Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

No Start Button, No Internet after infection


  • Please log in to reply
26 replies to this topic

#1 pcpunk

pcpunk

  • Members
  • 5,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:45 PM

Posted 26 February 2014 - 02:14 PM

This is a continued issue from this thread: http://www.bleepingcomputer.com/forums/t/524201/infected/

Thanks in advance for the help!

 

Can I go back and delete the two other posts that I forgot to attach a file too?

 

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 8.0.6001.18702

Run by Chris at 13:23:49 on 2014-02-26

.

============== Running Processes ================

.

C:\Program Files\SUPERAntiSpyware\SASCORE.EXE

C:\Program Files\LSI SoftModem\agrsmsvc.exe

c:\WINDOWS2\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe

C:\WINDOWS2\system32\DKabcoms.exe

C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\WINDOWS2\Explorer.EXE

C:\WINDOWS2\system32\igfxtray.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS2\system32\ctfmon.exe

C:\Program Files\Dell\Printer Software\DKab1err.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\T-Mobile\T-Mobile Connection Manager\Bin\mcserver.exe

C:\Program Files\T-Mobile\T-Mobile Connection Manager\Bin\dbus-daemon.exe

C:\Program Files\T-Mobile\T-Mobile Connection Manager\Bin\db_daemon.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://xfinity.comcast.net/?cid=insDate01302014

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll

uRun: [ctfmon.exe] c:\windows2\system32\ctfmon.exe

uRun: [DKab1err] c:\program files\dell\printer software\DKab1err.exe

mRun: [IgfxTray] c:\windows2\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows2\system32\hkcmd.exe

mRun: [Persistence] c:\windows2\system32\igfxpers.exe

mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [UpdateManager] "c:\program files\common files\sonic\update manager\sgtray.exe" /r

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui

mRun: [KernelFaultCheck] c:\windows2\system32\dumprep 0 -k

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

dRunOnce: [RunNarrator] Narrator.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:323

uPolicies-Explorer: NoDriveAutoRun = dword:67108863

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDriveTypeAutoRun = dword:323

mPolicies-Explorer: NoDriveAutoRun = dword:67108863

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1376169384968

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} - hxxp://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{0E49FE7C-B438-4516-8EDD-0E8E31739A75} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{82A6B315-7DBA-404C-862A-FAB6F49E0E7D} : DHCPNameServer = 75.75.75.75 75.75.76.76

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows2\system32\WPDShServiceObj.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\32.0.1700.107\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\chris\application data\mozilla\firefox\profiles\5x90649l.default\

FF - prefs.js: browser.startup.homepage - hxxps://www.yahoo.com/

FF - plugin: c:\documents and settings\all users.windows2\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlchromebrowserrecordext.dll

FF - plugin: c:\documents and settings\all users.windows2\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlhtml5videoshim.dll

FF - plugin: c:\documents and settings\all users.windows2\application data\realnetworks\realdownloader\browserplugins\mozillaplugins\nprndlpepperflashvideoshim.dll

FF - plugin: c:\documents and settings\all users.windows2\application data\realnetworks\realdownloader\browserplugins\npdlplugin.dll

FF - plugin: c:\documents and settings\chris\local settings\application data\citrix\plugins\104\npappdetector.dll

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll

FF - plugin: c:\program files\real\realplayer\netscape6\nprpplugin.dll

FF - plugin: c:\windows2\npMSDM.dll

FF - plugin: c:\windows2\system32\macromed\flash\NPSWF32_12_0_0_44.dll

.

============= SERVICES / DRIVERS ===============

.

R? avast! Antivirus;avast! Antivirus

R? cerc6;cerc6

R? t_mobile_zte_cdc_acm;T-Mobile webConnect CDC-ACM driver

R? t_mobile_zte_cdc_ecm;t_mobile_zte_cdc_ecm

R? t_mobile_zte_cpo;T-Mobile webConnect Install

R? t_mobile_zte_ecm_enum;T-Mobile webConnect DC Enumerator

R? t_mobile_zte_ecm_enum_filter;t_mobile_zte_ecm_enum_filter

S? !SASCORE;SAS Core Service

S? aswMonFlt;aswMonFlt

S? aswRvrt;avast! Revert

S? aswSnx;aswSnx

S? aswSP;aswSP

S? aswVmm;avast! VM Monitor

S? BMLoad;Bytemobile Boot Time Load Driver

S? dkab_device;dkab_device

S? RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service

S? SASDIFSV;SASDIFSV

S? SASKUTIL;SASKUTIL

.

=============== Created Last 30 ================

.

2014-02-16 22:15:55 -------- d-----w- c:\documents and settings\all users.windows2\application data\Malwarebytes' Anti-Malware (portable)

2014-02-16 22:15:08 52312 ----a-w- c:\windows2\system32\drivers\mbamchameleon.sys

2014-02-16 18:40:55 -------- d-----w- c:\documents and settings\all users.windows2\application data\SUPERAntiSpyware.com

2014-02-13 20:33:13 22856 ----a-w- c:\windows2\system32\drivers\mbam.sys

2014-02-13 20:33:13 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2014-02-13 20:07:25 107224 ----a-w- c:\windows2\system32\drivers\mbamswissarmy.sys

2014-01-30 23:34:46 -------- d-----w- c:\documents and settings\all users.windows2\application data\comcastModemRelease

2014-01-30 23:34:36 -------- d-----w- c:\documents and settings\chris\local settings\application data\Xfinity.com

.

==================== Find3M ====================

.

2014-02-10 05:24:55 67824 ----a-w- c:\windows2\system32\drivers\aswmonflt.sys

2014-02-10 05:24:31 775952 ----a-w- c:\windows2\system32\drivers\aswSnx.sys

2014-02-10 05:24:30 43152 ----a-w- c:\windows2\avastSS.scr

2014-02-05 23:26:52 920064 ----a-w- c:\windows2\system32\wininet.dll

2014-02-05 23:26:43 43520 ------w- c:\windows2\system32\licmgr10.dll

2014-02-05 23:26:42 1469440 ------w- c:\windows2\system32\inetcpl.cpl

2014-02-05 23:26:37 18944 ----a-w- c:\windows2\system32\corpol.dll

2014-02-05 22:24:05 385024 ------w- c:\windows2\system32\html.iec

2014-02-05 19:38:17 71048 ----a-w- c:\windows2\system32\FlashPlayerCPLApp.cpl

2014-02-05 19:38:17 692616 ----a-w- c:\windows2\system32\FlashPlayerApp.exe

2014-01-04 03:13:05 420864 ----a-w- c:\windows2\system32\vbscript.dll

2013-12-31 21:39:04 180248 ----a-w- c:\windows2\system32\drivers\aswVmm.sys

2013-12-19 02:10:01 94632 ----a-w- c:\windows2\system32\WindowsAccessBridge.dll

2013-12-19 01:46:50 145408 ----a-w- c:\windows2\system32\javacpl.cpl

2013-12-05 11:26:06 1172992 ----a-w- c:\windows2\system32\msxml3.dll

.

============= FINISH: 13:24:24.04 ===============

Attached Files


Edited by pcpunk, 26 February 2014 - 02:17 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


BC AdBot (Login to Remove)

 


#2 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:45 PM

Posted 26 February 2014 - 06:09 PM

I am over here pulling my hair out guys lol.  Living two weeks without my computer is terrible laughs.  I just got my internet connection and now no computer.  I am having health problems and can't afford to go another route so your stuck with me for now, laughs.  I wish I could by another computer but I can't afford it, love my xp and want to see if I can run it after the deadline for xp.  I don't have a xp disc because I got this computer for free from a friend. 


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#3 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:45 PM

Posted 26 February 2014 - 07:49 PM

Hi pcpunck,
 
Welcome to the forum.
 
Don't worry we will assist you with this. Many services are not working because of the missing svchost.exe. We will restore the missing svchost.exe and then see if any issues remains.

  • Download Farbar Recovery Scan Tool from: Farbar Recovery Scan Tool and save it to a flash drive (you need the 32-bit version).
    • Download the attached fixlist.txt and save it the flash drive.
    • Insert the flash drive into the problem computer and run FRST as you ran other tools (double-click or any other way).
    • When the tool opens click Yes to disclaimer.
    • Press Fix and wait.
    • It will make a log (Fixlog.txt) on the flash drive. Please copy and paste it to your reply later on.
  • Important: Now restart the computer.
     
     
  • After restart check the issues and tell me how the condition of your computer.

Attached Files



#4 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:45 PM

Posted 27 February 2014 - 12:57 PM

Okay I did it. I was a little confused about the attachment fixlist.txt.  Wasn't sure if I was supposed to do something with that, does it work without me doing anything?

 

1. Farbar did not Save a log for me, although it did say it was going to save it too where the original tool was located.  I did read the log where it said that it could not find svchost.exe, and then it said that it had replaced svchost.exe and that is all I can remember. 

2. After restart I got the Start Button back whoo hoo! that's good.

3. I did notice that I could not get on internet at first and could not "Refresh" the wireless list and still can't.  It did however finally log onto the library wireless signal.

4. Avast wants me to download Google Chrome that has built in anti phishing and anti malware to keep me safe after April 8 when windows xp is no longer being supported.  I do already have google chrome so what should I do with that, just ingnore util we get the computer fixed.

5. Things also seemed very slow in closing down Google Chrome, Notepad, Lexar drive and avast window.

 

I was able to copy this error report from MS.

C:\DOCUME~1\Chris\LOCALS~1\Temp\WERd699.dir00\Mini021614-01.dmp
C:\DOCUME~1\Chris\LOCALS~1\Temp\WERd699.dir00\sysdata.xml


Edited by pcpunk, 27 February 2014 - 01:02 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:45 PM

Posted 27 February 2014 - 01:18 PM

Great and well done. Thanks for the detailed feedback.

 

I understand that you have internet connection now and you don't have go back and forth.

 

For now please don't install anything and don't make any changes.

 

Now please run Farbar Recovery Scan Tool once more, but this time click Scan and wait. It will make two logs. Please copy and paste FRST.txt to your reply and attach Addition.txt to your post.



#6 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:45 PM

Posted 27 February 2014 - 01:48 PM

I hope I did not make your job harder but I allowed MS to install some updates.

