E261A63D9B36B4
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys B9C2B89F08670E159F7181891E449CD9
C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys 941DC1D19E7E8620F40BBC206981EFDB
C:\Windows\System32\drivers\pciide.sys 1636D43F10416AEB483BC6001097B26C
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ECFFFAEC0C1ECD8DBC77F39070EA1DB1
C:\Windows\system32\drivers\processr.sys 2027293619DD0F047C584CF2E7DF4FFD
C:\Windows\System32\DRIVERS\pacer.sys 99514FAA8DF93D34B5589187DB3AA0BA
C:\Windows\System32\Drivers\PxHelp20.sys 03E0FE281823BA64B3782F5B38950E73
C:\Windows\system32\drivers\ql2300.sys 0A6DB55AFB7820C99AA1F3A1D270F4F6
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys 9F5E0E1926014D17486901C88ECA2DB7
C:\Windows\System32\DRIVERS\atikmdag.sys E642B131FB74CAF4BB8A014F31113142
C:\Windows\System32\DRIVERS\rasacd.sys 147D7F9C556D259924351FEB0DE606C3
C:\Windows\System32\DRIVERS\rasl2tp.sys A214ADBAF4CB47DD2728859EF31F26B0
C:\Windows\System32\DRIVERS\raspppoe.sys 509A98DD18AF4375E1FC40BC175F1DEF
C:\Windows\System32\DRIVERS\rassstp.sys 2005F4A1E05FA09389AC85840F0A9E4D
C:\Windows\System32\DRIVERS\rdbss.sys B14C9D5B9ADD2F84F70570BBBFAA7935
C:\Windows\System32\DRIVERS\RDPCDD.sys 89E59BE9A564262A3FB6C4F4F1CD9899
C:\Windows\system32\drivers\rdpdr.sys FBC0BACD9C3D7F6956853F64A66E252D
C:\Windows\System32\drivers\rdpencdd.sys 9D91FE5286F748862ECFFA05F8A0710C
C:\Windows\System32\Drivers\RDPWD.sys C127EBD5AFAB31524662C48DFCEB773A
C:\Windows\System32\DRIVERS\rimmptsk.sys 355AAC141B214BEF1DBC1483AFD9BD50
C:\Windows\System32\DRIVERS\rimsptsk.sys A4216C71DD4F60B26418CCFD99CD0815
C:\Windows\System32\DRIVERS\rixdptsk.sys D231B577024AA324AF13A42F3A807D10
C:\Windows\System32\DRIVERS\rspndr.sys 9C508F4074A39E8B4B31D27198146FAD
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\sdbus.sys 8F36B54688C31EED4580129040C6A3D3
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys 8AF3D28A879BF75DB53A0EE7A4289624
C:\Windows\system32\drivers\sffdisk.sys 3EFA810BDCA87F6ECC24F9832243FE86
C:\Windows\system32\drivers\sffp_mmc.sys E95D451F7EA3E583AEC75F3B3EE42DC5
C:\Windows\system32\drivers\sffp_sd.sys 3D0EA348784B7AC9EA9BD9F317980979
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\silabenm.sys 3EAD8E1668CE42A0AFE41D56E7157BCF
C:\Windows\System32\DRIVERS\silabser.sys B77C60B4A7848057BDCD0AA07299E8F3
C:\Windows\system32\drivers\sisagp.sys 1D76624A09A054F682D746B924E2DBC3
C:\Windows\system32\drivers\sisraid2.sys 43CB7AA756C7DB280D01DA9B676CFDE2
C:\Windows\system32\drivers\sisraid4.sys A99C6C8B0BAA970D8AA59DDC50B57F94
C:\Windows\System32\DRIVERS\smb.sys 7B75299A4D201D6A6533603D6914AB04
C:\Windows\System32\Drivers\spldr.sys 7AEBDEEF071FE28B0EEF2CDD69102BFF
C:\Windows\System32\DRIVERS\srv.sys 41987F9FC0E61ADF54F581E15029AD91
C:\Windows\System32\DRIVERS\srv2.sys FF33AFF99564B1AA534F58868CBE41EF
C:\Windows\System32\DRIVERS\srvnet.sys 7605C0E1D01A08F3ECD743F38B834A44
C:\Windows\System32\DRIVERS\ssmirrdr.sys F843301BDADB2728822C83413EF5F132
C:\Windows\System32\drivers\stwrt.sys 6A2A5E809C2C0178326D92B19EE4AAD3
C:\Windows\System32\DRIVERS\serscan.sys EF70B3D22B4BFFDA6EA851ECB063EFAA
C:\Windows\System32\DRIVERS\swenum.sys 7BA58ECF0C0A9A69D44B3DCA62BECF56
C:\Windows\system32\drivers\symc8xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_hi.sys ==> MD5 is legit
C:\Windows\system32\drivers\sym_u3.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 3535CD93F944C00F098E73E12EE7FEB6
C:\Windows\System32\DRIVERS\tcpip.sys 3535CD93F944C00F098E73E12EE7FEB6
C:\Windows\System32\drivers\tcpipreg.sys CD21572F83F7EC6E2C20C465967BEDD9
