Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus, blinking cursor, Alureon?


  • This topic is locked This topic is locked
3 replies to this topic

#1 llano

llano

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 18 November 2013 - 09:53 PM

Hello and thank you for your help!

 

Problem: boot-up stalls after bios with black screen/blinking cursor; will not load windows

 

Details: While cruising the internet yesterday, MS Forefront Endpoint protection real time scanner identified a risk. The laptop almost immediately began the shutdown routine. Upon reboot, the system would make it through bios (seemingly) but would stall out on black screen with a cursor in the upper left before loading windows. The F8 "safe mode" boot menu cannot be reached.

 

Actions taken:

1) I created a Hiren's Boot CD 15.2 and ran MalwareBytes from mini-XP. The scan flagged several issues. I cleaned all issues, but neglected to save the .txt log...here is what I jotted down in my notes FWIW:

 

HKCR\CLSID\{random alpha-numeric}

   *\TypeLib

   *\Interface

   *\VBScript.RegExp

HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\ExporerINoSMHelp

 

2) Re-ran Malwarebytes from mini-XP (regular boot still not working) several times until all clean.

 

3) Ran Farbar scan from mini-XP (regular boot still not working; no Win 7 recovery CD). Log attached. Attached File  FRST.txt   49.81KB   4 downloads

 

4) Ran DDS scan from mini-XP(regular boot still not working; no Win 7 recovery CD). Log Attached.Attached File  DDS.txt   1.92KB   1 downloads

  

Thank you! I'm hugely obliged for any help you can provide.

 

Regards,

Llano


Edited by llano, 18 November 2013 - 09:54 PM.


BC AdBot (Login to Remove)

 


#2 llano

llano
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:15 PM

Posted 19 November 2013 - 04:19 AM

Update to my previous post:
 
I ran TDSSKiller and was able to get back to the "f8" boot options and successfully booted into Safe Mode w/ Cmd.
 
From there I re-ran FRST (log below).

 

I re-booted (again) to safe mode with networking this time. Performance became sluggish quickly until the computer shut down b/c it became too hot. 

 

I tried to re-boot into Safe Mode w/ cmd again and window files load...until it gets hung after loading "\windows\system32\drivers\CLASSPNP.SYS"

 