 

I don't know how to Attach a document, meaning I can't find the function to do so, I do know the process.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 27-02-2014 02
Ran by Chris (administrator) on CHRIS-1EC6C6A3C on 27-02-2014 13:31:38
Running from E:\
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(Microsoft Corporation) C:\WINDOWS2\System32\smss.exe
(Microsoft Corporation) C:\WINDOWS2\system32\csrss.exe
(Microsoft Corporation) C:\WINDOWS2\system32\winlogon.exe
(Microsoft Corporation) C:\WINDOWS2\system32\services.exe
(Microsoft Corporation) C:\WINDOWS2\system32\lsass.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\System32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS2\system32\spoolsv.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
(Agere Systems) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
( ) C:\WINDOWS2\system32\DKabcoms.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\System32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\System32\svchost.exe
() C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
(Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
(Microsoft Corporation) C:\WINDOWS2\system32\wuauclt.exe
(Microsoft Corporation) C:\WINDOWS2\Explorer.EXE
(Microsoft Corporation) C:\WINDOWS2\System32\alg.exe
(Intel Corporation) C:\WINDOWS2\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS2\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS2\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS2\system32\igfxsrvc.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files\Real\RealPlayer\update\realsched.exe
(Sonic Solutions) C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\WINDOWS2\system32\ctfmon.exe
(Dell, Inc.) C:\Program Files\Dell\Printer Software\DKab1err.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
(ZTE) C:\Program Files\T-Mobile\T-Mobile Connection Manager\Bin\mcserver.exe
(Microsoft Corporation) C:\WINDOWS2\system32\cmd.exe
() C:\Program Files\T-Mobile\T-Mobile Connection Manager\Bin\dbus-daemon.exe
() C:\Program Files\T-Mobile\T-Mobile Connection Manager\Bin\db_daemon.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
(Hewlett-Packard Co.) C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
(Microsoft Corporation) C:\WINDOWS2\system32\wbem\wmiprvse.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [IgfxTray] - C:\WINDOWS2\system32\igfxtray.exe [135168 2008-02-15] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\WINDOWS2\system32\hkcmd.exe [159744 2008-02-15] (Intel Corporation)
HKLM\...\Run: [Persistence] - C:\WINDOWS2\system32\igfxpers.exe [131072 2008-02-15] (Intel Corporation)
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [872448 2007-01-05] (Analog Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [TkBellExe] - C:\Program Files\Real\RealPlayer\update\realsched.exe [295512 2013-09-15] (RealNetworks, Inc.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [UpdateManager] - C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe [110592 2004-01-07] (Sonic Solutions)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-10] (AVAST Software)
HKLM\...\Winlogon: [Userinit] C:\WINDOWS2\system32\userinit.exe,
Winlogon\Notify\crypt32chain: C:\WINDOWS2\system32\crypt32.dll (Microsoft Corporation)
Winlogon\Notify\cryptnet: C:\WINDOWS2\system32\cryptnet.dll (Microsoft Corporation)
Winlogon\Notify\cscdll: C:\WINDOWS2\system32\cscdll.dll (Microsoft Corporation)
Winlogon\Notify\dimsntfy: C:\WINDOWS2\System32\dimsntfy.dll (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS2\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\ScCertProp: C:\WINDOWS2\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\Schedule: C:\WINDOWS2\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\sclgntfy: C:\WINDOWS2\system32\sclgntfy.dll (Microsoft Corporation)
Winlogon\Notify\SensLogn: C:\WINDOWS2\system32\WlNotify.dll (Microsoft Corporation)
Winlogon\Notify\termsrv: C:\WINDOWS2\system32\wlnotify.dll (Microsoft Corporation)
Winlogon\Notify\wlballoon: C:\WINDOWS2\system32\wlnotify.dll (Microsoft Corporation)
HKU\.DEFAULT\...\Run: [DWQueuedReporting] - C:\Program Files\Common Files\Microsoft Shared\DW\DWTRIG20.EXE [437160 2007-02-26] (Microsoft Corporation)
HKU\.DEFAULT\...\RunOnce: [RunNarrator] - C:\WINDOWS2\system32\Narrator.exe [53760 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1078081533-261903793-1417001333-1004\...\Run: [ctfmon.exe] - C:\WINDOWS2\system32\ctfmon.exe [15360 2008-04-13] (Microsoft Corporation)
HKU\S-1-5-21-1078081533-261903793-1417001333-1004\...\Run: [DKab1err] - C:\Program Files\Dell\Printer Software\DKab1err.exe [582976 2010-08-03] (Dell, Inc.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\MCtlSvc.lnk
ShortcutTarget: MCtlSvc.lnk -> C:\Program Files\T-Mobile\T-Mobile Connection Manager\Bin\mcserver.exe (ZTE)
Startup: C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Startup\MCtlSvc.lnk
ShortcutTarget: MCtlSvc.lnk -> C:\Program Files\T-Mobile\T-Mobile Connection Manager\Bin\mcserver.exe (ZTE)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://xfinity.comcast.net/?cid=insDate01302014
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS2\system32\blank.htm
SearchScopes: HKCU - DefaultScope {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKCU - {180780f0-b348-4b44-8210-94a8f3ee15b2} URL = http://search.comcast.net/search/?cat=Web&con=toolbar&q={searchTerms}
SearchScopes: HKCU - {57C5C20C-6F5D-4F7B-AEC3-F05A24FA3088} URL = http://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: gopher - {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
Handler: sysimage - {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS2\system32\mshtml.dll (Microsoft Corporation)
Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS2\system32\wiascr.dll (Microsoft Corporation)
Filter: Class Install Handler - {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
Filter: lzdhtml - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS2\system32\urlmon.dll (Microsoft Corporation)
Filter: text/webviewhtml - {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS2\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS2\system32\shell32.dll [8462848 2012-06-08] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.10.20.1 10.10.10.1
 
FireFox:
========
FF ProfilePath: C:\Documents and Settings\Chris\Application Data\Mozilla\Firefox\Profiles\5x90649l.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS2\system32\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin: @Microsoft.com/DownloadManager,version=1.1 - C:\WINDOWS2\ ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlchromebrowserrecordext;version=1.3.3 - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlhtml5videoshim;version=1.3.3 - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprndlpepperflashvideoshim;version=1.3.3 - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.3.51 - C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @realnetworks.com/npdlplugin;version=1 - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Documents and Settings\Chris\Local Settings\Application Data\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\xfinity.xml
FF HKLM\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files\T-Mobile\T-Mobile Connection Manager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files\T-Mobile\T-Mobile Connection Manager\Bin\addon [2012-10-13]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS2\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\
FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ []
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF Extension: RealDownloader - C:\Documents and Settings\All Users.WINDOWS2\Application Data\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-15]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-18]
 
Chrome: 
=======
CHR HomePage: 
CHR DefaultSearchKeyword: yahoo.com
CHR DefaultSearchProvider: Yahoo!
CHR DefaultNewTabURL: 
CHR Extension: (Google Docs) - C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-24]
CHR Extension: (Google Drive) - C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-24]
CHR Extension: (YouTube) - C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-24]
CHR Extension: (Google Search) - C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-24]
CHR Extension: (Xfinity) - C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hemjgdpngmhbimofcicjfhibkdbigdmb [2014-01-30]
CHR Extension: (Google Wallet) - C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-24]
CHR Extension: (Gmail) - C:\Documents and Settings\Chris\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-24]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2013-11-24]
CHR HKLM\...\Chrome\Extension: [hemjgdpngmhbimofcicjfhibkdbigdmb] - C:\Documents and Settings\All Users.WINDOWS2\Application Data\comcastModemRelease\shortcuts\chrome\xfinity.crx [2013-02-08]
 