C:\Windows\System32\drivers\tdpipe.sys 5DCF5E267BE67A1AE926F2DF77FBCC56
C:\Windows\System32\drivers\tdtcp.sys 389C63E32B3CEFED425B61ED92D3F021
C:\Windows\System32\DRIVERS\tdx.sys 76B06EB8A01FC8624D699E7045303E54
C:\Windows\System32\DRIVERS\termdd.sys 3CAD38910468EAB9A6479E2F01DB43C7
C:\Windows\System32\DRIVERS\tmactmon.sys E8E528896FF2595CFADA88749CD72EF8
C:\Windows\System32\DRIVERS\tmcomm.sys 1837512D4AAB862BD297A2EF035FBA14
C:\Windows\System32\DRIVERS\tmeevw.sys F49CA5C26378F4D5603F2A2FC86E09A1
C:\Windows\System32\DRIVERS\tmevtmgr.sys DBAC510D1C7CC66B7A78EB2264F3072E
C:\Windows\System32\DRIVERS\tmnciesc.sys 2E078184034A179C47787F87F238D5BA
C:\Windows\System32\DRIVERS\tmtdi.sys A6E20B094A8D3E3F46D10BBE7E1EBB82
C:\Windows\System32\DRIVERS\tssecsrv.sys DCF0F056A2E4F52287264F5AB29CF206
C:\Windows\System32\DRIVERS\tunmp.sys CAECC0120AC49E3D2F758B9169872D38
C:\Windows\System32\DRIVERS\tunnel.sys 300DB877AC094FEAB0BE7688C3454A9C
C:\Windows\system32\drivers\uagp35.sys 7D33C4DB2CE363C8518D2DFCF533941F
C:\Windows\System32\DRIVERS\udfs.sys D9728AF68C4C7693CB100B8441CBDEC6
C:\Windows\system32\drivers\uliagpkx.sys B0ACFDC9E4AF279E9116C03E014B2B27
C:\Windows\system32\drivers\uliahci.sys 9224BB254F591DE4CA8D572A5F0D635C
C:\Windows\system32\drivers\ulsata.sys ==> MD5 is legit
C:\Windows\system32\drivers\ulsata2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys 32CFF9F809AE9AED85464492BF3E32D2
C:\Windows\System32\Drivers\usbaapl.sys 83CAFCB53201BBAC04D822F32438E244
C:\Windows\System32\DRIVERS\usbccgp.sys CAF811AE4C147FFCD5B51750C7F09142
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys 79E96C23A97CE7B8F14D310DA2DB0C9B
C:\Windows\System32\DRIVERS\usbhub.sys 4673BBCB006AF60E7ABDDBE7A130BA42
C:\Windows\system32\drivers\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys E75C4B5269091D15A2E7DC0B6D35F2F5
C:\Windows\System32\DRIVERS\usbscan.sys A508C9BD8724980512136B039BBA65E9
C:\Windows\System32\DRIVERS\USBSTOR.SYS BE3DA31C191BC222D9AD503C5224F2AD
C:\Windows\System32\DRIVERS\usbuhci.sys 814D653EFC4D48BE3B04A307ECEFF56F
C:\Windows\System32\DRIVERS\vgapnp.sys 87B06E1F30B749A114F74622D013F8D4
C:\Windows\System32\drivers\vga.sys 2E93AC0A1D8C79D019DB6C51F036636C
C:\Windows\system32\drivers\viaagp.sys 5D7159DEF58A800D5781BA3A879627BC
C:\Windows\system32\drivers\viac7.sys C4F3A691B5BAD343E6249BD8C2D45DEE
C:\Windows\system32\drivers\viaide.sys AADF5587A4063F52C2C3FED7887426FC
C:\Windows\System32\drivers\volmgr.sys 69503668AC66C77C6CD7AF86FBDF8C43
C:\Windows\System32\drivers\volmgrx.sys 23E41B834759917BFD6B9A0D625D0C28
C:\Windows\System32\drivers\volsnap.sys 786DB5771F05EF300390399F626BF30A
C:\Windows\system32\drivers\vsmraid.sys 587253E09325E6BF226B299774B728A9
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\System32\DRIVERS\wanarp.sys 55201897378CCA7AF8B5EFD874374A26
C:\Windows\system32\drivers\wd.sys 78FE9542363F297B18C027B2D7E7C07F
C:\Windows\System32\drivers\Wdf01000.sys A840213F1ACDCC175B4D1D5AAEAC0D7A
C:\Windows\System32\DRIVERS\HSX_CNXT.sys 72CC6A8CA7891031D6380DB5025C773C
C:\Windows\System32\DRIVERS\wmiacpi.sys 2E7255D172DF0B8283CDFB7B433B864E
C:\Windows\System32\DRIVERS\wpdusb.sys DE9D36F91A4DF3D911626643DEBF11EA
C:\Windows\system32\drivers\ws2ifsl.sys E3A3CB253C0EC2494D4A61F5E43A389C
C:\Windows\System32\DRIVERS\WSDPrint.sys 4422AC5ED8D4C2F0DB63E71D4C069DD7
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\DRIVERS\xaudio.sys DAB33CFA9DD24251AAA389FF36B64D4B
C:\Windows\System32\DRIVERS\yk60x86.sys 04E268ADFC81964C49DC0C082D520F7E