Hopefully the new info & FRST log will be helpful.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013 02
Ran by FS100694 (administrator) on FS-11120 on 19-11-2013 00:17:56
Running from E:\
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2011-02-13] (IDT, Inc.)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1436736 2011-06-15] (Microsoft Corporation)
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)
HKCU\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKCU\...\Run: [Apple] - rundll32 "C:\Users\fs100694\AppData\Local\Deployment\Apple\glohagibbo.dll",DllRegisterServer <===== ATTENTION
HKCU\...\Run: [BdzyPack] - regsvr32.exe C:\Users\fs100694\AppData\Local\BdzyPack\vsslight.dll <===== ATTENTION
HKCU\...409d6c4515e9\InprocServer32: [Default-shell32] \\?\globalroot\Device\HarddiskVolume2\Users\fs100694\AppData\Local\Temp\sxcemfw\sphvdwr\wow.dll ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ConnectionCenter] - C:\Program Files (x86)\Citrix\ICA Client\concentr.exe [309184 2012-03-27] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [CitrixReceiver] - C:\Program Files (x86)\Citrix\Receiver\Receiver.exe [1119512 2010-01-22] (Citrix Systems, Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [BrStsMon00] - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [2621440 2010-06-10] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-10-01] (Apple Inc.)
Startup: C:\Users\fs100694\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xDDCE497A59C0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli64.dll (Cisco WebEx LLC)
Toolbar: HKLM-x32 - WebEx Productivity Tools - {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll (Cisco WebEx LLC)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {82E5DF24-51E8-47CD-864A-F4BD5005AA73} https://www.icloud.com/system/iCloud.cab
DPF: HKLM-x32 {E06E2E99-0AA1-11D4-ABA6-0060082AA75C}
DPF: HKLM-x32 {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} https://juniper.net/dana-cached/setup/JuniperSetupSP1.cab
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Handler: GTMHTML - {ED03033A-8BC0-4FC6-A86B-9AC135146395} -  No File
Handler: GTSECURE - {C522F4EF-DB4B-4818-83D1-237C5B2400A8} -  No File
Handler-x32: GTMHTML - {ED03033A-8BC0-4FC6-A86B-9AC135146395} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Handler-x32: GTSECURE - {C522F4EF-DB4B-4818-83D1-237C5B2400A8} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter: application/msword - {E2EF5C40-0617-4510-A1AB-04DDE041AF2F} -  No File
Filter: application/octet-stream - {3F038BEE-9B14-40CF-97C3-72501309A446} -  No File
Filter: application/vnd.ms-excel - {B9B6D6A0-28CA-4822-9BC1-5573C0553489} -  No File
Filter: application/vnd.ms-excel.sheet. - {B9B6D6A0-28CA-4822-9BC1-5573C0553489} -  No File
Filter: application/vnd.ms-excel.sheet.macroEnabled.12 - {B9B6D6A0-28CA-4822-9BC1-5573C0553489} -  No File
Filter: application/vnd.ms-powerpoint - {43AF2B23-731E-4ae6-97F5-943D0D24F256} -  No File
Filter: application/vnd.ms-powerpoint.p - {43AF2B23-731E-4ae6-97F5-943D0D24F256} -  No File
Filter: application/vnd.ms-powerpoint.presentation.macroEnabled.12 - {43AF2B23-731E-4ae6-97F5-943D0D24F256} -  No File
Filter: application/vnd.ms-powerpoint.s - {43AF2B23-731E-4ae6-97F5-943D0D24F256} -  No File
Filter: application/vnd.ms-powerpoint.slideshow.macroEnabled.12 - {43AF2B23-731E-4ae6-97F5-943D0D24F256} -  No File
Filter: application/vnd.ms-word.documen - {E2EF5C40-0617-4510-A1AB-04DDE041AF2F} -  No File
Filter: application/vnd.ms-word.document.macroEnabled.12 - {E2EF5C40-0617-4510-A1AB-04DDE041AF2F} -  No File
Filter: application/vnd.openxmlformats- - {E2EF5C40-0617-4510-A1AB-04DDE041AF2F} -  No File
Filter: application/vnd.openxmlformats-officedocument.presentationml.presentation - {43AF2B23-731E-4ae6-97F5-943D0D24F256} -  No File
Filter: application/vnd.openxmlformats-officedocument.presentationml.slideshow - {43AF2B23-731E-4ae6-97F5-943D0D24F256} -  No File
Filter: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - {B9B6D6A0-28CA-4822-9BC1-5573C0553489} -  No File
Filter: application/vnd.openxmlformats-officedocument.wordprocessingml.document - {E2EF5C40-0617-4510-A1AB-04DDE041AF2F} -  No File
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} -  No File
Filter-x32: application/msword - {E2EF5C40-0617-4510-A1AB-04DDE041AF2F} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter-x32: application/octet-stream - {3F038BEE-9B14-40CF-97C3-72501309A446} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter-x32: application/vnd.ms-excel - {B9B6D6A0-28CA-4822-9BC1-5573C0553489} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter-x32: application/vnd.ms-excel.sheet. - {B9B6D6A0-28CA-4822-9BC1-5573C0553489} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter-x32: application/vnd.ms-excel.sheet.macroEnabled.12 - {B9B6D6A0-28CA-4822-9BC1-5573C0553489} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter-x32: application/vnd.ms-powerpoint - {43AF2B23-731E-4ae6-97F5-943D0D24F256} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter-x32: application/vnd.ms-powerpoint.p - {43AF2B23-731E-4ae6-97F5-943D0D24F256} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter-x32: application/vnd.ms-powerpoint.presentation.macroEnabled.12 - {43AF2B23-731E-4ae6-97F5-943D0D24F256} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter-x32: application/vnd.ms-powerpoint.s - {43AF2B23-731E-4ae6-97F5-943D0D24F256} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter-x32: application/vnd.ms-powerpoint.slideshow.macroEnabled.12 - {43AF2B23-731E-4ae6-97F5-943D0D24F256} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter-x32: application/vnd.ms-word.documen - {E2EF5C40-0617-4510-A1AB-04DDE041AF2F} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter-x32: application/vnd.ms-word.document.macroEnabled.12 - {E2EF5C40-0617-4510-A1AB-04DDE041AF2F} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter-x32: application/vnd.openxmlformats- - {E2EF5C40-0617-4510-A1AB-04DDE041AF2F} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter-x32: application/vnd.openxmlformats-officedocument.presentationml.presentation - {43AF2B23-731E-4ae6-97F5-943D0D24F256} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter-x32: application/vnd.openxmlformats-officedocument.presentationml.slideshow - {43AF2B23-731E-4ae6-97F5-943D0D24F256} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter-x32: application/vnd.openxmlformats-officedocument.spreadsheetml.sheet - {B9B6D6A0-28CA-4822-9BC1-5573C0553489} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter-x32: application/vnd.openxmlformats-officedocument.wordprocessingml.document - {E2EF5C40-0617-4510-A1AB-04DDE041AF2F} - C:\Program Files (x86)\GigaTrust\GTMHTMLProtocol.dll (GigaMedia Access Corporation)
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 68.105.28.11 68.105.29.11 68.105.28.12