========================== Services (Whitelisted) =================
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
S3 AdobeFlashPlayerUpdateSvc; C:\WINDOWS2\system32\Macromed\Flash\FlashPlayerUpdateService.exe [257928 2014-02-05] (Adobe Systems Incorporated)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2008-08-26] (Agere Systems)
S4 Alerter; C:\WINDOWS2\system32\alrsvc.dll [17408 2008-04-13] (Microsoft Corporation)
R3 ALG; C:\WINDOWS2\System32\alg.exe [44544 2008-04-13] (Microsoft Corporation)
S3 aspnet_state; C:\WINDOWS2\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [34312 2008-07-25] (Microsoft Corporation)
R2 AudioSrv; C:\WINDOWS2\System32\audiosrv.dll [42496 2008-04-13] (Microsoft Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-10] (AVAST Software)
R2 BITS; C:\WINDOWS2\system32\qmgr.dll [409088 2008-04-13] (Microsoft Corporation)
S2 Browser; C:\WINDOWS2\System32\browser.dll [78336 2012-07-06] (Microsoft Corporation)
S3 CiSvc; C:\WINDOWS2\system32\cisvc.exe [5632 2008-04-13] (Microsoft Corporation)
S3 ClipSrv; C:\WINDOWS2\system32\clipsrv.exe [33280 2008-04-13] (Microsoft Corporation)
S3 clr_optimization_v2.0.50727_32; c:\WINDOWS2\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [69632 2008-07-25] (Microsoft Corporation)
S3 COMSysApp; C:\WINDOWS2\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
R2 CryptSvc; C:\WINDOWS2\System32\cryptsvc.dll [62464 2008-04-13] (Microsoft Corporation)
R2 DcomLaunch; C:\WINDOWS2\system32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
R2 Dhcp; C:\WINDOWS2\System32\dhcpcsvc.dll [126976 2008-04-13] (Microsoft Corporation)
R2 dkab_device; C:\WINDOWS2\system32\DKabcoms.exe [593920 2012-10-02] ( )
S3 dmadmin; C:\WINDOWS2\System32\dmadmin.exe [224768 2008-04-13] (Microsoft Corp., Veritas Software)
S3 dmserver; C:\WINDOWS2\System32\dmserver.dll [23552 2008-04-13] (Microsoft Corp.)
R2 Dnscache; C:\WINDOWS2\System32\dnsrslvr.dll [45568 2009-04-20] (Microsoft Corporation)
S3 Dot3svc; C:\WINDOWS2\System32\dot3svc.dll [132096 2008-04-13] (Microsoft Corporation)
S3 EapHost; C:\WINDOWS2\System32\eapsvc.dll [33792 2008-04-13] (Microsoft Corporation)
R2 ERSvc; C:\WINDOWS2\System32\ersvc.dll [23040 2008-04-13] (Microsoft Corporation)
S2 Eventlog; C:\WINDOWS2\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R3 EventSystem; C:\WINDOWS2\system32\es.dll [253952 2008-07-07] (Microsoft Corporation)
R3 FastUserSwitchingCompatibility; C:\WINDOWS2\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
S3 FontCache3.0.0.0; c:\WINDOWS2\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [46104 2008-07-29] (Microsoft Corporation)
R2 helpsvc; C:\WINDOWS2\PCHealth\HelpCtr\Binaries\pchsvc.dll [38400 2008-04-13] (Microsoft Corporation)
S3 hkmsvc; C:\WINDOWS2\System32\kmsvc.dll [61440 2008-04-13] (Microsoft Corporation)
S3 HTTPFilter; C:\WINDOWS2\System32\w3ssl.dll [15872 2008-04-13] (Microsoft Corporation)
S3 idsvc; c:\WINDOWS2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [881664 2008-07-29] (Microsoft Corporation)
S3 ImapiService; C:\WINDOWS2\system32\imapi.exe [150528 2008-04-13] (Microsoft Corporation)
R2 LanmanServer; C:\WINDOWS2\System32\srvsvc.dll [99840 2010-08-27] (Microsoft Corporation)
R2 lanmanworkstation; C:\WINDOWS2\System32\wkssvc.dll [132096 2009-06-10] (Microsoft Corporation)
R2 LmHosts; C:\WINDOWS2\System32\lmhsvc.dll [13824 2008-04-13] (Microsoft Corporation)
S4 Messenger; C:\WINDOWS2\System32\msgsvc.dll [33792 2008-04-13] (Microsoft Corporation)
S3 mnmsrvc; C:\WINDOWS2\system32\mnmsrvc.exe [32768 2008-04-13] (Microsoft Corporation)
S3 MSDTC; C:\WINDOWS2\system32\msdtc.exe [6144 2008-04-13] (Microsoft Corporation)
S3 MSIServer; C:\WINDOWS2\System32\msiexec.exe [78848 2008-04-13] (Microsoft Corporation)
S3 napagent; C:\WINDOWS2\System32\qagentrt.dll [291328 2008-04-13] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\WINDOWS2\system32\HPZinw12.dll [44032 2009-05-14] (Hewlett-Packard)
S4 NetDDE; C:\WINDOWS2\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
S4 NetDDEdsdm; C:\WINDOWS2\system32\netdde.exe [111104 2008-04-13] (Microsoft Corporation)
S3 Netlogon; C:\WINDOWS2\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R3 Netman; C:\WINDOWS2\System32\netman.dll [198144 2008-04-13] (Microsoft Corporation)
S4 NetTcpPortSharing; c:\WINDOWS2\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [132096 2008-07-29] (Microsoft Corporation)
R3 Nla; C:\WINDOWS2\System32\mswsock.dll [245248 2008-06-20] (Microsoft Corporation)
S3 NtLmSsp; C:\WINDOWS2\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
S3 NtmsSvc; C:\WINDOWS2\system32\ntmssvc.dll [435200 2008-04-13] (Microsoft Corporation)
R2 PlugPlay; C:\WINDOWS2\system32\services.exe [110592 2009-02-06] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\WINDOWS2\system32\HPZipm12.dll [53760 2009-05-14] (Hewlett-Packard)
R2 PolicyAgent; C:\WINDOWS2\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
R2 ProtectedStorage; C:\WINDOWS2\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
S3 RasAuto; C:\WINDOWS2\System32\rasauto.dll [88576 2008-04-13] (Microsoft Corporation)
R3 RasMan; C:\WINDOWS2\System32\rasmans.dll [186368 2008-04-13] (Microsoft Corporation)
S3 RDSessMgr; C:\WINDOWS2\system32\sessmgr.exe [141312 2008-04-13] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 RemoteAccess; C:\WINDOWS2\System32\mprdim.dll [53248 2008-04-13] (Microsoft Corporation)
S3 RpcLocator; C:\WINDOWS2\system32\locator.exe [75264 2008-04-13] (Microsoft Corporation)
R2 RpcSs; C:\WINDOWS2\System32\rpcss.dll [401408 2009-02-09] (Microsoft Corporation)
S3 RSVP; C:\WINDOWS2\system32\rsvp.exe [132608 2008-04-13] (Microsoft Corporation)
R2 SamSs; C:\WINDOWS2\system32\lsass.exe [13312 2008-04-13] (Microsoft Corporation)
S3 SCardSvr; C:\WINDOWS2\System32\SCardSvr.exe [95744 2008-04-13] (Microsoft Corporation)
S2 Schedule; C:\WINDOWS2\system32\schedsvc.dll [192512 2008-04-13] (Microsoft Corporation)
R2 seclogon; C:\WINDOWS2\System32\seclogon.dll [18944 2008-04-13] (Microsoft Corporation)
R2 SENS; C:\WINDOWS2\system32\sens.dll [39424 2008-04-13] (Microsoft Corporation)
R2 SharedAccess; C:\WINDOWS2\System32\ipnathlp.dll [331264 2008-04-13] (Microsoft Corporation)
R2 ShellHWDetection; C:\WINDOWS2\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 Spooler; C:\WINDOWS2\system32\spoolsv.exe [58880 2010-08-17] (Microsoft Corporation)
R2 srservice; C:\WINDOWS2\system32\srsvc.dll [171008 2008-04-13] (Microsoft Corporation)
R3 SSDPSRV; C:\WINDOWS2\System32\ssdpsrv.dll [71680 2008-04-13] (Microsoft Corporation)
R2 stisvc; C:\WINDOWS2\system32\wiaservc.dll [333824 2008-04-13] (Microsoft Corporation)
S3 SwPrv; C:\WINDOWS2\system32\dllhost.exe [5120 2008-04-13] (Microsoft Corporation)
S3 SysmonLog; C:\WINDOWS2\system32\smlogsvc.exe [89600 2008-04-13] (Microsoft Corporation)
R3 TapiSrv; C:\WINDOWS2\System32\tapisrv.dll [249856 2008-04-13] (Microsoft Corporation)
R3 TermService; C:\WINDOWS2\System32\termsrv.dll [295424 2008-04-13] (Microsoft Corporation)
R2 Themes; C:\WINDOWS2\System32\shsvcs.dll [135168 2009-07-27] (Microsoft Corporation)
R2 TrkWks; C:\WINDOWS2\system32\trkwks.dll [90112 2008-04-13] (Microsoft Corporation)
S3 upnphost; C:\WINDOWS2\System32\upnphost.dll [185856 2008-04-13] (Microsoft Corporation)
S3 UPS; C:\WINDOWS2\System32\ups.exe [18432 2008-04-13] (Microsoft Corporation)
S3 VSS; C:\WINDOWS2\System32\vssvc.exe [289792 2008-04-13] (Microsoft Corporation)
R2 W32Time; C:\WINDOWS2\system32\w32time.dll [175104 2008-04-13] (Microsoft Corporation)
R2 WebClient; C:\WINDOWS2\System32\webclnt.dll [68096 2008-04-13] (Microsoft Corporation)
R2 winmgmt; C:\WINDOWS2\system32\wbem\WMIsvc.dll [144896 2008-04-13] (Microsoft Corporation)
S3 WmdmPmSN; C:\WINDOWS2\system32\MsPMSNSv.dll [27136 2006-10-18] (Microsoft Corporation)
S3 WmiApSrv; C:\WINDOWS2\system32\wbem\wmiapsrv.exe [126464 2008-04-13] (Microsoft Corporation)
R2 wscsvc; C:\WINDOWS2\system32\wscsvc.dll [80896 2008-04-13] (Microsoft Corporation)
R2 wuauserv; C:\WINDOWS2\system32\wuauserv.dll [6656 2008-04-13] (Microsoft Corporation)
S3 WudfSvc; C:\WINDOWS2\System32\WUDFSvc.dll [55808 2006-09-28] (Microsoft Corporation)
R2 WZCSVC; C:\WINDOWS2\System32\wzcsvc.dll [483840 2008-04-13] (Microsoft Corporation)
S3 xmlprov; C:\WINDOWS2\System32\xmlprov.dll [129024 2008-04-13] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
R0 ACPI; C:\WINDOWS2\System32\DRIVERS\ACPI.sys [187776 2008-04-13] (Microsoft Corporation)
R0 ACPIEC; C:\WINDOWS2\System32\DRIVERS\ACPIEC.sys [11648 2008-04-13] (Microsoft Corporation)
R3 ADIHdAudAddService; C:\WINDOWS2\System32\drivers\ADIHdAud.sys [281600 2007-10-01] (Analog Devices, Inc.)
R3 AEAudio; C:\WINDOWS2\System32\drivers\AEAudio.sys [94976 2007-07-13] (Andrea Electronics Corporation)
S3 aec; C:\WINDOWS2\System32\drivers\aec.sys [142592 2008-04-13] (Microsoft Corporation)
R1 AFD; C:\WINDOWS2\System32\drivers\afd.sys [138496 2011-08-17] (Microsoft Corporation)