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-05-30 18:48 - 2013-05-30 18:48 - 00000000 ____D C:\FRST
2013-05-30 18:46 - 2013-05-30 18:46 - 01355557 ____A (Farbar) C:\Users\Owner\Desktop\FRST.exe
2013-05-30 18:44 - 2013-05-30 18:44 - 01797248 ____A (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe
2013-05-30 18:44 - 2013-05-30 18:44 - 00002020 ____A C:\Users\Owner\Desktop\Rkill.txt
2013-05-29 08:19 - 2013-05-29 08:19 - 00203320 ____A C:\Users\Owner\Desktop\FlvMPlayer.exe
2013-05-27 16:14 - 2013-05-27 16:14 - 00001688 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-27 16:13 - 2013-05-27 16:14 - 00000000 ____D C:\Program Files\QuickTime
2013-05-26 12:00 - 2013-05-26 12:00 - 00774592 ____A C:\Users\Owner\Desktop\ZipOpenerSetup.exe
2013-05-26 11:29 - 2013-05-26 11:32 - 00016727 ____A C:\AdwCleaner[S1].txt
2013-05-26 11:29 - 2013-05-26 11:29 - 00632031 ____A C:\Users\Owner\Desktop\adwcleaner.exe
2013-05-24 09:25 - 2013-05-25 08:45 - 00000000 ____D C:\Program Files\Mozilla Firefox(4)
2013-05-22 17:48 - 2013-05-22 17:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{3F37E01C-A84C-4FDF-AC91-695E8D172DDE}
2013-05-20 17:30 - 2013-05-20 17:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{1E9A243C-15DB-44C6-807F-EF975D51C5F6}
2013-05-20 16:54 - 2013-05-20 16:54 - 00001626 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-20 16:53 - 2013-05-20 16:54 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-20 16:53 - 2013-05-20 16:53 - 00000000 ____D C:\Program Files\iPod
2013-05-15 16:41 - 2013-05-26 11:05 - 00602112 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2013-05-15 14:47 - 2013-05-05 14:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-15 14:47 - 2013-05-05 14:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-15 14:38 - 2013-04-04 17:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-05-15 14:38 - 2013-04-04 17:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-05-15 14:38 - 2013-04-04 17:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-05-15 14:38 - 2013-04-04 17:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-05-15 14:38 - 2013-04-04 17:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-05-15 14:38 - 2013-04-04 17:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2013-05-15 14:38 - 2013-04-04 16:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-05-15 14:38 - 2013-04-04 16:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-05-15 14:38 - 2013-04-04 16:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-05-15 14:38 - 2013-04-04 16:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-05-15 14:38 - 2013-04-04 16:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-05-15 14:38 - 2013-04-04 16:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-05-15 14:38 - 2013-04-04 16:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-05-15 14:38 - 2013-04-04 16:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-05-15 07:57 - 2013-04-15 09:20 - 00638328 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-05-15 07:57 - 2013-04-13 05:56 - 00037376 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
2013-05-15 07:57 - 2013-04-08 20:36 - 02049024 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-05-08 15:22 - 2013-05-08 15:22 - 21036128 ____A (Mozilla) C:\Users\Owner\Documents\Firefox Setup 20.0.1.exe
2013-05-01 03:59 - 2013-05-01 03:59 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2013-05-01 03:59 - 2013-05-01 03:59 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts

==================== One Month Modified Files and Folders ========

2013-05-30 18:48 - 2013-05-30 18:48 - 00000000 ____D C:\FRST
2013-05-30 18:46 - 2013-05-30 18:46 - 01355557 ____A (Farbar) C:\Users\Owner\Desktop\FRST.exe
2013-05-30 18:44 - 2013-05-30 18:44 - 01797248 ____A (Bleeping Computer, LLC) C:\Users\Owner\Desktop\rkill.exe
2013-05-30 18:44 - 2013-05-30 18:44 - 00002020 ____A C:\Users\Owner\Desktop\Rkill.txt
2013-05-30 18:41 - 2011-07-12 20:57 - 00000880 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-05-30 18:40 - 2006-11-02 05:33 - 00798142 ____A C:\Windows\System32\PerfStringBackup.INI
2013-05-30 18:28 - 2012-11-28 15:05 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-30 18:23 - 2008-09-08 02:14 - 01327281 ____A C:\Windows\WindowsUpdate.log
2013-05-30 18:20 - 2006-11-02 08:01 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-05-30 18:20 - 2006-11-02 07:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-05-30 18:20 - 2006-11-02 07:47 - 00003616 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-05-30 10:12 - 2006-11-02 08:01 - 00032624 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2013-05-30 10:06 - 2011-07-12 20:57 - 00000884 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-05-29 08:19 - 2013-05-29 08:19 - 00203320 ____A C:\Users\Owner\Desktop\FlvMPlayer.exe
2013-05-27 16:14 - 2013-05-27 16:14 - 00001688 ____A C:\Users\Public\Desktop\QuickTime Player.lnk
2013-05-27 16:14 - 2013-05-27 16:13 - 00000000 ____D C:\Program Files\QuickTime
2013-05-27 07:45 - 2012-04-27 16:29 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-05-26 20:30 - 2013-04-12 07:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-05-26 13:43 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\System32\spool
2013-05-26 13:43 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\System32\Msdtc
2013-05-26 13:43 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\registration
2013-05-26 13:43 - 2006-11-02 05:22 - 50069504 ____A C:\Windows\System32\config\software_previous
2013-05-26 13:43 - 2006-11-02 05:22 - 18350080 ____A C:\Windows\System32\config\system_previous
2013-05-26 13:39 - 2006-11-02 05:22 - 41943040 ____A C:\Windows\System32\config\components_previous
2013-05-26 13:39 - 2006-11-02 05:22 - 00262144 ____A C:\Windows\System32\config\security_previous
2013-05-26 13:39 - 2006-11-02 05:22 - 00262144 ____A C:\Windows\System32\config\sam_previous
2013-05-26 12:22 - 2008-01-20 21:47 - 00323798 ____A C:\Windows\PFRO.log
2013-05-26 12:00 - 2013-05-26 12:00 - 00774592 ____A C:\Users\Owner\Desktop\ZipOpenerSetup.exe
2013-05-26 11:38 - 2011-06-18 08:19 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-05-26 11:32 - 2013-05-26 11:29 - 00016727 ____A C:\AdwCleaner[S1].txt
2013-05-26 11:29 - 2013-05-26 11:29 - 00632031 ____A C:\Users\Owner\Desktop\adwcleaner.exe
2013-05-26 11:05 - 2013-05-15 16:41 - 00602112 ____A (OldTimer Tools) C:\Users\Owner\Desktop\OTL.exe
2013-05-26 10:53 - 2008-09-08 07:35 - 00000000 ___HD C:\ProgramData\Adobe
2013-05-26 10:52 - 2008-10-11 15:19 - 00000000 ___HD C:\users\Owner
2013-05-26 09:11 - 2006-11-02 05:22 - 00262144 ____A C:\Windows\System32\config\default_previous
2013-05-26 09:10 - 2009-02-08 16:01 - 00000000 ___HD C:\Users\Owner\Documents\Letters
2013-05-25 08:45 - 2013-05-24 09:25 - 00000000 ____D C:\Program Files\Mozilla Firefox(4)
2013-05-22 17:48 - 2013-05-22 17:48 - 00000000 ____D C:\Users\Owner\AppData\Local\{3F37E01C-A84C-4FDF-AC91-695E8D172DDE}
2013-05-21 10:52 - 2011-01-11 11:39 - 00032768 ___AH C:\Users\Owner\Documents\BOOKS.xls
2013-05-20 17:30 - 2013-05-20 17:30 - 00000000 ____D C:\Users\Owner\AppData\Local\{1E9A243C-15DB-44C6-807F-EF975D51C5F6}
2013-05-20 17:28 - 2013-04-20 15:58 - 00000000 ____D C:\Users\Owner\AppData\Roaming\CANON INC
2013-05-20 16:54 - 2013-05-20 16:54 - 00001626 ____A C:\Users\Public\Desktop\iTunes.lnk
2013-05-20 16:54 - 2013-05-20 16:53 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-05-20 16:54 - 2012-01-23 16:47 - 00000000 ____D C:\Program Files\iTunes
2013-05-20 16:53 - 2013-05-20 16:53 - 00000000 ____D C:\Program Files\iPod
2013-05-20 16:53 - 2009-03-27 14:46 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-05-15 16:35 - 2010-12-13 16:38 - 00000000 ____D C:\Windows\Minidump
2013-05-15 15:09 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-05-15 14:54 - 2006-11-02 07:47 - 00309344 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-15 14:40 - 2006-11-02 05:24 - 72607752 ____A (Microsoft Corporation) C:\Windows\System32\mrt.exe
2013-05-15 09:28 - 2012-11-28 15:05 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-05-15 09:28 - 2012-11-28 15:05 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-05-08 17:45 - 2011-08-22 15:41 - 00000808 ____A C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-05-08 17:44 - 2011-07-02 19:37 - 00000000 ____D C:\Users\Owner\Documents\andrea
2013-05-08 17:27 - 2006-11-02 07:37 - 00000000 ____D C:\Windows\twain_32
2013-05-08 15:22 - 2013-05-08 15:22 - 21036128 ____A (Mozilla) C:\Users\Owner\Documents\Firefox Setup 20.0.1.exe
2013-05-05 14:25 - 2013-05-15 14:47 - 12324864 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-05-05 14:12 - 2013-05-15 14:47 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-05-02 10:28 - 2009-11-06 16:53 - 00238872 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-05-01 05:26 - 2006-11-02 06:18 - 00000000 ____D C:\Windows\System32\LogFiles
2013-05-01 03:59 - 2013-05-01 03:59 - 00094208 ____A (Apple Inc.) C:\Windows\System32\QuickTimeVR.qtx
2013-05-01 03:59 - 2013-05-01 03:59 - 00069632 ____A (Apple Inc.) C:\Windows\System32\QuickTime.qts