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\fs100694\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\fs100694\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\fs100694\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\fs100694\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (iCloud Bookmarks) - C:\Users\fs100694\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.0.24_0
CHR Extension: (Google Wallet) - C:\Users\fs100694\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\fs100694\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

S2 ARPriv; C:\Program Files (x86)\Citrix\Receiver\PrivService.exe [238872 2010-01-22] (Citrix Systems, Inc.)
S2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [18656 2011-02-02] ()
S2 Cisco WebEx Connect Upgrade Service; C:\Program Files (x86)\WebEx\Connect\apUpdate.exe [857704 2012-05-03] (WebEx Communications Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2011-04-27] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [288272 2011-04-27] (Microsoft Corporation)
S3 smstsmgr; C:\Windows\SysWOW64\CCM\TSManager.exe [246624 2009-09-18] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 atmeltpm; C:\Windows\system32\drivers\atmeltpm64.sys [19456 2012-05-25] (Atmel, Inc.)
S3 d554gps; C:\Windows\system32\drivers\d554gps64.sys [102440 2012-06-18] (Ericsson AB)
S3 DIGITECH; C:\Windows\system32\drivers\DIGITECH.sys [25648 2011-06-08] (Copyright© Digitech Systems)
S3 ecnssndis; C:\Windows\System32\Drivers\wwuss64.sys [26664 2012-06-18] (Ericsson AB)
S3 ecnssndisfltr; C:\Windows\System32\Drivers\wwussf64.sys [29736 2012-06-18] (Ericsson AB)
S3 Mbm3CBus; C:\Windows\system32\drivers\Mbm3CBus.sys [419400 2012-06-18] (MCCI Corporation)
S3 Mbm3DevMt; C:\Windows\system32\drivers\Mbm3DevMt.sys [430664 2012-06-18] (MCCI Corporation)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [189440 2011-04-18] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [84864 2011-04-27] (Microsoft Corporation)
S3 prepdrvr; C:\Windows\SysWOW64\CCM\prepdrv.sys [26992 2009-09-18] (Microsoft Corporation)
S3 stmtpm; C:\Windows\system32\drivers\stm_tpm.sys [29184 2012-05-25] (STMicroelectronics, INC)
S3 tcm; C:\Windows\system32\drivers\tcm.sys [17048 2012-07-04] ()
S3 dcdbas; system32\DRIVERS\dcdbas64.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\Apfiltr.sys B05D249879ED6B04D4C4C9C88AF2BD44
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\atmeltpm64.sys 8AC83497A2F09317BBECEAF29D3477BD
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cvusbdrv.sys 691C449ED4A7B6EF71F7F1F25EA434BD
C:\Windows\system32\drivers\d554gps64.sys B58959ADC3ECD9C87C5959D0E3802F55
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\DIGITECH.sys 8BB27F26DA7AC2FD4F1386C4E045388E
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dsNcAdpt.sys 0040A0132AAC1004E50055F8FBB14C08
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\System32\DRIVERS\e1k62x64.sys 60C5B36E07BE8B3AF3911C3D10303CFE
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\System32\Drivers\wwuss64.sys B90BEFCCEB59C83AC65BFD39EF7404F4
C:\Windows\System32\Drivers\wwussf64.sys 1CF09C0555BE49EFE96B33BDA514A334
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\drivers\iaStor.sys C224331A54571C8C9162F7714400BBBD
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\Mbm3CBus.sys 62732AF9512B911C330ACBBDBCC2F284
C:\Windows\system32\drivers\Mbm3DevMt.sys BDC2D259CA9CFCED092B3B0B8557322D
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys C177A7EBF5E8A0B596F618870516CAB8
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpNWMon.sys 8FBF6B31FE8AF1833D93C5913D5B4D55
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Netwsw00.sys 262225F08B891FD7F16B3B93A3177C1F
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 5F7D72CBCDD025AF1F38FDEEE5646968
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nusb3hub.sys 785298579B5F9B4032152DFBB992FDB6
C:\Windows\system32\drivers\nusb3xhc.sys DF2750481B4964814467C974F2B0EEF1
C:\Windows\System32\drivers\nvhda64v.sys 8D4AAC74B571FC356560E5B308955E93
C:\Windows\System32\DRIVERS\nvlddmkm.sys 368D7CA6309634E8D9B82C36723EE293
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\SysWOW64\CCM\prepdrv.sys 3A603DD6466569970BD99DFB4C63BBC7