R3 AgereSoftModem; C:\WINDOWS2\System32\DRIVERS\AGRSM.sys [1204128 2008-11-21] (Agere Systems)
R3 Arp1394; C:\WINDOWS2\System32\DRIVERS\arp1394.sys [60800 2008-04-13] (Microsoft Corporation)
R2 aswMonFlt; C:\WINDOWS2\system32\drivers\aswMonFlt.sys [67824 2014-02-10] (AVAST Software)
R1 AswRdr; C:\WINDOWS2\system32\drivers\aswRdr.sys [54832 2014-02-10] (AVAST Software)
R0 aswRvrt; C:\WINDOWS2\system32\Drivers\aswRvrt.sys [49944 2013-11-24] ()
R1 aswSnx; C:\WINDOWS2\system32\drivers\aswSnx.sys [775952 2014-02-10] (AVAST Software)
R1 aswSP; C:\WINDOWS2\system32\drivers\aswSP.sys [410784 2014-02-10] (AVAST Software)
R1 aswTdi; C:\WINDOWS2\system32\drivers\aswTdi.sys [57672 2014-02-10] (AVAST Software)
R0 aswVmm; C:\WINDOWS2\system32\Drivers\aswVmm.sys [180248 2013-12-31] ()
S3 AsyncMac; C:\WINDOWS2\System32\DRIVERS\asyncmac.sys [14336 2008-04-13] (Microsoft Corporation)
R0 atapi; C:\WINDOWS2\System32\DRIVERS\atapi.sys [96512 2008-04-13] (Microsoft Corporation)
S3 Atmarpc; C:\WINDOWS2\System32\DRIVERS\atmarpc.sys [59904 2008-04-13] (Microsoft Corporation)
R3 audstub; C:\WINDOWS2\System32\DRIVERS\audstub.sys [3072 2001-08-17] (Microsoft Corporation)
R3 bcm4sbxp; C:\WINDOWS2\System32\DRIVERS\bcm4sbxp.sys [45312 2005-08-05] (Broadcom Corporation)
R1 Beep; C:\WINDOWS2\system32\Drivers\Beep.sys [4224 2008-04-13] (Microsoft Corporation)
R0 BMLoad; C:\WINDOWS2\System32\drivers\BMLoad.sys [13184 2009-12-14] (Bytemobile, Inc.)
S4 cbidf2k; C:\WINDOWS2\system32\Drivers\cbidf2k.sys [13952 2008-04-13] (Microsoft Corporation)
S1 Cdaudio; C:\WINDOWS2\system32\Drivers\Cdaudio.sys [18688 2008-04-13] (Microsoft Corporation)
R4 Cdfs; C:\WINDOWS2\system32\Drivers\Cdfs.sys [63744 2008-04-13] (Microsoft Corporation)
R1 Cdrom; C:\WINDOWS2\System32\DRIVERS\cdrom.sys [62976 2008-05-02] (Microsoft Corporation)
R3 CmBatt; C:\WINDOWS2\System32\DRIVERS\CmBatt.sys [13952 2008-04-13] (Microsoft Corporation)
R0 Compbatt; C:\WINDOWS2\System32\DRIVERS\compbatt.sys [10240 2008-04-13] (Microsoft Corporation)
R0 Disk; C:\WINDOWS2\System32\DRIVERS\disk.sys [36352 2008-04-14] (Microsoft Corporation)
S4 dmboot; C:\WINDOWS2\System32\drivers\dmboot.sys [799744 2008-04-13] (Microsoft Corp., Veritas Software)
S4 dmio; C:\WINDOWS2\System32\drivers\dmio.sys [153344 2008-04-13] (Microsoft Corp., Veritas Software)
S4 dmload; C:\WINDOWS2\System32\drivers\dmload.sys [5888 2008-04-13] (Microsoft Corp., Veritas Software.)
S3 DMusic; C:\WINDOWS2\System32\drivers\DMusic.sys [52864 2008-04-13] (Microsoft Corporation)
S3 drmkaud; C:\WINDOWS2\System32\drivers\drmkaud.sys [2944 2008-04-13] (Microsoft Corporation)
R4 Fastfat; C:\WINDOWS2\system32\Drivers\Fastfat.sys [143744 2008-04-13] (Microsoft Corporation)
S1 Fdc; C:\WINDOWS2\system32\Drivers\Fdc.sys [27392 2008-04-13] (Microsoft Corporation)
R1 Fips; C:\WINDOWS2\system32\Drivers\Fips.sys [44544 2008-04-13] (Microsoft Corporation)
S1 Flpydisk; C:\WINDOWS2\system32\Drivers\Flpydisk.sys [20480 2008-04-13] (Microsoft Corporation)
R0 FltMgr; C:\WINDOWS2\System32\DRIVERS\fltMgr.sys [129792 2008-04-13] (Microsoft Corporation)
U1 Fs_Rec; C:\WINDOWS2\system32\Drivers\Fs_Rec.sys [7936 2008-04-13] (Microsoft Corporation)
R0 Ftdisk; C:\WINDOWS2\System32\DRIVERS\ftdisk.sys [125056 2008-04-13] (Microsoft Corporation)
R3 Gpc; C:\WINDOWS2\System32\DRIVERS\msgpc.sys [35072 2008-04-13] (Microsoft Corporation)
R3 HBtnKey; C:\WINDOWS2\System32\DRIVERS\cpqbttn.sys [14904 2010-02-24] (Hewlett-Packard Company)
R3 HDAudBus; C:\WINDOWS2\System32\DRIVERS\HDAudBus.sys [144384 2008-04-13] (Windows ® Server 2003 DDK provider)
S3 HidUsb; C:\WINDOWS2\System32\DRIVERS\hidusb.sys [10368 2008-04-14] (Microsoft Corporation)
S3 HPZid412; C:\WINDOWS2\System32\DRIVERS\HPZid412.sys [49920 2008-10-28] (HP)
S3 HPZipr12; C:\WINDOWS2\System32\DRIVERS\HPZipr12.sys [16496 2008-10-28] (HP)
S3 HPZius12; C:\WINDOWS2\System32\DRIVERS\HPZius12.sys [21568 2008-10-28] (HP)
R3 HTTP; C:\WINDOWS2\System32\Drivers\HTTP.sys [265728 2009-10-20] (Microsoft Corporation)
R1 i8042prt; C:\WINDOWS2\System32\DRIVERS\i8042prt.sys [52480 2008-04-13] (Microsoft Corporation)
R3 ialm; C:\WINDOWS2\System32\DRIVERS\igxpmp32.sys [5854752 2008-02-15] (Intel Corporation)
R0 iastor; C:\WINDOWS2\System32\drivers\iastor.sys [324120 2008-07-20] (Intel Corporation)
R1 Imapi; C:\WINDOWS2\System32\DRIVERS\imapi.sys [42112 2008-04-13] (Microsoft Corporation)
R1 intelppm; C:\WINDOWS2\System32\DRIVERS\intelppm.sys [36352 2008-04-13] (Microsoft Corporation)
S3 Ip6Fw; C:\WINDOWS2\System32\DRIVERS\Ip6Fw.sys [36608 2008-04-13] (Microsoft Corporation)
S3 IpFilterDriver; C:\WINDOWS2\System32\DRIVERS\ipfltdrv.sys [32896 2008-04-13] (Microsoft Corporation)
S3 IpInIp; C:\WINDOWS2\System32\DRIVERS\ipinip.sys [20864 2008-04-13] (Microsoft Corporation)
R3 IpNat; C:\WINDOWS2\System32\DRIVERS\ipnat.sys [152832 2008-04-13] (Microsoft Corporation)
R1 IPSec; C:\WINDOWS2\System32\DRIVERS\ipsec.sys [75264 2008-04-13] (Microsoft Corporation)
S3 IRENUM; C:\WINDOWS2\System32\DRIVERS\irenum.sys [11264 2008-04-13] (Microsoft Corporation)
R0 isapnp; C:\WINDOWS2\System32\DRIVERS\isapnp.sys [37248 2008-04-13] (Microsoft Corporation)
R1 Kbdclass; C:\WINDOWS2\System32\DRIVERS\kbdclass.sys [24576 2008-04-13] (Microsoft Corporation)
R1 kbdhid; C:\WINDOWS2\System32\DRIVERS\kbdhid.sys [14592 2008-04-13] (Microsoft Corporation)
S3 kmixer; C:\WINDOWS2\System32\drivers\kmixer.sys [172416 2008-04-13] (Microsoft Corporation)
R0 KSecDD; C:\WINDOWS2\system32\Drivers\KSecDD.sys [92928 2009-06-24] (Microsoft Corporation)
S3 MBAMSwissArmy; C:\WINDOWS2\system32\drivers\mbamswissarmy.sys [40776 2014-02-26] (Malwarebytes Corporation)
R1 mnmdd; C:\WINDOWS2\system32\Drivers\mnmdd.sys [4224 2008-04-13] (Microsoft Corporation)
R3 Modem; C:\WINDOWS2\system32\Drivers\Modem.sys [30080 2008-04-13] (Microsoft Corporation)
R1 Mouclass; C:\WINDOWS2\System32\DRIVERS\mouclass.sys [23040 2008-04-13] (Microsoft Corporation)
S3 mouhid; C:\WINDOWS2\System32\DRIVERS\mouhid.sys [12160 2001-08-17] (Microsoft Corporation)
R0 MountMgr; C:\WINDOWS2\system32\Drivers\MountMgr.sys [42368 2008-04-13] (Microsoft Corporation)
R3 MRxDAV; C:\WINDOWS2\System32\DRIVERS\mrxdav.sys [180608 2008-04-13] (Microsoft Corporation)
R1 MRxSmb; C:\WINDOWS2\System32\DRIVERS\mrxsmb.sys [456320 2011-07-15] (Microsoft Corporation)
R1 Msfs; C:\WINDOWS2\system32\Drivers\Msfs.sys [19072 2008-04-13] (Microsoft Corporation)
S3 MSKSSRV; C:\WINDOWS2\System32\drivers\MSKSSRV.sys [7552 2008-04-13] (Microsoft Corporation)
S3 MSPCLOCK; C:\WINDOWS2\System32\drivers\MSPCLOCK.sys [5376 2008-04-13] (Microsoft Corporation)
S3 MSPQM; C:\WINDOWS2\System32\drivers\MSPQM.sys [4992 2008-04-13] (Microsoft Corporation)
R3 mssmbios; C:\WINDOWS2\System32\DRIVERS\mssmbios.sys [15488 2008-04-13] (Microsoft Corporation)
R0 Mup; C:\WINDOWS2\system32\Drivers\Mup.sys [105472 2011-04-21] (Microsoft Corporation)
R0 NDIS; C:\WINDOWS2\system32\Drivers\NDIS.sys [182656 2008-04-13] (Microsoft Corporation)
R3 NdisTapi; C:\WINDOWS2\System32\DRIVERS\ndistapi.sys [10496 2011-07-08] (Microsoft Corporation)
R3 Ndisuio; C:\WINDOWS2\System32\DRIVERS\ndisuio.sys [14592 2008-04-13] (Microsoft Corporation)
R3 NdisWan; C:\WINDOWS2\System32\DRIVERS\ndiswan.sys [91520 2008-04-13] (Microsoft Corporation)
R3 NDProxy; C:\WINDOWS2\system32\Drivers\NDProxy.sys [40960 2013-11-27] (Microsoft Corporation)
R1 NetBIOS; C:\WINDOWS2\System32\DRIVERS\netbios.sys [34688 2008-04-13] (Microsoft Corporation)
R1 NetBT; C:\WINDOWS2\System32\DRIVERS\netbt.sys [162816 2008-04-13] (Microsoft Corporation)
R3 NETw4x32; C:\WINDOWS2\System32\DRIVERS\NETw4x32.sys [2236544 2007-10-31] (Intel Corporation)
R3 NIC1394; C:\WINDOWS2\System32\DRIVERS\nic1394.sys [61824 2008-04-13] (Microsoft Corporation)
R1 Npfs; C:\WINDOWS2\system32\Drivers\Npfs.sys [30848 2008-04-13] (Microsoft Corporation)
R4 Ntfs; C:\WINDOWS2\system32\Drivers\Ntfs.sys [574976 2008-04-13] (Microsoft Corporation)
R1 Null; C:\WINDOWS2\system32\Drivers\Null.sys [2944 2008-04-13] (Microsoft Corporation)
S3 NwlnkFlt; C:\WINDOWS2\System32\DRIVERS\nwlnkflt.sys [12416 2008-04-13] (Microsoft Corporation)
S3 NwlnkFwd; C:\WINDOWS2\System32\DRIVERS\nwlnkfwd.sys [32512 2008-04-13] (Microsoft Corporation)
R0 ohci1394; C:\WINDOWS2\System32\DRIVERS\ohci1394.sys [61696 2008-04-13] (Microsoft Corporation)
R3 Parport; C:\WINDOWS2\System32\DRIVERS\parport.sys [80128 2008-04-13] (Microsoft Corporation)
R0 PartMgr; C:\WINDOWS2\system32\Drivers\PartMgr.sys [19712 2008-04-13] (Microsoft Corporation)
R2 ParVdm; C:\WINDOWS2\system32\Drivers\ParVdm.sys [6784 2008-04-13] (Microsoft Corporation)
R0 PCI; C:\WINDOWS2\System32\DRIVERS\pci.sys [68224 2008-04-13] (Microsoft Corporation)
R0 PCIIde; C:\WINDOWS2\System32\DRIVERS\pciide.sys [3328 2008-04-13] (Microsoft Corporation)
R0 Pcmcia; C:\WINDOWS2\System32\DRIVERS\pcmcia.sys [120192 2008-04-13] (Microsoft Corporation)
R3 PptpMiniport; C:\WINDOWS2\System32\DRIVERS\raspptp.sys [48384 2008-04-13] (Microsoft Corporation)