Other Malware:
===========
C:\Users\Owner\EmailNotifierSetup.exe
C:\Users\Owner\GarminMapUpdater.exe
C:\Users\Owner\GarminMapUpdater_v3.1.20.exe
C:\Users\Owner\GoToAssistDownloadHelper.exe
C:\Users\Owner\install_flashplayer11x32_mssa_aih.exe
C:\Users\Owner\install_flash_player_10_plugin.exe
C:\Users\Owner\jre-7u9-windows-i586.exe
C:\Users\Owner\MicrosoftFixit.maintenance.FISC.134269895869503701.1.2.Run.exe
C:\Users\Owner\MicrosoftFixit.Power.FISC.108268518887205878.1.1.Run.exe
C:\Users\Owner\MicrosoftFixit.ProgramInstallUninstall.FISC.134269895869503701.1.3.Run.exe
C:\Users\Owner\MicrosoftFixit.WindowsFirewall.FISC.108268518887205878.1.5.Run.exe
C:\Users\Owner\MicrosoftFixit.WinFileFolder.FISC.108268518887205878.1.3.Run.exe
C:\Users\Owner\MicrosoftFixit.WinSecurity.FISC.108268518887205878.1.4.Run.exe
C:\Users\Owner\MicrosoftFixit.WinUSB.FISC.108268518887205878.1.6.Run.exe
C:\Users\Owner\SkypeSetup.exe
C:\Users\Owner\UCP110Setup.exe
C:\Users\Owner\Watch_Firmware_Update_Utility_v1.0_PR2_Setup__SIGNED_.exe
C:\ProgramData\ntuser.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


Last Boot: 2013-05-30 18:35

==================== End Of Log ============================





Addition.txt-Notepad

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 30-05-2013
Ran by Owner at 2013-05-30 18:50:34 Run:
Running from C:\Users\Owner\Desktop
Boot Mode: Normal
==========================================================