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\system32\drivers\rimmpx64.sys 6FAF5B04BEDC66D300D9D233B2D222F0
C:\Windows\system32\drivers\rimspe64.sys 3DCA561AAF776AA2E356FB5B142AA5F8
C:\Windows\system32\drivers\rimspx64.sys 67F50C31713106FD1B0F286F86AA2B2E
C:\Windows\System32\DRIVERS\risdpe64.sys 91C2AE052652E7ABD88155F11D667ED2
C:\Windows\system32\drivers\rixdpx64.sys 4D7EF3D46346EC4C58784DB964B365DE
C:\Windows\system32\drivers\rixdpe64.sys A4579105A3C5B6290701EAD0C153E07A
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\stwrt64.sys DA40D9C9CCB9836D6ABD1706935A2277
C:\Windows\system32\drivers\stm_tpm.sys 9300847B0D212DDB33BA8371EB8EDAE3
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\synth3dvsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\system32\drivers\tcm.sys 08228AC4B3EEF0DEE3D38D239692E510
C:\Windows\System32\drivers\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\DRIVERS\tcpip.sys DB74544B75566C974815E79A62433F29
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9
C:\Windows\System32\drivers\tpm.sys DBCC20C02E8A3E43B03C304A4E40A84F
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\System32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240
C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 311C1DD1088E55BEAE15954D17F50646
C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F
C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUSB.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-18 22:22 - 2013-11-18 22:22 - 00035904 _____ (VirusBlokAda Ltd.) C:\Windows\SysWOW64\Drivers\hsrie2y1.sys
2013-11-18 22:21 - 2013-11-18 22:21 - 00000000 ____D C:\Users\fs100694\Downloads\vba32arkit
2013-11-18 22:07 - 2013-11-18 22:07 - 01472131 _____ C:\Users\fs100694\Downloads\vba32arkit.zip
2013-11-18 10:58 - 2013-11-18 10:58 - 00000000 ____D C:\FRST
2013-11-16 18:02 - 2013-11-16 18:02 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-11-15 12:22 - 2013-11-16 12:40 - 02831965 _____ C:\Users\fs100694\Desktop\Ag Powty update 11152013.pptm
2013-11-15 12:22 - 2013-11-15 12:22 - 00000165 ____H C:\Users\fs100694\Desktop\~$Ag Powty update 11152013.pptm
2013-11-12 18:49 - 2013-11-13 15:10 - 00000000 ____D C:\Users\fs100694\Desktop\Uncertainty Analysis
2013-11-12 14:59 - 2013-11-12 15:03 - 00000000 ____D C:\Users\fs100694\Desktop\Graphics
2013-11-12 00:50 - 2013-11-14 22:42 - 00431866 _____ C:\Users\fs100694\Desktop\portfolio.xlsx
2013-11-12 00:50 - 2013-11-12 18:52 - 00011969 _____ C:\Users\fs100694\Desktop\Requirements.xlsx
2013-11-10 21:05 - 2013-11-16 12:40 - 00149570 _____ C:\Users\fs100694\Desktop\College FB.xlsx
2013-11-07 21:19 - 2013-11-07 21:19 - 00000165 ____H C:\Users\fs100694\Desktop\~$MC_Greenoughv1.2.xlsm
2013-11-07 13:21 - 2013-11-07 13:21 - 00001878 _____ C:\Users\fs100694\Desktop\Private - Shortcut.lnk
2013-11-07 13:21 - 2013-11-07 13:21 - 00001871 _____ C:\Users\fs100694\Desktop\Public - Shortcut.lnk
2013-11-06 12:22 - 2013-11-06 12:22 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-10-28 21:33 - 2013-10-28 21:50 - 00012966 _____ C:\Users\fs100694\Documents\ASTM Capacity Test mitigated risk.xlsx
2013-10-28 21:33 - 2013-10-28 21:33 - 00000165 ____H C:\Users\fs100694\Documents\~$ASTM Capacity Test mitigated risk.xlsx
2013-10-28 20:37 - 2013-10-28 20:37 - 00000165 ____H C:\Users\fs100694\Desktop\~$BRR Strawman.pptx
2013-10-28 16:35 - 2013-11-01 14:43 - 00026852 _____ C:\Users\fs100694\Desktop\BRR ASTM.xlsx
2013-10-24 14:26 - 2013-10-24 14:26 - 00000000 ____D C:\Users\fs100694\AppData\Local\WebEx
2013-10-23 12:04 - 2013-10-23 12:04 - 00000000 ____D C:\Windows\Offline Address Books
2013-10-22 11:18 - 2013-10-22 11:18 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-22 11:18 - 2013-10-22 11:18 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-22 11:18 - 2013-10-22 11:18 - 00000000 ____D C:\Program Files\iTunes
2013-10-22 11:18 - 2013-10-22 11:18 - 00000000 ____D C:\Program Files\iPod
