Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
A little help understanding results
#1
Hi All! Smile
I am new to all of this and I keep getting notices from Malwarebytes that different IP address are trying to access c:\windows\exploer.exe. Malwarebytes blocks the attempts so it is doing its job. I just wanted to make certain there was nothing on my computer that was encouraging these "attacks". I ran FRST and I do not see anything and maybe I just do not know what I am really looking at. Would someone please look at the txt file and see if I missed something? Thank you so much for your time. Sincerely, Ed

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-01-2015
Ran by SYSTEM on MININT-PDH82PS on 01-01-2015 17:04:26
Running from I:\
Platform: Windows 7 Ultimate (X86) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

Tutorial for Farbar Recovery Scan Tool: https://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [974432 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [Norton Ghost 15.0] => C:\Program Files\Norton Ghost\Agent\VProTray.exe [2598760 2010-03-03] (Symantec Corporation)
HKLM\...\Run: [JMB36X IDE Setup] => C:\Windows\RaidTool\xInsIDE.exe [36864 2014-06-25] ()
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\Run: [UnlockerAssistant] => C:\Program Files\Unlocker\UnlockerAssistant.exe [17408 2010-07-04] ()
HKU\Ed Cannady\...\Run: [Ivhvsoft] => regsvr32.exe "C:\Users\Ed Cannady\AppData\Local\Ivhvsoft\cfTime.dll" <===== ATTENTION
HKU\Ed Cannady\...\Run: [Afkhworks] => C:\Windows\System32\regsvr32.exe "C:\Users\Ed Cannady\AppData\Local\YfmdPack\cfTime.dll"
Startup: C:\Users\Ed Cannady\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Kybtec World Clock 5.2.lnk
ShortcutTarget: Kybtec World Clock 5.2.lnk -> C:\Windows\Installer\{A72F9228-6931-4F89-A698-A94CFC4B312F}\_5EDF48767C1AFE743962F9.exe ()