==================== Installed Programs =======================

32 Bit HP CIO Components Installer (Version: 3.1.1)
Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 11 ActiveX (Version: 11.7.700.202)
Adobe Flash Player 11 Plugin (Version: 11.7.700.202)
Adobe Reader X (10.1.7) (Version: 10.1.7)
Advanced Video FX Engine
Apple Application Support (Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (Version: 2.1.3.127)
Bing Bar (Version: 7.0.609.0)
Bonjour (Version: 3.0.0.10)
Browser Address Error Redirector (Version: 1.00.0000)
BufferChm (Version: 120.0.194.000)
C4580 (Version: 120.0.209.000)
C4580_Help (Version: 110.0.218.000)
CA Pest Patrol Realtime Protection (Version: 001.001.0034)
Canon PowerShot SX260 HS and SX240 HS Camera User Guide (Version: 1.0.0.9)
Canon Utilities CameraWindow DC 8 (Version: 8.7.0.11)
Canon Utilities ImageBrowser EX (Version: 1.2.1.13)
Canon Utilities PhotoStitch (Version: 3.1.23.47)
Cards_Calendar_OrderGift_DoMorePlugout (Version: 2.03.0000)
Cisco EAP-FAST Module (Version: 2.0.26)
Cisco LEAP Module (Version: 1.0.11)
Cisco PEAP Module (Version: 1.0.12)
Comcast Desktop Software (v1.2.1) (Version: 24)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
Conexant HDA D330 MDC V.92 Modem (Version: 7.74.00)
Copy (Version: 120.0.194.000)
D3DX10 (Version: 15.4.2368.0902)
Dell Touchpad (Version: 7.1.103.4)
Dell Webcam Center
Dell Webcam Manager
Dell Wireless WLAN Card (Version: 4.170.25.12)
Destination Component (Version: 110.0.0.0)
DeviceDiscovery (Version: 120.0.194.000)
DeviceManagementQFolder (Version: 1.00.0000)
Digital Line Detect (Version: 1.21)
DocProc (Version: 11.0.0.0)
DocProcQFolder (Version: 1.00.0000)
EDocs
Elevated Installer (Version: 2.1.13)
eSupportQFolder (Version: 1.00.0000)
Garmin Express (Version: 2.1.13)
Garmin Express Tray (Version: 2.1.13)
Garmin Update Service (Version: 2.1.13)
Glary Utilities 2.51.0.1666 (Version: 2.51.0.1666)
Google Chrome (Version: 27.0.1453.94)
Google Drive (Version: 1.8.4357.4863)
Google Drive (Version: 1.9.4536.8202)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.4.3607.2246)
Google Update Helper (Version: 1.3.21.145)
GPBaseService (Version: 110.0.180.000)
GPBaseService2 (Version: 130.0.371.000)
HP Imaging Device Functions 12.0 (Version: 12.0)
HP Photosmart C4500 All-In-One Driver Software12.0 Rel .4 (Version: 12.0)
HP Photosmart Essential 3.5 (Version: 3.5)
HP Smart Web Printing 4.60 (Version: 4.60)
HP Solution Center 13.0 (Version: 13.0)
HP Update (Version: 5.002.005.003)
HPPhotoGadget (Version: 120.0.150.000)
HPPhotoSmartDiscLabelContent1 (Version: 2.04.0000)
HPPhotosmartEssential (Version: 2.04.0000)
HPPhotoSmartPhotobookWebPack1 (Version: 2.03.0000)
HPProductAssistant (Version: 130.0.371.000)
iCloud (Version: 2.1.2.8)
Intel® Matrix Storage Manager
Itibiti RTC (Version: 0.0.1)
iTunes (Version: 11.0.3.42)
Java 7 Update 9 (Version: 7.0.90)
Java™ 6 Update 5 (Version: 1.6.0.50)
Laptop Integrated Webcam Driver (1.04.01.1011)
Live! Cam Avatar Creator (Version: 4.6.0817.1)
Live! Cam Avatar v1.0 (Version: 1.0)
Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000)
MediaDirect (Version: 3.5)
MediaFACE II
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Default Manager (Version: 2.1.54.0)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office XP Media Content (Version: 10.0.2619.0)
Microsoft Office XP Standard for Students and Teachers (Version: 10.0.6626.0)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft UI Engine (Version: 4.0.0318.1)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Modem Diagnostic Tool (Version: 1.0.24.0)
Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)
Mozilla Maintenance Service (Version: 21.0)
MSVCRT (Version: 15.4.2862.0708)
MSVCSetup (Version: 1.00.0000)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
NetWaiting (Version: 2.5.53)
Network (Version: 120.0.194.000)
OCR Software by I.R.I.S. 11.0 (Version: 11.0)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Online Vault
OutlookAddinSetup (Version: 1.0.0)
PanoStandAlone (Version: 110.0.180.000)
PS_AIO_04_C4580_ProductContext (Version: 110.0.218.000)
PS_AIO_04_C4580_Software (Version: 110.0.218.000)
PS_AIO_04_C4580_Software_Min (Version: 120.0.209.000)
PSSWCORE (Version: 2.03.0000)
QuickSet (Version: 8.2.20)
QuickTime (Version: 7.74.80.86)
Roxio Creator Audio (Version: 3.7.0)
Roxio Creator Copy (Version: 3.7.0)
Roxio Creator Data (Version: 3.7.0)
Roxio Creator DE (Version: 10.1)
Roxio Creator DE (Version: 3.7.0)
Roxio Creator Tools (Version: 3.7.0)
Roxio Express Labeler 3 (Version: 3.2.1)
Roxio Update Manager (Version: 6.0.0)
Safari (Version: 5.34.57.2)
Scan (Version: 12.0.0.0)
Segoe UI (Version: 15.4.2271.0615)
Shutterfly Express Uploader (Version: 1.1.1)
Shutterfly Express Uploader (Version: 1.1.1.0)
Shutterfly Studio (Version: .1)
Skype Click to Call (Version: 6.3.11079)
Skype™ 5.10 (Version: 5.10.116)
SmartWebPrinting (Version: 140.0.186.000)
SolutionCenter (Version: 130.0.373.000)
Status (Version: 120.0.194.000)
Toolbox (Version: 120.0.194.000)
TrayApp (Version: 120.0.194.000)
Trend Micro Titanium (Version: 5.00)
Trend Micro Titanium Internet Security 2012 (Version: 5.2)
UnloadSupport (Version: 11.0.0)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
VideoToolkit01 (Version: 110.0.171.000)
Vista Start Menu 3.88 (Version: 3.88)
VoiceOver Kit (Version: 1.42.128.0)
WebReg (Version: 120.0.194.000)
Windows Live Communications Platform (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3502.0922)
Windows Live Essentials (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (Version: 15.4.3502.0922)
Windows Live Movie Maker (Version: 15.4.3502.0922)
Windows Live Photo Common (Version: 15.4.3502.0922)
Windows Live Photo Gallery (Version: 15.4.3502.0922)
Windows Live PIMT Platform (Version: 15.4.3508.1109)
Windows Live SOXE (Version: 15.4.3502.0922)
Windows Live SOXE Definitions (Version: 15.4.3502.0922)
Windows Live UX Platform (Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109)

==================== Restore Points =========================

15-05-2013 19:38:05 Windows Update
15-05-2013 20:34:56 Windows Backup
16-05-2013 12:41:45 Scheduled Checkpoint
16-05-2013 21:11:51 Windows Backup
16-05-2013 21:50:29 Windows Backup
16-05-2013 21:55:35 Windows Backup
16-05-2013 21:59:46 Windows Backup
16-05-2013 22:03:51 Windows Backup
18-05-2013 14:50:18 Scheduled Checkpoint
19-05-2013 08:04:12 Windows Update
19-05-2013 22:48:49 Scheduled Checkpoint
20-05-2013 11:53:31 Windows Backup
21-05-2013 13:37:42 Scheduled Checkpoint
22-05-2013 12:07:10 Scheduled Checkpoint
22-05-2013 19:26:33 Windows Update
23-05-2013 18:08:08 Scheduled Checkpoint
24-05-2013 13:42:20 Scheduled Checkpoint
26-05-2013 15:59:22 Windows Update
27-05-2013 12:55:42 Windows Backup
28-05-2013 17:50:45 Scheduled Checkpoint
29-05-2013 12:54:35 Scheduled Checkpoint
30-05-2013 13:17:08 Windows Update