R3 PSched; C:\WINDOWS2\System32\DRIVERS\psched.sys [69120 2008-04-13] (Microsoft Corporation)
R3 Ptilink; C:\WINDOWS2\System32\DRIVERS\ptilink.sys [17792 2008-04-13] (Parallel Technologies, Inc.)
R0 PxHelp20; C:\WINDOWS2\System32\Drivers\PxHelp20.sys [20576 2004-08-02] (Sonic Solutions)
R1 RasAcd; C:\WINDOWS2\System32\DRIVERS\rasacd.sys [8832 2008-04-13] (Microsoft Corporation)
R3 Rasl2tp; C:\WINDOWS2\System32\DRIVERS\rasl2tp.sys [51328 2008-04-13] (Microsoft Corporation)
R3 RasPppoe; C:\WINDOWS2\System32\DRIVERS\raspppoe.sys [41472 2008-04-13] (Microsoft Corporation)
R3 Raspti; C:\WINDOWS2\System32\DRIVERS\raspti.sys [16512 2008-04-13] (Microsoft Corporation)
R1 Rdbss; C:\WINDOWS2\System32\DRIVERS\rdbss.sys [175744 2008-04-13] (Microsoft Corporation)
R1 RDPCDD; C:\WINDOWS2\System32\DRIVERS\RDPCDD.sys [4224 2008-04-13] (Microsoft Corporation)
S3 RDPWD; C:\WINDOWS2\system32\Drivers\RDPWD.sys [139784 2012-07-04] (Microsoft Corporation)
R1 redbook; C:\WINDOWS2\System32\DRIVERS\redbook.sys [57600 2008-04-13] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Secdrv; C:\WINDOWS2\System32\DRIVERS\secdrv.sys [20480 2008-04-13] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
S2 Serial; C:\WINDOWS2\system32\Drivers\Serial.sys [64512 2008-04-13] (Microsoft Corporation)
S1 Sfloppy; C:\WINDOWS2\system32\Drivers\Sfloppy.sys [11392 2008-04-13] (Microsoft Corporation)
S3 splitter; C:\WINDOWS2\System32\drivers\splitter.sys [6272 2008-04-13] (Microsoft Corporation)
R0 sr; C:\WINDOWS2\System32\DRIVERS\sr.sys [73472 2008-04-13] (Microsoft Corporation)
R3 Srv; C:\WINDOWS2\System32\DRIVERS\srv.sys [357888 2011-02-17] (Microsoft Corporation)
R3 swenum; C:\WINDOWS2\System32\DRIVERS\swenum.sys [4352 2008-04-13] (Microsoft Corporation)
S3 swmidi; C:\WINDOWS2\System32\drivers\swmidi.sys [56576 2008-04-13] (Microsoft Corporation)
R3 sysaudio; C:\WINDOWS2\System32\drivers\sysaudio.sys [60800 2008-04-13] (Microsoft Corporation)
S3 tap0901; C:\WINDOWS2\System32\DRIVERS\tap0901.sys [35088 2013-04-30] (The OpenVPN Project)
R1 Tcpip; C:\WINDOWS2\System32\DRIVERS\tcpip.sys [361600 2008-06-20] (Microsoft Corporation)
R1 tcpipBM; C:\WINDOWS2\system32\Drivers\tcpipBM.sys [24192 2009-12-14] (Bytemobile, Inc.)
S3 TDPIPE; C:\WINDOWS2\system32\Drivers\TDPIPE.sys [12040 2008-04-13] (Microsoft Corporation)
S3 TDTCP; C:\WINDOWS2\system32\Drivers\TDTCP.sys [21896 2008-04-13] (Microsoft Corporation)
R1 TermDD; C:\WINDOWS2\System32\DRIVERS\termdd.sys [40840 2008-04-14] (Microsoft Corporation)
S3 t_mobile_zte_cdc_acm; C:\WINDOWS2\System32\DRIVERS\t_mobile_zte_cdc_acm.sys [66432 2011-01-18] (T-Mobile)
S3 t_mobile_zte_cdc_ecm; C:\WINDOWS2\System32\DRIVERS\t_mobile_zte_cdc_ecm.sys [32768 2011-01-18] (T-Mobile)
S3 t_mobile_zte_cpo; C:\WINDOWS2\System32\DRIVERS\t_mobile_zte_cpo.sys [9984 2011-01-18] (T-Mobile)
S3 t_mobile_zte_ecm_enum; C:\WINDOWS2\System32\DRIVERS\t_mobile_zte_ecm_enum.sys [44800 2011-01-18] (T-Mobile)
S3 t_mobile_zte_ecm_enum_filter; C:\WINDOWS2\System32\DRIVERS\t_mobile_zte_ecm_enum_filter.sys [44800 2011-01-18] (T-Mobile)
S4 Udfs; C:\WINDOWS2\system32\Drivers\Udfs.sys [66048 2008-04-13] (Microsoft Corporation)
R3 Update; C:\WINDOWS2\System32\DRIVERS\update.sys [384768 2008-04-13] (Microsoft Corporation)
S3 usbccgp; C:\WINDOWS2\System32\DRIVERS\usbccgp.sys [32384 2013-08-08] (Microsoft Corporation)
R3 usbehci; C:\WINDOWS2\System32\DRIVERS\usbehci.sys [30336 2009-03-18] (Microsoft Corporation)
R3 usbhub; C:\WINDOWS2\System32\DRIVERS\usbhub.sys [59520 2008-04-13] (Microsoft Corporation)
S3 usbprint; C:\WINDOWS2\System32\DRIVERS\usbprint.sys [25856 2008-04-13] (Microsoft Corporation)
S3 usbscan; C:\WINDOWS2\System32\DRIVERS\usbscan.sys [14976 2013-07-02] (Microsoft Corporation)
R3 USBSTOR; C:\WINDOWS2\System32\DRIVERS\USBSTOR.SYS [26368 2008-04-14] (Microsoft Corporation)
R3 usbuhci; C:\WINDOWS2\System32\DRIVERS\usbuhci.sys [20608 2008-04-13] (Microsoft Corporation)
R1 VgaSave; C:\WINDOWS2\System32\drivers\vga.sys [20992 2008-04-13] (Microsoft Corporation)
R0 VolSnap; C:\WINDOWS2\system32\Drivers\VolSnap.sys [52352 2008-04-13] (Microsoft Corporation)
R3 Wanarp; C:\WINDOWS2\System32\DRIVERS\wanarp.sys [34560 2008-04-13] (Microsoft Corporation)
S3 Wdf01000; C:\WINDOWS2\System32\Drivers\wdf01000.sys [444136 2009-07-14] (Microsoft Corporation)
R3 wdmaud; C:\WINDOWS2\System32\drivers\wdmaud.sys [83072 2008-04-13] (Microsoft Corporation)
R1 WmiAcpi; C:\WINDOWS2\System32\DRIVERS\wmiacpi.sys [8832 2008-04-13] (Microsoft Corporation)
R1 WS2IFSL; C:\WINDOWS2\System32\drivers\ws2ifsl.sys [12032 2008-04-13] (Microsoft Corporation)
S3 WudfPf; C:\WINDOWS2\System32\DRIVERS\WudfPf.sys [77568 2006-09-28] (Microsoft Corporation)
S3 WudfRd; C:\WINDOWS2\System32\DRIVERS\wudfrd.sys [82944 2006-09-28] (Microsoft Corporation)
S0 cerc6; No ImagePath
S4 IntelIde; No ImagePath
U3 TlntSvr; 
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-27 12:37 - 2014-02-27 12:37 - 00000882 _____ () C:\WINDOWS2\Tasks\GoogleUpdateTaskMachineCore1cf33e29e97c75c.job
2014-02-27 12:18 - 2008-04-13 19:12 - 00014336 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\svchost.exe
2014-02-27 12:18 - 2008-04-13 19:12 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS2\system32\svchost.exe
2014-02-27 12:17 - 2014-02-27 13:31 - 00000000 ____D () C:\FRST
2014-02-26 21:52 - 2014-02-26 21:52 - 00000033 _____ () C:\Documents and Settings\Chris\Application Data\mbam.context.scan
2014-02-26 13:24 - 2014-02-26 13:24 - 00011835 _____ () C:\Documents and Settings\Chris\Desktop\attach.txt
2014-02-26 13:24 - 2014-02-26 13:24 - 00008694 _____ () C:\Documents and Settings\Chris\Desktop\dds.txt
2014-02-16 22:11 - 2014-02-16 22:11 - 00090112 _____ () C:\WINDOWS2\Minidump\Mini021614-02.dmp
2014-02-16 17:37 - 2014-02-16 17:37 - 00090112 _____ () C:\WINDOWS2\Minidump\Mini021614-01.dmp
2014-02-16 17:15 - 2014-02-16 17:29 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-16 17:15 - 2014-02-16 17:29 - 00000000 ____D () C:\Documents and Settings\Administrator.CHRIS-1EC6C6A3C\Desktop\mbar
2014-02-16 17:15 - 2014-02-16 17:15 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS2\system32\Drivers\mbamchameleon.sys
2014-02-16 13:43 - 2014-02-16 13:43 - 00000000 ____D () C:\Documents and Settings\Administrator.CHRIS-1EC6C6A3C\Application Data\SUPERAntiSpyware.com
2014-02-16 13:40 - 2014-02-16 13:40 - 00001678 _____ () C:\Documents and Settings\All Users.WINDOWS2\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-16 13:40 - 2014-02-16 13:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\SUPERAntiSpyware
2014-02-16 13:40 - 2014-02-16 13:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Application Data\SUPERAntiSpyware.com
2014-02-13 19:25 - 2014-02-13 19:25 - 00000000 ____D () C:\Documents and Settings\Administrator.CHRIS-1EC6C6A3C\Application Data\Malwarebytes
2014-02-13 15:33 - 2014-02-13 15:54 - 00000784 _____ () C:\Documents and Settings\All Users.WINDOWS2\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-13 15:33 - 2014-02-13 15:54 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-13 15:33 - 2014-02-13 15:54 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-02-13 15:33 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS2\system32\Drivers\mbam.sys
2014-02-13 15:07 - 2014-02-26 21:52 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS2\system32\Drivers\mbamswissarmy.sys
2014-02-12 22:33 - 2014-02-12 22:33 - 00121730 _____ () C:\unp303535161618106014.mdmp
2014-02-12 18:22 - 2014-02-12 18:22 - 00000000 ____D () C:\Documents and Settings\Administrator.CHRIS-1EC6C6A3C\Application Data\AVAST Software
2014-02-12 18:22 - 2014-02-12 18:22 - 00000000 ____D () C:\Documents and Settings\Administrator.CHRIS-1EC6C6A3C\Application Data\Adobe
2014-02-12 18:03 - 2014-02-12 18:03 - 00009128 ____N () C:\bootex.log
2014-02-12 17:56 - 2014-02-12 17:56 - 00000000 __HDC () C:\WINDOWS2\$NtUninstallKB2916036$
2014-02-12 17:48 - 2014-02-27 12:31 - 00014763 _____ () C:\WINDOWS2\KB2909921-IE8.log
2014-02-12 17:47 - 2014-02-12 17:48 - 00004194 _____ () C:\WINDOWS2\KB2909210-IE8.log
2014-02-12 17:43 - 2014-02-12 17:56 - 00013206 _____ () C:\WINDOWS2\KB2916036.log
2014-02-10 01:58 - 2014-02-10 01:58 - 00000403 _____ () C:\WINDOWS2\wmsetup.log
2014-01-30 18:34 - 2014-01-30 18:34 - 00001306 _____ () C:\Documents and Settings\Chris\Desktop\XFINITY Connect.lnk
2014-01-30 18:34 - 2014-01-30 18:34 - 00001278 _____ () C:\Documents and Settings\Chris\Desktop\Constant Guard Protection Suite.lnk
2014-01-30 18:34 - 2014-01-30 18:34 - 00001272 _____ () C:\Documents and Settings\Chris\Desktop\XFINITY TV.lnk
2014-01-30 18:34 - 2014-01-30 18:34 - 00001179 _____ () C:\comcastrelease.log
2014-01-30 18:34 - 2014-01-30 18:34 - 00000000 ____D () C:\Documents and Settings\Chris\Local Settings\Application Data\Xfinity.com
2014-01-30 18:34 - 2014-01-30 18:34 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Application Data\comcastModemRelease
 