2013-10-22 11:18 - 2013-10-22 11:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-21 09:02 - 2013-09-04 05:12 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-21 09:02 - 2013-09-04 05:11 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-21 09:02 - 2013-09-04 05:11 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-21 09:02 - 2013-09-04 05:11 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-21 09:02 - 2013-09-04 05:11 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-21 09:02 - 2013-09-04 05:11 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-10-21 09:02 - 2013-09-04 05:11 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-21 09:02 - 2013-08-01 05:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-21 09:01 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-21 09:01 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-21 09:01 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-21 09:01 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-21 09:01 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-21 09:01 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-21 09:01 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-21 09:01 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-21 09:01 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-21 09:01 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-21 09:01 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-21 09:01 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-21 09:01 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-21 09:00 - 2013-09-22 07:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-21 09:00 - 2013-09-22 07:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-21 09:00 - 2013-09-22 03:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-21 09:00 - 2013-09-22 03:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-21 09:00 - 2013-08-27 18:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-21 08:59 - 2013-09-22 08:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-21 08:59 - 2013-09-22 08:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-21 08:59 - 2013-09-22 07:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-21 08:59 - 2013-09-22 07:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-21 08:59 - 2013-09-22 07:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-21 08:59 - 2013-09-22 07:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-21 08:59 - 2013-09-22 07:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-21 08:59 - 2013-09-22 07:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-21 08:59 - 2013-09-22 07:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-21 08:59 - 2013-09-22 07:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-21 08:59 - 2013-09-22 07:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-21 08:59 - 2013-09-22 07:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-21 08:59 - 2013-09-22 07:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-21 08:59 - 2013-09-22 07:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-21 08:59 - 2013-09-22 03:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-21 08:59 - 2013-09-22 03:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-21 08:59 - 2013-09-22 03:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-21 08:59 - 2013-09-22 03:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-21 08:59 - 2013-09-22 03:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-21 08:59 - 2013-09-22 03:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-21 08:59 - 2013-09-22 03:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-21 08:59 - 2013-09-22 03:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-21 08:59 - 2013-09-22 03:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-21 08:59 - 2013-09-22 03:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-21 08:59 - 2013-09-22 03:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-21 08:59 - 2013-09-22 03:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-21 08:59 - 2013-09-22 03:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-21 08:59 - 2013-09-22 02:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-21 08:59 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-21 08:55 - 2013-07-02 21:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-21 08:55 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-21 08:55 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-21 08:53 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-21 08:53 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

==================== One Month Modified Files and Folders =======

2013-11-18 23:35 - 2013-09-13 17:24 - 01247777 _____ C:\Windows\WindowsUpdate.log
2013-11-18 23:29 - 2009-07-13 22:13 - 00790276 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-18 22:22 - 2013-11-18 22:22 - 00035904 _____ (VirusBlokAda Ltd.) C:\Windows\SysWOW64\Drivers\hsrie2y1.sys
2013-11-18 22:21 - 2013-11-18 22:21 - 00000000 ____D C:\Users\fs100694\Downloads\vba32arkit
2013-11-18 22:07 - 2013-11-18 22:07 - 01472131 _____ C:\Users\fs100694\Downloads\vba32arkit.zip
2013-11-18 22:04 - 2013-09-24 09:26 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-18 22:04 - 2010-11-20 20:47 - 00027328 _____ C:\Windows\PFRO.log
2013-11-18 22:04 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-18 22:04 - 2009-07-13 21:51 - 00033952 _____ C:\Windows\setupact.log
2013-11-18 10:58 - 2013-11-18 10:58 - 00000000 ____D C:\FRST
2013-11-16 18:02 - 2013-11-16 18:02 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-11-16 15:50 - 2013-09-13 09:43 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-16 15:42 - 2013-09-24 09:26 - 00000000 ____D C:\Users\fs100694\AppData\Local\Deployment
2013-11-16 15:30 - 2013-10-08 21:25 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-16 14:14 - 2009-07-13 21:45 - 00019104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-16 14:14 - 2009-07-13 21:45 - 00019104 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-16 12:43 - 2013-09-13 13:22 - 00001152 _____ C:\Windows\system32\config\netlogon.ftl
2013-11-16 12:40 - 2013-11-15 12:22 - 02831965 _____ C:\Users\fs100694\Desktop\Ag Powty update 11152013.pptm
2013-11-16 12:40 - 2013-11-10 21:05 - 00149570 _____ C:\Users\fs100694\Desktop\College FB.xlsx
2013-11-16 07:43 - 2013-09-13 09:41 - 00000000 ____D C:\Users\Public\Downloads\WebEx Connect
2013-11-15 20:10 - 2013-09-26 21:54 - 00000000 ____D C:\Users\fs100694\AppData\Local\4A691DD2-AC37-453F-AACD-B184C76D127D.aplzod
2013-11-15 18:34 - 2013-09-13 09:47 - 00040973 __RSH C:\ProgramData\ntuser.pol
2013-11-15 16:13 - 2013-09-18 11:07 - 00000000 ____D C:\Users\fs100694\AppData\Roaming\WebEx Connect
2013-11-15 14:06 - 2013-09-13 17:24 - 00000462 _____ C:\Windows\SMSCFG.INI
2013-11-15 14:05 - 2013-09-18 09:34 - 00000211 _____ C:\Users\fs100694\AppData\Roaming\ARCompanion.log
2013-11-15 12:22 - 2013-11-15 12:22 - 00000165 ____H C:\Users\fs100694\Desktop\~$Ag Powty update 11152013.pptm
2013-11-14 22:42 - 2013-11-12 00:50 - 00431866 _____ C:\Users\fs100694\Desktop\portfolio.xlsx
2013-11-14 14:02 - 2013-09-24 09:27 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-14 11:02 - 2013-09-17 10:48 - 00000000 ____D C:\Users\fs100694\AppData\Roaming\Webex
2013-11-13 15:10 - 2013-11-12 18:49 - 00000000 ____D C:\Users\fs100694\Desktop\Uncertainty Analysis
2013-11-12 18:52 - 2013-11-12 00:50 - 00011969 _____ C:\Users\fs100694\Desktop\Requirements.xlsx
2013-11-12 15:03 - 2013-11-12 14:59 - 00000000 ____D C:\Users\fs100694\Desktop\Graphics
2013-11-07 21:19 - 2013-11-07 21:19 - 00000165 ____H C:\Users\fs100694\Desktop\~$MC_Greenoughv1.2.xlsm
2013-11-07 13:21 - 2013-11-07 13:21 - 00001878 _____ C:\Users\fs100694\Desktop\Private - Shortcut.lnk
2013-11-07 13:21 - 2013-11-07 13:21 - 00001871 _____ C:\Users\fs100694\Desktop\Public - Shortcut.lnk
2013-11-06 13:59 - 2013-09-17 10:48 - 00000000 ____D C:\Users\fs100694
2013-11-06 13:59 - 2013-09-13 09:47 - 00000000 ____D C:\Windows\wlansvc
2013-11-06 13:59 - 2013-06-13 22:51 - 00000000 ____D C:\Users\fs100694\Desktop\Temp to trash
2013-11-06 13:56 - 2013-06-12 17:41 - 00000000 ____D C:\Users\fs100694\Documents\MyConnectFiles
2013-11-06 12:22 - 2013-11-06 12:22 - 00000000 ____D C:\Program Files (x86)\7-Zip
2013-11-01 14:43 - 2013-10-28 16:35 - 00026852 _____ C:\Users\fs100694\Desktop\BRR ASTM.xlsx
2013-11-01 09:36 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\spool
2013-10-28 21:50 - 2013-10-28 21:33 - 00012966 _____ C:\Users\fs100694\Documents\ASTM Capacity Test mitigated risk.xlsx
2013-10-28 21:33 - 2013-10-28 21:33 - 00000165 ____H C:\Users\fs100694\Documents\~$ASTM Capacity Test mitigated risk.xlsx
2013-10-28 20:37 - 2013-10-28 20:37 - 00000165 ____H C:\Users\fs100694\Desktop\~$BRR Strawman.pptx
2013-10-24 14:26 - 2013-10-24 14:26 - 00000000 ____D C:\Users\fs100694\AppData\Local\WebEx
2013-10-24 08:54 - 2013-09-13 09:32 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-23 12:04 - 2013-10-23 12:04 - 00000000 ____D C:\Windows\Offline Address Books
2013-10-23 08:59 - 2013-09-18 11:08 - 00000000 ____D C:\Users\fs100694\AppData\Local\WebEx Connect
2013-10-22 11:18 - 2013-10-22 11:18 - 00001785 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-10-22 11:18 - 2013-10-22 11:18 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-10-22 11:18 - 2013-10-22 11:18 - 00000000 ____D C:\Program Files\iTunes
2013-10-22 11:18 - 2013-10-22 11:18 - 00000000 ____D C:\Program Files\iPod
2013-10-22 11:18 - 2013-10-22 11:18 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-10-22 11:04 - 2009-07-13 21:45 - 00493344 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-21 08:58 - 2013-09-13 09:25 - 00784492 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-21 08:55 - 2013-09-13 11:37 - 00000000 ____D C:\Windows\system32\MRT
2013-10-21 08:53 - 2013-09-13 11:37 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Alureon:
C:\Users\fs100694\AppData\Local\Temp\sxcemfw\sphvdwr\wow.dll

Some content of TEMP:
====================
C:\Users\fs100694\AppData\Local\Temp\ARCompanionForSession1.exe
C:\Users\fs100694\AppData\Local\Temp\dsHostCheckerSetup.exe
C:\Users\fs100694\AppData\Local\Temp\hiiy.exe
C:\Users\fs100694\AppData\Local\Temp\neoNCSetup64.exe
C:\Users\FS112251\AppData\Local\Temp\AcDeltree.exe
C:\Users\FS112251\AppData\Local\Temp\FNP_ACT_InstallerCA.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {current}
resumeobject            {fd57d20f-1cd2-11e3-a990-5c260a216cf9}
displayorder            {current}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {current}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {fd57d211-1cd2-11e3-a990-5c260a216cf9}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {fd57d20f-1cd2-11e3-a990-5c260a216cf9}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {fd57d211-1cd2-11e3-a990-5c260a216cf9}
device                  ramdisk=[C:]\Recovery\fd57d211-1cd2-11e3-a990-5c260a216cf9\Winre.wim,{fd57d212-1cd2-11e3-a990-5c260a216cf9}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\fd57d211-1cd2-11e3-a990-5c260a216cf9\Winre.wim,{fd57d212-1cd2-11e3-a990-5c260a216cf9}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {fd57d20f-1cd2-11e3-a990-5c260a216cf9}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {fd57d212-1cd2-11e3-a990-5c260a216cf9}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\fd57d211-1cd2-11e3-a990-5c260a216cf9\boot.sdi

 

LastRegBack: 2013-11-10 12:52

==================== End Of Log ============================



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 PM

Posted 23 November 2013 - 09:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/514668 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:15 PM

Posted 28 November 2013 - 09:55 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users