==================== Hosts content: ==========================

::1 localhost

127.0.0.1 localhost


==================== Faulty Device Manager Devices =============

Name: Photosmart C4500 series
Description: Photosmart C4500 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Officejet J6400 series
Description: Officejet J6400 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2013 06:20:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 06:08:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 05:40:32 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 10:12:20 AM) (Source: EventSystem) (User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/30/2013 10:06:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4780479

Error: (05/30/2013 10:06:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4780479

Error: (05/30/2013 10:06:30 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2013 08:46:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2949

Error: (05/30/2013 08:46:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2949

Error: (05/30/2013 08:46:52 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (05/30/2013 06:44:50 PM) (Source: Service Control Manager) (User: )
Description: Dell Wireless WLAN Tray Service1

Error: (05/30/2013 06:41:42 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (05/30/2013 06:41:42 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (05/30/2013 06:41:32 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (05/30/2013 06:41:32 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (05/30/2013 06:22:05 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (05/30/2013 06:22:05 PM) (Source: Service Control Manager) (User: )
Description: BCM42RLY%%2

Error: (05/30/2013 06:20:18 PM) (Source: Service Control Manager) (User: )
Description: Net.Msmq Listener Adaptermsmq

Error: (05/30/2013 06:20:18 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (05/30/2013 06:20:10 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 6:16:00 PM on 5/30/2013 was unexpected.


Microsoft Office Sessions:
=========================
Error: (05/30/2013 06:20:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 06:08:27 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 05:40:32 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (05/30/2013 10:12:20 AM) (Source: EventSystem)(User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (05/30/2013 10:06:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4780479

Error: (05/30/2013 10:06:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4780479

Error: (05/30/2013 10:06:30 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (05/30/2013 08:46:52 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2949

Error: (05/30/2013 08:46:52 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2949

Error: (05/30/2013 08:46:52 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second


CodeIntegrity Errors:
===================================
Date: 2013-05-30 18:49:57.559
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-30 18:49:57.290
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-30 18:49:57.006
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-30 18:49:56.750
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-30 18:49:48.115
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-30 18:49:47.857
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-30 18:49:47.589
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-30 18:49:47.318
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\NisDrvWFP.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-27 17:52:12.759
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.

Date: 2013-05-27 17:52:12.512
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\tmevtmgr.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 72%
Total physical RAM: 2037.31 MB
Available physical RAM: 566.53 MB
Total Pagefile: 4315.89 MB
Available Pagefile: 2648.05 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.51 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:220.58 GB) (Free:136.59 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:0.01 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 00000080)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Not Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Active) - (Size=221 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=OF Extended)

==================== End Of Log ============================
  • 0

#6
Dakeyras
Posted 31 May 2013 - 07:32 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

The computer is still running like poo. When I turned it on it was questionable if it would run, I did a F8 and memory diagnosis to get it going. Then I tried to manually see if there were any updates for windows and it like ... said is was checking but was just sitting there.

Acknowledged and please if able refrain from making any further changes to your machine if possible as this will actually hinder myself being able to assist you fully. Any problems encountered just inform myself etc.

Apart from malware there is a good reason overall performance is not so good which we will address shortly(below).

Then, I Don't know if it was supposed to have two notepads but this note came up as well (after the above)

Not a problem.

Scan with Unhide:

Please download Unhide to the desktop.

  • Right-click on unhide.exe and select Run as Administrator to launch the application.
  • Once it has finsihed processing, there will be a log on your desktop named unhide.txt
  • Please post the contents oif this in your next reply.
Multiple Anti-Virus Advice:

At present you have Microsoft Security Essentials and Trend Micro Titanium and Trend Micro Titanium Internet Security 2012 installed. So you will need to decide which you wish to keep and uninstall the other etc via Programs and Features in the Control Panel.

Any problems uninstalling any of the above merely let myself know.

Next:

Let myself know when completed the above. Post the requested Unhide log and we will then go from there, thank you.
  • 0

#7
ricksue
Posted 01 June 2013 - 02:06 PM

ricksue

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Decided to use Microsoft Security Essentials

removed trend(s)

Unhide by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Unhide.exe can be found at this link:
http://www.bleepingc...opic405109.html

Program started at: 06/01/2013 01:57:02 PM
Windows Version: Windows Vista

Please be patient while your files are made visible again.

Processing the C:\ drive
Finished processing the C:\ drive. 196901 files processed.

Processing the D:\ drive
Finished processing the D:\ drive. 12175 files processed.

Restoring the Start Menu.
* 2 Shortcuts and Desktop items were restored.


Searching for Windows Registry changes made by FakeHDD rogues.
- Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer
- Checking HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System
- Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced
* Start_ShowPrinters was set to 0! It was set back to 1!
* Start_ShowRun was set to 0! It was set back to 1!
* Start_ShowSearch was set to 0! It was set back to 1!

Program finished at: 06/01/2013 02:03:13 PM
Execution time: 0 hours(s), 6 minute(s), and 11 seconds(s)
  • 0

#8
Dakeyras
Posted 02 June 2013 - 01:30 PM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Hi. :)

Decided to use Microsoft Security Essentials

removed trend(s)

Acknowledged...

It appears in the past some installers for software have been download to your Owner folder:-

C:\Users\Owner

We will remove those as they are no longer required and my friendly advice for the futre when you download anything, save it to either the Desktop or the actual Downloads folder for example.