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S2 DiskDoctorService; C:\Program Files\Norton Utilities 15\Tools\Disk Doctor\DiskDoctorSrv.exe [1029480 2010-11-30] (Symantec Corporation)
S2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [451928 2014-11-25] (Garmin Ltd or its subsidiaries)
S3 GenericMount Helper Service; C:\Program Files\Norton Ghost\Shared\Drivers\GenericMountHelper.exe [1574408 2010-02-12] (Symantec)
S2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
S3 LiveUpdate; C:\Program Files\Symantec\LiveUpdate\LuComServer_3_2.EXE [2999664 2007-09-12] (Symantec Corporation)
S4 LVSrvLauncher; C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe [105248 2007-02-06] (Logitech Inc.)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22192 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [288120 2014-08-22] (Microsoft Corporation)
S2 Norton Ghost; C:\Program Files\Norton Ghost\Agent\VProSvc.exe [4590432 2010-03-03] (Symantec Corporation)
S2 SpeedDiskService; C:\Program Files\Norton Utilities 15\Tools\SpeedDisk\SpeedDiskSrv.exe [1037672 2010-11-30] (Symantec Corporation)
S3 Symantec SymSnap VSS Provider; C:\Windows\system32\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
S3 SymSnapService; C:\Program Files\Norton Ghost\Shared\Drivers\SymSnapService.exe [1964528 2010-02-11] (Symantec)
S4 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
S3 CompFilter; C:\Windows\System32\DRIVERS\lvbusflt.sys [22176 2012-01-18] (Logitech Inc.)
S3 GenericMount; C:\Windows\System32\DRIVERS\GenericMount.sys [57840 2010-02-12] (Symantec Corporation)
S0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [90464 2014-06-25] (JMicron Technology Corp.)
S3 LVcKap; C:\Windows\System32\DRIVERS\LVcKap.sys [1691808 2007-02-06] ()
S3 LVMVDrv; C:\Windows\System32\DRIVERS\LVMVDrv.sys [1964064 2007-02-06] (Logitech Inc.)
S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25632 2007-02-06] ()
S1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [75480 2014-11-21] (Malwarebytes Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-01-01] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [231800 2014-07-17] (Microsoft Corporation)
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [25808 2014-01-07] (Microsoft Corporation)
S3 RTL8187; C:\Windows\System32\DRIVERS\rtl8187.sys [375808 2010-01-07] (Realtek Semiconductor Corporation                           )
S3 Ser2plx86; C:\Windows\System32\DRIVERS\ser2pl.sys [140800 2014-09-03] (Prolific Technology Inc.)
S3 SymDSMon; C:\Windows\system32\drivers\SymDSMon.sys [128248 2010-11-30] (Symantec Corporation)
S3 SYMSpeedDisk; C:\Windows\system32\drivers\SymSpeedDisk.sys [108800 2010-11-30] (Symantec Corporation)
S3 VProEventMonitor; C:\Windows\System32\DRIVERS\vproeventmonitor.sys [15096 2009-09-21] (Symantec Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [4096 2010-07-04] ()
S2 V2iMount; No ImagePath
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ADIHdAud.sys 23F78687CBF3972704650A799420BFA8
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys D0B388DA1D111A34366E04EB4A5DD156
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys E499E422412EF37576092A52648DB2B4
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\drivers\AsIO.sys 2B4E66FAC6503494A2C6F32BB6AB3826
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lvbusflt.sys 9704B9C442E3EF2989746D08F80A3743
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GenericMount.sys 69F8F310654D699C7E5BD5C67279980F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
C:\Windows\System32\DRIVERS\jraid.sys 827A37DDED4CDE672AB54DE8B11F6964
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4120DA10AA42A9996F4575DB9E3E6E6E
C:\Windows\System32\Drivers\ksecpkg.sys 1E1845606C5A4579F7F3D95796CC1ED1
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LVcKap.sys 9A3D4FC6B86E7E36473079AB76AC703D
C:\Windows\System32\DRIVERS\LVMVDrv.sys 0ACBC11F19320AF6C19F2E20013D9095
C:\Windows\System32\DRIVERS\LVPr2Mon.sys 12866641284EBB41E627BB53C04DA959
C:\Windows\System32\DRIVERS\lvrs.sys ED643E777BA3F7151EF3F0FB6BE4F7F0
C:\Windows\System32\DRIVERS\lvuvc.sys 5BC80451109A8DD7F2DDD35BCE2929A3
C:\Windows\system32\drivers\mbamchameleon.sys 9BD41E40039098BF5F8FE878A9A6989E
C:\Windows\system32\drivers\mbam.sys A3F4391DFDF2F9E9FE4EAD193265A5AD
C:\Windows\system32\drivers\MBAMSwissArmy.sys 8E2E9CCD873ABF180F48BCAEEEBE347D
C:\Windows\system32\drivers\mwac.sys 312CD3307F600E7CD340B79B3DCB3A01
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 6460D4A5C981567E74A7AC1349DE10F5
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ASACPI.sys 0F24624106D8042E7F27882D9D6FF5C0
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 6A83B8AF342E61DEE353BAA81F67B7DA
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys C8DFF8D07755A66C7A4A738930F0FEAC
C:\Windows\System32\DRIVERS\NuidFltr.sys 4F408965ED4CE74C5FEBB7C90BC1B804
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys 9A77B1C13BCCEDDF78DFD7AFC25B4F5E
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys 344D1FA0438A967F1A2BAA42C86D6E19
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\System32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Rt86win7.sys 5283B9A27FF230F2FF70D92451FF409A
C:\Windows\System32\DRIVERS\rtl8187.sys 325590E7E9587459643BA24D2CF73BF2
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ser2pl.sys 6E56ED49FB113FDE4604108C5E0CFE37
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\SymDSMon.sys 4C155FA65CBF81513E4B9D088737E9CF
C:\Windows\System32\DRIVERS\symsnap.sys A5CF31080E99718949BCC38C83F13452
C:\Windows\system32\drivers\SymSpeedDisk.sys E9983667331D463F1E5B34F9170A9AE0
C:\Windows\System32\drivers\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\DRIVERS\tcpip.sys 5579DD18546999F5D0EC39D018726C6B
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys 7FE680A3DFA421C4A8E4879AE4C5AAB0
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 6C5139E4283249518F7743D7043775B3
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF
C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\system32\drivers\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys FC6B21DB4B5B398AB93DBE59CBF11036
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\System32\DRIVERS\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vproeventmonitor.sys EF3506B04EB9124240B35148EAACBAA5
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys 7090D3436EEB4E7DA3373090A23448F7
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys 090A2B8F055343815556A01F725F6C35
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
C:\Windows\System32\DRIVERS\yk62x86.sys 30B73EB97218A16CBC6DE535782A1B35

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 17:04 - 2015-01-01 17:04 - 00000000 ____D () C:\FRST
2014-12-31 17:33 - 2014-12-31 17:33 - 00000000 ____D () C:\Program Files\Unlocker
2014-12-31 17:23 - 2014-12-31 17:23 - 35962568 _____ (Microsoft Corporation) C:\Users\Ed Cannady\Downloads\Windows-KB890830-V5.19.exe
2014-12-31 17:20 - 2014-12-31 17:21 - 122694400 _____ (Microsoft Corporation) C:\Users\Ed Cannady\Downloads\msert.exe
2014-12-30 18:33 - 2014-12-31 04:37 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-30 18:05 - 2014-12-31 17:41 - 00001188 _____ () C:\Windows\setupact.log
2014-12-30 18:05 - 2014-12-30 18:05 - 00000000 _____ () C:\Windows\setuperr.log
2014-12-29 01:04 - 2014-12-29 01:04 - 00000000 ____D () C:\Windows\Minidump
2014-12-27 15:27 - 2014-12-27 15:27 - 00000761 _____ () C:\Windows\System32\Drivers\etc\hosts.txt
2014-12-27 15:13 - 2014-12-31 04:50 - 00000000 ____D () C:\Users\Ed Cannady\AppData\Local\YfmdPack
2014-12-27 15:13 - 2014-12-31 04:50 - 00000000 ____D () C:\Users\Ed Cannady\AppData\Local\Ivhvsoft
2014-12-27 15:03 - 2014-12-27 15:03 - 00000100 _____ () C:\Users\Ed Cannady\AppData\Roaming\default.pls
2014-12-27 14:44 - 2014-12-27 14:44 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-12-20 16:24 - 2014-12-20 16:25 - 36249600 _____ () C:\Windows\System32\config\components.rrr
2014-12-20 16:24 - 2014-12-20 16:24 - 00000020 ___SH () C:\Users\TEMP\ntuser.ini
2014-12-20 16:24 - 2014-12-20 16:24 - 00000000 ____D () C:\users\TEMP
2014-12-20 16:24 - 2014-05-27 14:52 - 00000000 ____D () C:\Users\TEMP\AppData\Local\Microsoft Help
2014-12-20 15:49 - 2014-12-20 15:49 - 00000000 ____D () C:\Windows\System32\Garmin
2014-12-19 18:19 - 2014-12-19 18:19 - 00000000 ____D () C:\Users\Ed Cannady\AppData\Local\MipKukSoft
2014-12-19 18:19 - 2014-12-19 18:19 - 00000000 ____D () C:\Users\Ed Cannady\AppData\Local\Kybtec Software
2014-12-19 18:18 - 2014-12-19 18:18 - 00000000 ____D () C:\Windows\System32\appmgmt
2014-12-19 18:16 - 2014-12-19 18:16 - 00000000 ____D () C:\ProgramData\Kybtec Software
2014-12-18 01:39 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2014-12-10 03:27 - 2014-12-10 03:27 - 00000000 ____D () C:\Windows\System32\appraiser
2014-12-10 03:08 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\System32\mf.dll
2014-12-09 21:03 - 2014-12-03 20:38 - 00728576 _____ (Microsoft Corporation) C:\Windows\System32\appraiser.dll
2014-12-09 21:03 - 2014-12-03 20:38 - 00610304 _____ (Microsoft Corporation) C:\Windows\System32\invagent.dll
2014-12-09 21:03 - 2014-12-03 20:38 - 00337920 _____ (Microsoft Corporation) C:\Windows\System32\generaltel.dll
2014-12-09 21:03 - 2014-12-03 20:38 - 00315392 _____ (Microsoft Corporation) C:\Windows\System32\devinv.dll
2014-12-09 21:03 - 2014-12-03 20:38 - 00202752 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-12-09 21:03 - 2014-12-03 20:38 - 00159744 _____ (Microsoft Corporation) C:\Windows\System32\aepic.dll
2014-12-09 21:03 - 2014-12-03 20:34 - 00873984 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-12-09 21:03 - 2014-12-01 15:28 - 01160872 _____ (Microsoft Corporation) C:\Windows\System32\aitstatic.exe
2014-12-09 21:03 - 2014-11-26 17:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-12-09 21:03 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-12-09 21:03 - 2014-11-21 18:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-12-09 21:03 - 2014-11-21 18:20 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2014-12-09 21:03 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-12-09 21:03 - 2014-11-21 18:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2014-12-09 21:03 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2014-12-09 21:03 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-12-09 21:03 - 2014-11-21 17:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-12-09 21:03 - 2014-11-21 17:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-12-09 21:03 - 2014-11-21 17:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-12-09 21:03 - 2014-11-21 17:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2014-12-09 21:03 - 2014-11-21 17:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2014-12-09 21:03 - 2014-11-21 17:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2014-12-09 21:03 - 2014-11-21 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-12-09 21:03 - 2014-11-21 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-12-09 21:03 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-12-09 21:03 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-12-09 21:03 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-12-09 21:03 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-12-09 21:03 - 2014-11-21 17:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-12-09 21:03 - 2014-11-21 17:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2014-12-09 21:03 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-12-09 21:03 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-12-09 21:03 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2014-12-09 21:03 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2014-12-09 21:03 - 2014-11-10 17:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tdx.sys
2014-12-09 21:02 - 2014-11-21 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-12-09 21:02 - 2014-11-21 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-12-09 21:02 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-12-09 21:02 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-12-09 21:02 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2014-12-09 21:02 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\System32\charmap.exe
2014-12-09 21:02 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\System32\WsmSvc.dll
2014-12-09 21:02 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\System32\WSManMigrationPlugin.dll
2014-12-09 21:02 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\System32\WsmWmiPl.dll
2014-12-09 21:02 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\System32\WsmAuto.dll
2014-12-09 21:02 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\System32\WSManHTTPConfig.exe
2014-12-07 14:25 - 2014-12-12 17:08 - 00024856 _____ () C:\Users\Ed Cannady\Desktop\roof.dwg
2014-12-07 14:25 - 2014-12-07 14:31 - 00026657 _____ () C:\Users\Ed Cannady\Documents\roof.dwg
2014-12-07 14:25 - 2014-12-07 14:25 - 00025923 _____ () C:\Users\Ed Cannady\Documents\roof.bak

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-01 16:56 - 2014-10-15 03:27 - 01536793 _____ () C:\Windows\WindowsUpdate.log
2015-01-01 13:28 - 2014-06-17 19:05 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-12-31 23:20 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\registration
2014-12-31 18:18 - 2014-05-27 17:39 - 00000000 ____D () C:\ProgramData\TEMP
2014-12-31 17:47 - 2009-07-13 20:34 - 00022528 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-31 17:47 - 2009-07-13 20:34 - 00022528 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-31 04:50 - 2014-05-30 17:05 - 00000000 ____D () C:\Users\Ed Cannady\AppData\Local\Symantec_Corporation
2014-12-31 04:50 - 2014-05-29 18:39 - 00000000 ____D () C:\Program Files\Norton Utilities 15
2014-12-31 04:50 - 2014-05-28 03:30 - 00000000 ____D () C:\Users\Ed Cannady\AppData\Roaming\Azureus
2014-12-31 04:50 - 2014-05-27 03:36 - 00000000 ____D () C:\users\Ed Cannady
2014-12-31 04:50 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\Msdtc
2014-12-31 04:50 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\AppCompat
2014-12-31 04:09 - 2009-07-13 20:33 - 00479872 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-12-30 18:32 - 2014-05-27 06:04 - 00723920 _____ () C:\Windows\System32\perfh019.dat
2014-12-30 18:32 - 2014-05-27 06:04 - 00150222 _____ () C:\Windows\System32\perfc019.dat
2014-12-30 18:32 - 2014-05-27 03:41 - 01647438 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-12-30 18:31 - 2014-05-27 10:07 - 00139728 _____ () C:\Users\Ed Cannady\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-27 20:13 - 2014-04-12 07:29 - 00004096 ___SH () C:\VSNAP.IDX
2014-12-27 15:14 - 2014-05-27 12:44 - 00000000 ____D () C:\ProgramData\VSO
2014-12-27 15:13 - 2014-08-12 05:22 - 00000069 _____ () C:\Windows\NeroDigital.ini
2014-12-27 15:00 - 2014-05-31 19:27 - 00000000 ____D () C:\Users\Ed Cannady\Documents\ConvertXtoDVD
2014-12-27 14:44 - 2014-05-28 18:16 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-27 14:43 - 2014-10-18 07:01 - 00096680 _____ (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll
2014-12-27 14:43 - 2014-05-28 18:15 - 00000000 ____D () C:\Program Files\Java
2014-12-27 12:39 - 2014-05-27 17:25 - 01784832 _____ () C:\Users\Ed Cannady\Documents\CheckingAccount.xls
2014-12-26 19:14 - 2014-07-16 18:23 - 00003072 _____ () C:\Windows\System32\Cache.db
2014-12-25 18:34 - 2009-07-13 20:52 - 00000000 ____D () C:\Windows\Performance
2014-12-25 11:30 - 2014-05-25 07:45 - 00000000 ____D () C:\!!!!FOR EMAIL
2014-12-24 12:18 - 2014-05-28 18:18 - 00000000 ____D () C:\Program Files\Vuze
2014-12-24 11:29 - 2014-06-23 16:42 - 00000000 ____D () C:\Users\Ed Cannady\AppData\Roaming\Skype
2014-12-24 10:42 - 2014-10-30 17:21 - 00000000 ___RD () C:\Program Files\Skype
2014-12-24 10:42 - 2014-06-23 16:42 - 00000000 ____D () C:\ProgramData\Skype
2014-12-23 04:25 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\NDF
2014-12-20 17:50 - 2009-07-13 18:03 - 57147392 _____ () C:\Windows\System32\config\software.rmbak
2014-12-20 17:50 - 2009-07-13 18:03 - 00262144 _____ () C:\Windows\System32\config\default.rmbak
2014-12-20 16:25 - 2014-11-21 19:13 - 00258048 _____ () C:\Users\UpdatusUser\s-1-5-21-672638538-1369354690-3403721451-1003.rrr
2014-12-20 16:16 - 2014-05-27 10:03 - 00000000 ____D () C:\Program Files\Common Files\Kybtec Software
2014-12-20 15:52 - 2014-06-17 19:04 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-12-20 15:38 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\wfp
2014-12-20 15:36 - 2014-05-31 19:09 - 00000000 ____D () C:\KYBTEC
2014-12-20 15:36 - 2014-05-27 10:03 - 00000000 ____D () C:\Program Files\Kybtec Software
2014-12-20 15:17 - 2014-07-06 17:03 - 00000000 ____D () C:\Users\Ed Cannady\AppData\Local\Deployment
2014-12-18 18:28 - 2014-05-28 18:04 - 00000000 ____D () C:\_Project
2014-12-18 04:46 - 2014-05-27 07:17 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-15 17:57 - 2014-08-18 11:38 - 00000000 ____D () C:\Users\Ed Cannady\AppData\Local\Adobe
2014-12-15 17:57 - 2014-05-28 19:10 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-12-15 17:57 - 2014-05-28 19:10 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-12-10 05:26 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\rescache
2014-12-10 03:27 - 2014-05-27 16:18 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-12-10 03:27 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\ru-RU
2014-12-10 03:11 - 2014-05-27 08:41 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 03:05 - 2014-05-27 04:23 - 00000000 ____D () C:\Windows\System32\MRT
2014-12-10 03:01 - 2014-05-27 04:23 - 109818608 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-12-07 14:16 - 2014-05-27 08:14 - 00000000 ____D () C:\Program Files\AutoCAD 2002
2014-12-07 05:06 - 2014-05-27 11:34 - 00000000 ____D () C:\Users\Ed Cannady\AppData\Roaming\Microchip
2014-12-05 20:16 - 2014-09-23 03:39 - 00258048 _____ () C:\Users\UpdatusUser\s-1-5-21-672638538-1369354690-3403721451-1004.rrr

Some content of TEMP:
====================
C:\Users\Ed Cannady\AppData\Local\Temp\UpdateFlashPlayer_bea4f8b7.exe
C:\Users\Ed Cannady\AppData\Local\Temp\UpdateFlashPlayer_bfab9129.exe


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe
[2014-10-15 02:36] - [2014-07-16 17:39] - 0304128 ____A (Microsoft Corporation) 52449FD429D6053B78AE564DEF303870

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points  =========================

Restore point made on: 2014-12-25 19:05:23
Restore point made on: 2014-12-25 23:00:41
Restore point made on: 2014-12-26 23:00:42
Restore point made on: 2014-12-27 23:00:42
Restore point made on: 2014-12-28 22:05:25
Restore point made on: 2014-12-28 23:17:21
Restore point made on: 2014-12-29 23:00:42
Restore point made on: 2014-12-30 18:02:39
Restore point made on: 2014-12-30 18:14:22
Restore point made on: 2014-12-30 23:00:47
Restore point made on: 2014-12-31 04:42:53
Restore point made on: 2014-12-31 23:03:53

==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=C:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {7ce8fc2d-e598-11e3-bfbd-92e2f16b8dee}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {7ce8fc2d-e598-11e3-bfbd-92e2f16b8dee}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\7ce8fc2f-e598-11e3-bfbd-92e2f16b8dee\Winre.wim,{7ce8fc30-e598-11e3-bfbd-92e2f16b8dee}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\7ce8fc2f-e598-11e3-bfbd-92e2f16b8dee\Winre.wim,{7ce8fc30-e598-11e3-bfbd-92e2f16b8dee}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Windows Boot Loader
-------------------
identifier              {e14e01cc-e483-11e3-b91b-c62372b697e8}
device                  ramdisk=[C:]\Recovery\3d8c383f-c135-11e3-819c-b6b172464e37\Winre.wim,{e14e01cd-e483-11e3-b91b-c62372b697e8}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (recovered)
locale                  
osdevice                ramdisk=[C:]\Recovery\3d8c383f-c135-11e3-819c-b6b172464e37\Winre.wim,{e14e01cd-e483-11e3-b91b-c62372b697e8}
systemroot              \windows
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {7ce8fc2d-e598-11e3-bfbd-92e2f16b8dee}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=C:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                       {emssettings}
                       {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                       {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {7ce8fc30-e598-11e3-bfbd-92e2f16b8dee}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\7ce8fc2f-e598-11e3-bfbd-92e2f16b8dee\boot.sdi

Device options
--------------
identifier              {e14e01cd-e483-11e3-b91b-c62372b697e8}
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\3d8c383f-c135-11e3-819c-b6b172464e37\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 14%
Total physical RAM: 3071.18 MB
Available physical RAM: 2626.35 MB
Total Pagefile: 3069.46 MB
Available Pagefile: 2631.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1945.7 MB

==================== Drives ================================

Drive c: (Garage) (Fixed) (Total:931.41 GB) (Free:834.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (XP Drive Files) (Fixed) (Total:149.05 GB) (Free:78.13 GB) NTFS
Drive e: (NEW BACKUP) (Fixed) (Total:465.76 GB) (Free:112.65 GB) NTFS
Drive f: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive i: (ED CANNADY) (Removable) (Total:3.74 GB) (Free:3.62 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 41CE41CD)
Partition 1: (Not Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 298.1 GB) (Disk ID: D7E4194D)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: B0A12B0A)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 3.7 GB) (Disk ID: E782E782)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=07 NTFS)


LastRegBack: 2014-12-25 00:50

==================== End Of Log ============================

#2
Hi edcannady, Welcome to the forum and Happy New Year.

I had a quick look, I will have a proper look when I get back. There was these:


Quote:HKU\Ed Cannady\...\Run: [Ivhvsoft] => regsvr32.exe "C:\Users\Ed Cannady\AppData\Local\Ivhvsoft\cfTime.dll" <===== ATTENTION

HKU\Ed Cannady\...\Run: [Afkhworks] => C:\Windows\System32\regsvr32.exe "C:\Users\Ed Cannady\AppData\Local\YfmdPack\cfTime.dll"
2014-12-27 15:13 - 2014-12-31 04:50 - 00000000 ____D () C:\Users\Ed Cannady\AppData\Local\YfmdPack
2014-12-27 15:13 - 2014-12-31 04:50 - 00000000 ____D () C:\Users\Ed Cannady\AppData\Local\Ivhvsoft
Please download [Image: adwcleane.png] AdwCleaner (by Xplode) and save it to your Desktop


  • Right-click on AdwCleaner.exe and Run as administrator.
  • Click Scan. (AdwCleaner will now scan for Adware.)

  • Once scan finishes, click Clean, now follow the on screen prompts.

  • Your computer should now reboot.

  • A log file will automatically open. Please Copy and Paste when you replay in your next post.


Note: The log can also be found in here: C:\AdwCleaner\
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 

#3
Happy New Year and Thank you! Smile
Probably time for new glasses? Wink Ran the Adwcleaner and had it do the "clean", ran it a second time and and it came back clean! One suggestion, maybe next release Farbar make the word "Attention" in bold font to have it easier to spot?

Best Wishes, Ed

#4
You should run FRST again to make sure it was all removed.

Also why are you running FRST from Recovery?

#5
Thank you and I plan to run it again tonight.
I believe that "Recovery" was the only option in Windows 7?

Just as an FYI, I did try to make a donation and the Credit Card billing address only allows the U.K. and not U.S.A. as a country! Sad

Best, Ed

#6
(01-02-2015, 07:37 PM)edcannady Wrote:  Thank you and I plan to run it again tonight.
I believe that "Recovery" was the only option in Windows 7?

Just as an FYI, I did try to make a donation and the Credit Card billing address only allows the U.K. and not U.S.A. as a country! Sad

Best, Ed
Safe mode and normal mode should have been on that list as Recovery is different and not meant to be used for FRST (as far as I'm aware).

Brian would be the one to answer the donation problem as I don't know the set up.

#7
Thank you!
This time I re-ran FRST in safe mode with command prompt and the issues had not been resolved. They were in folders that could only be deleted in safe mode! Then I had to do a regedit and manually remove them from the registry! Again I sincerely appreciate all the help and support. Thank you!

Best Wishes, Ed

#8
Fix with FRST

Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.

  • Open Notepad.exeDo not use any other text editor software;
  • Copy and Paste the contents inside the code-box to your Notepad --




    Code:
    Start
    CreateRestorePoint:
    CloseProcesses:
    Emptytemp:
    C:\Users\Ed Cannady\AppData\Local\Ivhvsoft
    C:\Users\Ed Cannady\AppData\Local\YfmdPack
    C:\Users\Ed Cannady\AppData\Local\Ivhvsoft\cfTime.dll
    C:\Users\Ed Cannady\AppData\Local\YfmdPack\cfTime.dll
    HKLM-x32\...\Run: [] => [X]
    HKU\Ed Cannady\...\Run: [Afkhworks] =>
    HKU\Ed Cannady\...\Run: [Ivhvsoft] =>
    CMD: ipconfig /flushdns
    End
  • Click on File > Save as...




    • Inside the File Name box type fixlist.txt;
    • From the Save as type drop down list, choose All Files
  • Save the file to your Desktop;
  • Re-run FRST.exe and click Fix;




    • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
  • After the completion, a log will be produced;
  • Copy and Paste the contents of the log in your next reply.
Thanks for trying to donate, at this time, my donations are going through PayPal.
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 

#9
Thank you again!
I think maybe this time it is fixed?
I added 4 files
The 2 labeled outbound are screenshots of outbound attempts and I did not include the inbounds.
There is the "fixlog.txt"
And most important is the problem with Paypal (paypal.doc).
Paypal is not allowing the U.S.A. as a country you can be paid from!
You may wish to have them correct this as I would imagine you have or will have many Americans who wish to support you.

Again, my most sincere thanks for all your help!
My son does computer repairs and I will certainly inform him of your great software.

Best Wishes, Ed


Attached Files
.jpg   Outbound1.JPG (Size: 59.74 KB / Downloads: 6)
.txt   Fixlog.txt (Size: 1.7 KB / Downloads: 2)
.jpg   outbound2.jpg (Size: 65.09 KB / Downloads: 5)
.doc   Paypal.doc (Size: 246.5 KB / Downloads: 2)

#10
Ed if you wish to donate and you have a paypal account, click on my donate button and pay what you want, its that simple. Thanks for your support and I see "Directory not found" so you must of deleted that file.


Is scan coming up clean?
<left><form action="https://www.paypal.com/cgi-bin/webscr" method="post">If you are satisfied with my help, consider a donation. Thank you so much for your continued support! 
<input type="hidden" name="cmd" value="_s-xclick">
<input type="hidden" name="hosted_button_id" value="Y4ZDLXGFS4F8Q">
<input type="image" src="https://www.paypalobjects.com/en_US/GB/i/btn/btn_donateCC_LG.gif" border="0" name="submit" alt="PayPal — The safer, easier way to pay online.">
<img alt="" border="0" src="https://www.paypalobjects.com/en_GB/i/scr/pixel.gif" width="0" height="0">
</form>

   </div></left> 



Forum Jump:


Users browsing this thread:
1 Guest(s)

Powered By MyBB, © 2002-2024 Melroy van den Berg.