==================== One Month Modified Files and Folders =======
 
2014-02-27 13:31 - 2014-02-27 12:17 - 00000000 ____D () C:\FRST
2014-02-27 13:28 - 2012-08-14 20:31 - 01508344 _____ () C:\WINDOWS2\WindowsUpdate.log
2014-02-27 13:27 - 2012-08-14 20:39 - 00032536 _____ () C:\WINDOWS2\SchedLgU.Txt
2014-02-27 13:27 - 2012-08-14 20:39 - 00000006 ____H () C:\WINDOWS2\Tasks\SA.DAT
2014-02-27 13:27 - 2012-08-14 16:25 - 00000159 _____ () C:\WINDOWS2\wiadebug.log
2014-02-27 13:27 - 2012-08-14 16:25 - 00000049 _____ () C:\WINDOWS2\wiaservc.log
2014-02-27 13:27 - 2012-08-14 16:13 - 00000000 ____D () C:\WINDOWS2
2014-02-27 13:10 - 2012-08-14 20:40 - 00000278 ___SH () C:\Documents and Settings\Chris\ntuser.ini
2014-02-27 12:46 - 2013-07-07 17:57 - 00000000 ____D () C:\WINDOWS2\Microsoft.NET
2014-02-27 12:37 - 2014-02-27 12:37 - 00000882 _____ () C:\WINDOWS2\Tasks\GoogleUpdateTaskMachineCore1cf33e29e97c75c.job
2014-02-27 12:31 - 2014-02-12 17:48 - 00014763 _____ () C:\WINDOWS2\KB2909921-IE8.log
2014-02-27 12:17 - 2012-08-14 20:37 - 00000178 ___SH () C:\Documents and Settings\NetworkService.NT AUTHORITY\ntuser.ini
2014-02-27 12:14 - 2012-08-14 20:39 - 00000178 ___SH () C:\Documents and Settings\LocalService.NT AUTHORITY\ntuser.ini
2014-02-26 22:17 - 2013-08-09 20:57 - 00000178 ___SH () C:\Documents and Settings\Administrator.CHRIS-1EC6C6A3C\ntuser.ini
2014-02-26 21:52 - 2014-02-26 21:52 - 00000033 _____ () C:\Documents and Settings\Chris\Application Data\mbam.context.scan
2014-02-26 21:52 - 2014-02-13 15:07 - 00040776 _____ (Malwarebytes Corporation) C:\WINDOWS2\system32\Drivers\mbamswissarmy.sys
2014-02-26 13:24 - 2014-02-26 13:24 - 00011835 _____ () C:\Documents and Settings\Chris\Desktop\attach.txt
2014-02-26 13:24 - 2014-02-26 13:24 - 00008694 _____ () C:\Documents and Settings\Chris\Desktop\dds.txt
2014-02-26 13:21 - 2008-04-13 18:00 - 00013646 _____ () C:\WINDOWS2\system32\wpa.dbl
2014-02-16 22:11 - 2014-02-16 22:11 - 00090112 _____ () C:\WINDOWS2\Minidump\Mini021614-02.dmp
2014-02-16 22:11 - 2012-10-18 17:57 - 00000000 ____D () C:\WINDOWS2\Minidump
2014-02-16 17:37 - 2014-02-16 17:37 - 00090112 _____ () C:\WINDOWS2\Minidump\Mini021614-01.dmp
2014-02-16 17:29 - 2014-02-16 17:15 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Application Data\Malwarebytes' Anti-Malware (portable)
2014-02-16 17:29 - 2014-02-16 17:15 - 00000000 ____D () C:\Documents and Settings\Administrator.CHRIS-1EC6C6A3C\Desktop\mbar
2014-02-16 17:15 - 2014-02-16 17:15 - 00052312 _____ (Malwarebytes Corporation) C:\WINDOWS2\system32\Drivers\mbamchameleon.sys
2014-02-16 13:43 - 2014-02-16 13:43 - 00000000 ____D () C:\Documents and Settings\Administrator.CHRIS-1EC6C6A3C\Application Data\SUPERAntiSpyware.com
2014-02-16 13:43 - 2013-11-12 15:18 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-02-16 13:40 - 2014-02-16 13:40 - 00001678 _____ () C:\Documents and Settings\All Users.WINDOWS2\Desktop\SUPERAntiSpyware Free Edition.lnk
2014-02-16 13:40 - 2014-02-16 13:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\SUPERAntiSpyware
2014-02-16 13:40 - 2014-02-16 13:40 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Application Data\SUPERAntiSpyware.com
2014-02-13 19:25 - 2014-02-13 19:25 - 00000000 ____D () C:\Documents and Settings\Administrator.CHRIS-1EC6C6A3C\Application Data\Malwarebytes
2014-02-13 15:54 - 2014-02-13 15:33 - 00000784 _____ () C:\Documents and Settings\All Users.WINDOWS2\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-13 15:54 - 2014-02-13 15:33 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-02-13 15:54 - 2014-02-13 15:33 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-02-13 15:31 - 2013-10-08 13:45 - 00070299 _____ () C:\WINDOWS2\setupapi.log
2014-02-12 23:42 - 2012-08-14 20:40 - 00000000 ____D () C:\Documents and Settings\Chris
2014-02-12 22:33 - 2014-02-12 22:33 - 00121730 _____ () C:\unp303535161618106014.mdmp
2014-02-12 18:22 - 2014-02-12 18:22 - 00000000 ____D () C:\Documents and Settings\Administrator.CHRIS-1EC6C6A3C\Application Data\AVAST Software
2014-02-12 18:22 - 2014-02-12 18:22 - 00000000 ____D () C:\Documents and Settings\Administrator.CHRIS-1EC6C6A3C\Application Data\Adobe
2014-02-12 18:03 - 2014-02-12 18:03 - 00009128 ____N () C:\bootex.log
2014-02-12 17:56 - 2014-02-12 17:56 - 00000000 __HDC () C:\WINDOWS2\$NtUninstallKB2916036$
2014-02-12 17:56 - 2014-02-12 17:43 - 00013206 _____ () C:\WINDOWS2\KB2916036.log
2014-02-12 17:56 - 2013-10-09 13:12 - 00017420 _____ () C:\WINDOWS2\updspapi.log
2014-02-12 17:56 - 2013-10-09 13:11 - 00154617 _____ () C:\WINDOWS2\FaxSetup.log
2014-02-12 17:56 - 2013-10-09 13:11 - 00073900 _____ () C:\WINDOWS2\ocgen.log
2014-02-12 17:56 - 2013-10-09 13:11 - 00058977 _____ () C:\WINDOWS2\tsoc.log
2014-02-12 17:56 - 2013-10-09 13:11 - 00051466 _____ () C:\WINDOWS2\comsetup.log
2014-02-12 17:56 - 2013-10-09 13:11 - 00031154 _____ () C:\WINDOWS2\ntdtcsetup.log
2014-02-12 17:56 - 2013-10-09 13:11 - 00024908 _____ () C:\WINDOWS2\iis6.log
2014-02-12 17:56 - 2013-10-09 13:11 - 00008550 _____ () C:\WINDOWS2\ocmsn.log
2014-02-12 17:56 - 2013-10-09 13:11 - 00007725 _____ () C:\WINDOWS2\msgsocm.log
2014-02-12 17:56 - 2013-10-09 13:11 - 00001374 _____ () C:\WINDOWS2\imsins.log
2014-02-12 17:54 - 2012-08-14 16:23 - 00184918 _____ () C:\WINDOWS2\system32\PerfStringBackup.INI
2014-02-12 17:51 - 2013-08-15 19:24 - 00000000 ____D () C:\WINDOWS2\system32\MRT
2014-02-12 17:48 - 2014-02-12 17:47 - 00004194 _____ () C:\WINDOWS2\KB2909210-IE8.log
2014-02-12 17:48 - 2013-10-09 13:11 - 00001374 _____ () C:\WINDOWS2\imsins.BAK
2014-02-12 17:48 - 2012-08-14 21:23 - 00000000 ____D () C:\WINDOWS2\ie8updates
2014-02-12 17:48 - 2012-08-14 21:19 - 85946576 _____ (Microsoft Corporation) C:\WINDOWS2\system32\MRT.exe
2014-02-12 17:42 - 2013-09-18 17:50 - 00000364 ____H () C:\WINDOWS2\Tasks\avast! Emergency Update.job
2014-02-12 17:38 - 2013-09-15 18:31 - 00000300 _____ () C:\WINDOWS2\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-1078081533-261903793-1417001333-1004.job
2014-02-12 17:38 - 2012-08-14 22:13 - 00000832 _____ () C:\WINDOWS2\Tasks\Adobe Flash Player Updater.job
2014-02-12 17:37 - 2013-09-15 18:31 - 00000308 _____ () C:\WINDOWS2\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-1078081533-261903793-1417001333-1004.job
2014-02-11 23:18 - 2013-11-10 16:06 - 00000884 _____ () C:\WINDOWS2\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-10 15:44 - 2013-12-31 22:02 - 00000000 ____D () C:\Documents and Settings\Chris\My Documents\Canyon Isles
2014-02-10 15:36 - 2012-08-14 21:53 - 00002485 _____ () C:\Documents and Settings\Chris\Desktop\Microsoft Word.lnk
2014-02-10 01:58 - 2014-02-10 01:58 - 00000403 _____ () C:\WINDOWS2\wmsetup.log
2014-02-10 00:24 - 2013-09-18 17:50 - 00775952 _____ (AVAST Software) C:\WINDOWS2\system32\Drivers\aswSnx.sys
2014-02-10 00:24 - 2013-09-18 17:50 - 00410784 _____ (AVAST Software) C:\WINDOWS2\system32\Drivers\aswSP.sys
2014-02-10 00:24 - 2013-09-18 17:50 - 00067824 _____ (AVAST Software) C:\WINDOWS2\system32\Drivers\aswmonflt.sys
2014-02-10 00:24 - 2013-09-18 17:50 - 00057672 _____ (AVAST Software) C:\WINDOWS2\system32\Drivers\aswTdi.sys
2014-02-10 00:24 - 2013-09-18 17:50 - 00054832 _____ (AVAST Software) C:\WINDOWS2\system32\Drivers\aswRdr.sys
2014-02-10 00:24 - 2013-09-18 17:50 - 00001733 _____ () C:\Documents and Settings\All Users.WINDOWS2\Desktop\avast! Free Antivirus.lnk
2014-02-10 00:24 - 2013-09-18 17:49 - 00043152 _____ (AVAST Software) C:\WINDOWS2\avastSS.scr
2014-02-10 00:24 - 2012-10-02 10:45 - 00270240 _____ (AVAST Software) C:\WINDOWS2\system32\aswBoot.exe
2014-02-06 03:54 - 2008-04-13 18:00 - 00174592 ____N (Microsoft Corporation) C:\WINDOWS2\system32\ie4uinit.exe
2014-02-06 03:54 - 2008-04-13 18:00 - 00174592 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\ie4uinit.exe
2014-02-05 18:26 - 2012-08-14 21:24 - 00522240 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\jsdbgui.dll
2014-02-05 18:26 - 2012-08-14 21:23 - 11113472 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\ieframe.dll
2014-02-05 18:26 - 2012-08-14 21:23 - 02006016 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\iertutil.dll
2014-02-05 18:26 - 2012-08-14 21:23 - 00743424 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\iedvtool.dll
2014-02-05 18:26 - 2012-08-14 21:23 - 00630272 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\msfeeds.dll
2014-02-05 18:26 - 2012-08-14 21:23 - 00247808 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\ieproxy.dll
2014-02-05 18:26 - 2012-08-14 21:23 - 00055296 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\msfeedsbs.dll
2014-02-05 18:26 - 2012-08-14 21:23 - 00012800 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\xpshims.dll
2014-02-05 18:26 - 2009-03-08 03:39 - 11113472 _____ (Microsoft Corporation) C:\WINDOWS2\system32\ieframe.dll
2014-02-05 18:26 - 2009-03-08 03:32 - 02006016 _____ (Microsoft Corporation) C:\WINDOWS2\system32\iertutil.dll
2014-02-05 18:26 - 2009-03-08 03:32 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS2\system32\msfeeds.dll
2014-02-05 18:26 - 2009-03-08 03:31 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS2\system32\msfeedsbs.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 06021120 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\mshtml.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 06021120 _____ (Microsoft Corporation) C:\WINDOWS2\system32\mshtml.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 01469440 ____N (Microsoft Corporation) C:\WINDOWS2\system32\inetcpl.cpl
2014-02-05 18:26 - 2008-04-13 18:00 - 01469440 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\inetcpl.cpl
2014-02-05 18:26 - 2008-04-13 18:00 - 01216000 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\urlmon.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 01216000 _____ (Microsoft Corporation) C:\WINDOWS2\system32\urlmon.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00920064 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\wininet.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS2\system32\wininet.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00611840 ____N (Microsoft Corporation) C:\WINDOWS2\system32\mstime.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00611840 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\mstime.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00387584 ____N (Microsoft Corporation) C:\WINDOWS2\system32\iedkcs32.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00387584 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\iedkcs32.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00206848 ____N (Microsoft Corporation) C:\WINDOWS2\system32\occache.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00206848 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\occache.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00184320 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\iepeers.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS2\system32\iepeers.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00105984 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\url.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS2\system32\url.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00067072 ____N (Microsoft Corporation) C:\WINDOWS2\system32\mshtmled.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00067072 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\mshtmled.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00043520 ____N (Microsoft Corporation) C:\WINDOWS2\system32\licmgr10.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00043520 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\licmgr10.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00025600 ____N (Microsoft Corporation) C:\WINDOWS2\system32\jsproxy.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00025600 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\jsproxy.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00018944 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\corpol.dll
2014-02-05 18:26 - 2008-04-13 18:00 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS2\system32\corpol.dll
2014-02-05 18:26 - 2004-08-04 03:00 - 00759296 ____C (Microsoft Corporation) C:\WINDOWS2\system32\dllcache\vgx.dll
2014-02-05 17:24 - 2008-04-13 18:00 - 00385024 ____N (Microsoft Corporation) C:\WINDOWS2\system32\html.iec
2014-02-05 14:38 - 2012-08-14 22:13 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS2\system32\FlashPlayerApp.exe
2014-02-05 14:38 - 2012-08-14 22:13 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS2\system32\FlashPlayerCPLApp.cpl
2014-02-04 20:27 - 2013-12-31 22:33 - 00000000 ____D () C:\Documents and Settings\Chris\My Documents\Wells Fargo Statements
2014-01-30 18:34 - 2014-01-30 18:34 - 00001306 _____ () C:\Documents and Settings\Chris\Desktop\XFINITY Connect.lnk
2014-01-30 18:34 - 2014-01-30 18:34 - 00001278 _____ () C:\Documents and Settings\Chris\Desktop\Constant Guard Protection Suite.lnk
2014-01-30 18:34 - 2014-01-30 18:34 - 00001272 _____ () C:\Documents and Settings\Chris\Desktop\XFINITY TV.lnk
2014-01-30 18:34 - 2014-01-30 18:34 - 00001179 _____ () C:\comcastrelease.log
2014-01-30 18:34 - 2014-01-30 18:34 - 00000000 ____D () C:\Documents and Settings\Chris\Local Settings\Application Data\Xfinity.com
2014-01-30 18:34 - 2014-01-30 18:34 - 00000000 ____D () C:\Documents and Settings\All Users.WINDOWS2\Application Data\comcastModemRelease
 
Some content of TEMP:
====================
C:\Documents and Settings\Chris\Local Settings\temp\jre-7u51-windows-i586-iftw.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\WINDOWS2\explorer.exe => MD5 is legit
C:\WINDOWS2\system32\winlogon.exe => MD5 is legit
C:\WINDOWS2\system32\svchost.exe => MD5 is legit
C:\WINDOWS2\system32\services.exe => MD5 is legit
C:\WINDOWS2\system32\User32.dll => MD5 is legit
C:\WINDOWS2\system32\userinit.exe => MD5 is legit
C:\WINDOWS2\system32\rpcss.dll => MD5 is legit
C:\WINDOWS2\system32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#7 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:45 PM

Posted 27 February 2014 - 02:06 PM

The FRST.txt looks good.

 

To attach Addition.txt please do the following:

On the site reply page click More Reply Options.

Click Browse button.

Navigate to E:\

Select Addition.txt, click Open.

On the forum reply page click Attach This File.

 

But if it got too complicated just copy and paste the log to your reply.

 

 



#8 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:45 PM

Posted 27 February 2014 - 02:46 PM

Okay got it, thanks.  Internet speed is good but could not get wireless at home, using an ethernet connection.  No internet connections list will come up and refresh will not work.

Attached Files


sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#9 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:45 PM

Posted 27 February 2014 - 06:24 PM

Please go to Start -> Control Panel -> Add/Remove Programs and uninstall the following program with adware nature: Codec
 
I don't see malware on the system. Ans the log says Avast is disabled. Is this an optional choice?

 

Is the wireless issue is the only problem now?

  1. Please download Farbar Service Scanner and run it on the computer with the issue.
    • Check all the boxes.
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.
  2. Please download MiniToolBox and save it to your desktop and run it.

    Checkmark following checkboxes:
    • Flush DNS
    • List IP configuration
    • List Winsock Entries
    • List Devices (only check the box and let the default radio button as it is).
    • List Users, Partitions and Memory size.
    Click Go and post the result (Result.txt) that pops up. A copy of result.txt will be saved in the same directory the tool is run.


#10 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:45 PM

Posted 27 February 2014 - 09:11 PM

I don't know what adware nature is?

 

Avast is running ever since running the Farbar tool, it was not prior to that.

 

Yes wireless is the only issue that I know of, but have not done much with it yet.


Edited by pcpunk, 27 February 2014 - 09:16 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#11 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:45 PM

Posted 28 February 2014 - 07:33 AM

I don't know what adware nature is?

 

That is a program that is installed to bring advertisements to the users attention.
 

I'll wait for the logs. Please post them when ready.



#12 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:45 PM

Posted 28 February 2014 - 10:30 PM

 

Please go to Start -> Control Panel -> Add/Remove Programs and uninstall the following program with adware nature: Codec
 

 

This is the part I don't understand.  I am supposed to get adware nature somewhere? and use it to remove: Codec

 

Can't I just click on "Remove" in Add/Remove Programs when Codec is highlighted?

 

Very slow to get on internet tonight and a Google Chrome dialog box came up asking if I wanted to wait for it to get onto Yahoo.


Edited by pcpunk, 28 February 2014 - 10:32 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#13 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:45 PM

Posted 28 February 2014 - 11:23 PM

Farbar Service Scanner Version: 02-02-2014
Ran by Chris (administrator) on 28-02-2014 at 23:17:01
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Other Services:
==============
 
 
File Check:
========
C:\WINDOWS2\system32\dhcpcsvc.dll => MD5 is legit
C:\WINDOWS2\system32\Drivers\afd.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\netbt.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\tcpip.sys => MD5 is legit
C:\WINDOWS2\system32\Drivers\ipsec.sys => MD5 is legit
C:\WINDOWS2\system32\dnsrslvr.dll => MD5 is legit
C:\WINDOWS2\system32\ipnathlp.dll => MD5 is legit
C:\WINDOWS2\system32\netman.dll => MD5 is legit
C:\WINDOWS2\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS2\system32\srsvc.dll => MD5 is legit
C:\WINDOWS2\system32\Drivers\sr.sys => MD5 is legit
C:\WINDOWS2\system32\wscsvc.dll => MD5 is legit
C:\WINDOWS2\system32\wbem\WMIsvc.dll => MD5 is legit
C:\WINDOWS2\system32\wuauserv.dll => MD5 is legit
C:\WINDOWS2\system32\qmgr.dll => MD5 is legit
C:\WINDOWS2\system32\es.dll => MD5 is legit
C:\WINDOWS2\system32\cryptsvc.dll => MD5 is legit
C:\WINDOWS2\system32\svchost.exe => MD5 is legit
C:\WINDOWS2\system32\rpcss.dll => MD5 is legit
C:\WINDOWS2\system32\services.exe => MD5 is legit
 
Extra List:
=======
aswTdi(8) Gpc(3) IPSec(5) NetBT(6) PSched(7) Tcpip(4) tcpipBM(10) 
0x090000000500000001000000020000000300000004000000080000000A0000000600000007000000
IpSec Tag value is correct.
 
**** End of log ****
 
MiniToolBox by Farbar  Version: 23-01-2014
Ran by Chris (administrator) on 28-02-2014 at 23:21:43
Running from "E:\"
Microsoft Windows XP Home Edition Service Pack 3 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
 
Windows IP Configuration
 
 
 
Successfully flushed the DNS Resolver Cache.
 
========================= IP Configuration: ================================
 
1394 Net Adapter = 1394 Connection (Connected)
Broadcom 440x 10/100 Integrated Controller = Local Area Connection (Connected)
Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Media disconnected)
 
 
# ---------------------------------- 
# Interface IP Configuration         
# ---------------------------------- 
pushd interface ip
 
 
# Interface IP Configuration for "Wireless Network Connection"
 
set address name="Wireless Network Connection" source=dhcp 
set dns name="Wireless Network Connection" source=dhcp register=PRIMARY
set wins name="Wireless Network Connection" source=dhcp
 
# Interface IP Configuration for "Local Area Connection"
 
set address name="Local Area Connection" source=dhcp 
set dns name="Local Area Connection" source=dhcp register=PRIMARY
set wins name="Local Area Connection" source=dhcp
 
 
popd
# End of interface IP configuration
 
 
 
 
Windows IP Configuration
 
 
 
        Host Name . . . . . . . . . . . . : chris-1ec6c6a3c
 
        Primary Dns Suffix  . . . . . . . : 
 
        Node Type . . . . . . . . . . . . : Unknown
 
        IP Routing Enabled. . . . . . . . : No
 
        WINS Proxy Enabled. . . . . . . . : No
 
        DNS Suffix Search List. . . . . . : home.network
 
 
 
Ethernet adapter Wireless Network Connection:
 
 
 
        Media State . . . . . . . . . . . : Media disconnected
 
        Description . . . . . . . . . . . : Intel® PRO/Wireless 3945ABG Network Connection
 
        Physical Address. . . . . . . . . : 00-1B-77-30-EE-13
 
 
 
Ethernet adapter Local Area Connection:
 
 
 
        Connection-specific DNS Suffix  . : home.network
 
        Description . . . . . . . . . . . : Broadcom 440x 10/100 Integrated Controller
 
        Physical Address. . . . . . . . . : 00-17-A4-E6-F5-B9
 
        Dhcp Enabled. . . . . . . . . . . : Yes
 
        Autoconfiguration Enabled . . . . : Yes
 
        IP Address. . . . . . . . . . . . : 10.0.0.4
 
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
 
        Default Gateway . . . . . . . . . : 10.0.0.1
 
        DHCP Server . . . . . . . . . . . : 10.0.0.1
 
        DNS Servers . . . . . . . . . . . : 75.75.75.75
 
                                            75.75.76.76
 
        Lease Obtained. . . . . . . . . . : Friday, February 28, 2014 10:17:53 PM
 
        Lease Expires . . . . . . . . . . : Friday, March 07, 2014 10:17:53 PM
 
Server:  cdns01.comcast.net
Address:  75.75.75.75
 
Name:    google.com
Addresses:  74.125.229.174, 74.125.229.167, 74.125.229.166, 74.125.229.169
 74.125.229.161, 74.125.229.168, 74.125.229.163, 74.125.229.162, 74.125.229.164
 74.125.229.165, 74.125.229.160
 
 
 
Pinging google.com [74.125.229.197] with 32 bytes of data:
 
 
 
Reply from 74.125.229.197: bytes=32 time=19ms TTL=54
 
Reply from 74.125.229.197: bytes=32 time=16ms TTL=54
 
 
 
Ping statistics for 74.125.229.197:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 16ms, Maximum = 19ms, Average = 17ms
 
Server:  cdns01.comcast.net
Address:  75.75.75.75
 
Name:    yahoo.com
Addresses:  206.190.36.45, 98.139.183.24, 98.138.253.109
 
 
 
Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
 
 
 
Reply from 98.139.183.24: bytes=32 time=61ms TTL=47
 
Reply from 98.139.183.24: bytes=32 time=64ms TTL=47
 
 
 
Ping statistics for 98.139.183.24:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 61ms, Maximum = 64ms, Average = 62ms
 
 
 
Pinging 127.0.0.1 with 32 bytes of data:
 
 
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
 
 
Ping statistics for 127.0.0.1:
 
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
 
Approximate round trip times in milli-seconds:
 
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
 
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 1b 77 30 ee 13 ...... Intel® PRO/Wireless 3945ABG Network Connection - Packet Scheduler Miniport
0x3 ...00 17 a4 e6 f5 b9 ...... Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0         10.0.0.1        10.0.0.4  20
         10.0.0.0    255.255.255.0         10.0.0.4        10.0.0.4  20
         10.0.0.4  255.255.255.255        127.0.0.1       127.0.0.1  20
   10.255.255.255  255.255.255.255         10.0.0.4        10.0.0.4  20
        127.0.0.0        255.0.0.0        127.0.0.1       127.0.0.1  1
        224.0.0.0        240.0.0.0         10.0.0.4        10.0.0.4  20
  255.255.255.255  255.255.255.255         10.0.0.4        10.0.0.4  1
  255.255.255.255  255.255.255.255         10.0.0.4               2  1
Default Gateway:          10.0.0.1
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS2\system32\winrnr.dll [16896] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS2\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS2\system32\rsvpsp.dll [92672] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 12 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 13 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 14 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 15 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 16 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 17 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 18 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 19 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 20 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
Catalog9 21 C:\WINDOWS2\system32\mswsock.dll [245248] (Microsoft Corporation)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 62%
Total physical RAM: 1015.36 MB
Available physical RAM: 376.21 MB
Total Pagefile: 2442.48 MB
Available Pagefile: 1907.79 MB
Total Virtual: 2047.88 MB
Available Virtual: 1977.66 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:74.53 GB) (Free:43.8 GB) NTFS
3 Drive e: (Lexar) (Removable) (Total:14.9 GB) (Free:14.83 GB) FAT32
 
========================= Users: ========================================
 
User accounts for \\CHRIS-1EC6C6A3C
 
Administrator            Chris                    Guest                    
HelpAssistant            SUPPORT_388945a0         
 
 
**** End of log ****
 

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 


#14 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:07:45 PM

Posted 01 March 2014 - 06:07 AM

Did you uninstall Codec?

 

The log shows Wireless network is not connected:

 

Intel® PRO/Wireless 3945ABG Network Connection = Wireless Network Connection (Media disconnected)

 

 

Another side issue is that the eventlog service is not running. This services is needed to be running. It writes errors to a log which could be used for troubleshooting Windows issue. So we try to restore the service too.

 

  1. Please uninstall Avast temporarily to rule out its effect on Wireless issue. Please download Avast Uninstall Utility and follow the instruction given there to remove Avast. You can reinstall it after this post.
     
  2. Disable and Enable the Wireless Network Adaptor:

    Click start -> right click My Computer -> select Properties -> Device Manager -> expand Network Adapters -> under Network Adapters you should see "Intel® PRO/Wireless 3945ABG Network Connection" - Right-click on it and select Disable. Confirm the prompt. after a few second again right-click it and select Enable. You can try this a couple of times and tell me if the issue remains.
     
  3. Run Farbar Recovery Scan Tool or Farbar Service Scanner. Type eventlog.dll in the edit box and press Search Files. After it finished a log will be opened. Please copy and paste it to your reply.


#15 pcpunk

pcpunk
  • Topic Starter

  • Members
  • 5,603 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:01:45 PM

Posted 01 March 2014 - 12:18 PM

Yes I did Uninstall Codec and checked to see that it was not there after.

 

The Disable, Enable process did not work, no wireless.

 

I thought I would mention that I Updated this "Wireless Net. Adapter" not long ago but never any issues with  it.

 

Can I run an avast scan, it has been a long time since I have run one.

 

 

Farbar Service Scanner Version: 02-02-2014
Ran by Chris (administrator) on 01-03-2014 at 12:04:23
Microsoft Windows XP Home Edition Service Pack 3 (X86)
 
************************************************
======== Search: "eventlog.dll" =========
 
C:\WINDOWS2\system32\dllcache\eventlog.dll
[2008-04-13 18:00] - [2008-04-13 18:00] - 0056320 ___AC (Microsoft Corporation) 
 
6D4FEB43EE538FC5428CC7F0565AA656
 
C:\WINDOWS2\erdnt\cache\eventlog.dll
[2013-10-06 16:09] - [2008-04-13 18:00] - 0056320 ____A (Microsoft Corporation) 
 
6D4FEB43EE538FC5428CC7F0565AA656
 
C:\WINDOWS\system32\eventlog.dll
[2004-08-04 03:00] - [2008-04-13 19:11] - 0056320 ____A (Microsoft Corporation) 
 
6D4FEB43EE538FC5428CC7F0565AA656
 
C:\WINDOWS\system32\dllcache\eventlog.dll
[2004-08-04 03:00] - [2008-04-13 19:11] - 0056320 ____A (Microsoft Corporation) 
 
6D4FEB43EE538FC5428CC7F0565AA656
 
C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008-12-23 03:48] - [2008-04-13 19:11] - 0056320 ____C (Microsoft Corporation) 
 
6D4FEB43EE538FC5428CC7F0565AA656
 
C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
[2009-02-21 15:45] - [2004-08-04 03:00] - 0055808 ___AC (Microsoft Corporation) 
 
82B24CB70E5944E6E34662205A2A5B78
 
====== End Of Search ======

Edited by pcpunk, 01 March 2014 - 01:20 PM.

sBCcBvM.png

Created by Mike_Walsh

 

KDE, Ruler of all Distro's

eps2.4_m4ster-s1ave.aes_pcpunk_leavemehere

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users