Next:

Your current version of Malwarebytes Anti-Malware is way out of date, so please uninstall that and we will re-install/update shortly...

Also their are remnants of a prior AVG installation still present, so please download this removal tool to the desktop.

Right-click on avg_remover_stf_x86_2012_2125.exe and select Run as Administrator >> follow the prompts and reboot you machine if not advised to.

Note: There will be a log on the desktop named avgremover.txt. I have no need to review this unless a problem was encountered.

Java Advice:

There has been a recent severe exploitation of this software. Even though this exploit has been reportedly fixed there is still a vulnerability with the software, the below is currently all that it is installed Java related:-

Java™ 6 Update 5
Java 7 Update 9

So you need to uninstall all(if still present via Programs and Features located in the Control Panel))...Your choice if you wish to go ahead and reinstall but as mentioned I advise against it and for the present I do not even have anything Java related installed on my machines.

Please let myself know what you wish to do about this in your next reply please and if you opt to re-install I will provide both the appropriate instructions and safety advice etc.

Cusrtom FRST Script:

Open notepad. Please copy the contents of the Quote box below(do not copy the word quote). To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it to your Desktop as fixlist.txt

Start
MountPoints2: {462e3e3c-7d75-11dd-8675-806e6f6e6963} - E:\SETUP.EXE
Startup: C:\ProgramData\Start Menu\Programs\Startup\MRI_DISABLED ()
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.0.1313\6.8.1078\TmIEPlg.dll (Trend Micro Inc.)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: No Name - {bb46be07-13eb-4c49-b0f0-fc78b9ea4983} - No File
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.1.1102\7.1.1102\TmBpIe32.dll (Trend Micro Inc.)
BHO: No Name - {C4B8BAB4-1667-11DF-A242-BA9455D89593} - No File
Toolbar: HKCU -No Name - {A057A204-BACC-4D26-8398-26FADCF27386} - No File
PDF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab
PDF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
PDF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
PDF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab
C:\Users\Owner\EmailNotifierSetup.exe
C:\Users\Owner\GarminMapUpdater.exe
C:\Users\Owner\GarminMapUpdater_v3.1.20.exe
C:\Users\Owner\GoToAssistDownloadHelper.exe
C:\Users\Owner\install_flashplayer11x32_mssa_aih.exe
C:\Users\Owner\install_flash_player_10_plugin.exe
C:\Users\Owner\jre-7u9-windows-i586.exe
C:\Users\Owner\MicrosoftFixit.maintenance.FISC.134269895869503701.1.2.Run.exe
C:\Users\Owner\MicrosoftFixit.Power.FISC.108268518887205878.1.1.Run.exe
C:\Users\Owner\MicrosoftFixit.ProgramInstallUninstall.FISC.134269895869503701.1.3.Run.exe
C:\Users\Owner\MicrosoftFixit.WindowsFirewall.FISC.108268518887205878.1.5.Run.exe
C:\Users\Owner\MicrosoftFixit.WinFileFolder.FISC.108268518887205878.1.3.Run.exe
C:\Users\Owner\MicrosoftFixit.WinSecurity.FISC.108268518887205878.1.4.Run.exe
C:\Users\Owner\MicrosoftFixit.WinUSB.FISC.108268518887205878.1.6.Run.exe
C:\Users\Owner\SkypeSetup.exe
C:\Users\Owner\UCP110Setup.exe
C:\Users\Owner\Watch_Firmware_Update_Utility_v1.0_PR2_Setup__SIGNED_.exe
C:\ProgramData\ntuser.dat
End

  • Now right-click on FRST.exe and select Run as Administrator to start FRST.
  • Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
  • A log will now open named Fixlog and it will also be on the desktop >> close FRST.
  • Post the contents of the aforementioned in your next reply.
Note: If FRST advises there is a new update to be downloaded, do so/allow this.

TFC(Temp File Cleaner):

  • Please download TFC to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Right-click on TFC.exe and select Run as Administrator to run the program.
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.

I advise you keep TFC on your desktop after I give the all clear and run it say at least once per week as it is a very effective piece of software for cleaning out temp' files etc.

Malwarebytes Anti-Malware:

Please download the installer for Malwarebytes' Anti-Malware to your desktop.

Note: The installer will be randomly named, say for example something like 549od2jqai.exe

  • Right-click on the randomly named exe and select Run as Administrator, then follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
When the program loads, Decline the Malwarebytes' Anti-Malware Trial (You can activate this when we've finished, if you so wish)
  • Once the program has loaded, select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please post that log in your next reply.
The log can also be found here:

  • Launch Malwarebytes' Anti-Malware
  • Click on the Logs radio tab.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Next:

When completed the above, please post back the following in the order asked for:

  • How is your computer performing now, any further symptoms and or problems encountered ?
  • Your decision about a new Java installation.
  • FRST Fixlog Log.
  • Malwarebytes Anti-Malware Log.

  • 0

#9
Dakeyras
Posted 06 June 2013 - 03:44 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#10
Dakeyras
Posted 07 June 2013 - 04:12 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Re-opened at OP's request...
  • 0

#11
Dakeyras
Posted 10 June 2013 - 10:56 AM

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,772 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP