Jump to content

kellnermichael

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. problem solved used cmd prompt to grab files I needed to keep and moved them to flash drive. wiped computer and started with a fresh install.
  2. here is the frst64.log from cmd prompt during recovery Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2013 01 Ran by SYSTEM on 12-05-2013 09:58:29 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323072 2009-08-11] (AlcorMicro Co., Ltd.) HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [617856 2009-07-30] (ELAN Microelectronic Corp.) HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x] HKLM\...\Run: [Logitech Download Assistant] C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch [1832760 2012-09-20] (Logitech, Inc.) HKLM\...\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" [x] HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1281512 2013-01-27] (Microsoft Corporation) HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) HKLM-x32\...\RunOnce: [*EvtMgr32] C:\Users\Kellner\AppData\Roaming\{272C7919-0431-1606-001F-160F0305091B}.exe [309760 2013-05-11] (WINner Tweak Software) HKLM\...\Winlogon: [shell] C:\Users\Kellner\AppData\Roaming\{272C7919-0431-1606-001F-160F0305091B}.exe [x ] () Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess HKLM-x32\...\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r [2244096 2009-07-12] (VIA) HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS) HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [6859392 2009-08-17] (ASUS) HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [170624 2009-08-19] (ASUS) HKU\Kellner\...\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.) HKU\Kellner\...\Run: [Google Update] "C:\Users\Kellner\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-10-09] (Google Inc.) HKU\Kellner\...\Winlogon: [shell] C:\Users\Kellner\AppData\Roaming\{272C7919-0431-1606-001F-160F0305091B}.exe [309760 2013-05-11] (WINner Tweak Software) Startup: C:\ProgramData\Start Menu\Programs\Startup\Logitech SetPoint.lnk ShortcutTarget: Logitech SetPoint.lnk -> D:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) ==================== Services (Whitelisted) ================= S2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] () S3 CCALib8; C:\Program Files (x86)\Canon\CAL\CALMAIN.exe [96341 2005-09-30] (Canon Inc.) S3 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [107912 2008-10-09] () S2 iprip; C:\Windows\System32\iprip.dll [35328 2009-07-13] (Microsoft Corporation) S3 MatSvc; C:\Program Files\Microsoft Fix it Center\Matsvc.exe [343856 2011-06-13] (Microsoft Corporation) S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62111072 2011-06-17] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) S3 npggsvc; C:\Windows\SysWow64\GameMon.des [3928736 2011-08-21] (INCA Internet Co., Ltd.) S2 SNMP; C:\Windows\System32\snmp.exe [49664 2010-11-20] (Microsoft Corporation) S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [431456 2011-06-17] (Microsoft Corporation) S3 TabletServiceWacom; C:\Windows\system32\Wacom_Tablet.exe [1908520 2007-09-07] (Wacom Technology, Corp.) S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [81920 2009-07-13] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== S2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] () S3 CamdAudio; C:\Windows\System32\drivers\CamdAudio.sys [34040 2011-10-04] (Windows ® Win 7 DDK provider) S3 DrmRAudio; C:\Windows\System32\drivers\DrmRAudio.sys [34040 2011-10-05] (Windows ® Win 7 DDK provider) S3 GUCI_AVS; C:\Windows\System32\DRIVERS\GUCI_AVS.sys [693248 2009-06-22] (PixArt Imaging Incorporation) S1 ISODrive; D:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [115600 2010-01-29] (EZB Systems, Inc.) S3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( ) S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [36680 2013-02-21] () S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) S3 NPPTNT2; C:\Windows\SysWow64\npptNT2.sys [4682 2005-01-03] (INCA Internet Co., Ltd.) S3 PCASp60; C:\Windows\SysWow64\Drivers\PCASp60.sys [38912 2010-09-07] (Printing Communications Assoc., Inc. (PCAUSA)) S1 kqndyofc; \??\C:\Windows\system32\drivers\kqndyofc.sys [x] S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [x] S4 LMIRfsClientNP; No ImagePath S2 NEWDRIVER; \??\C:\Windows\SysWow64\WinVDEdrv6.sys [x] S2 npf; system32\drivers\npf.sys [x] S3 tmlwf; S3 tmwfp; ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\System32\drivers\AmUStor.SYS 391887990CDAA83DE5C56C3FDE966DA1 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\Drivers\AsDsm.sys 88FBC8BEBFD38566235EAA5E4DBC4E05 C:\Program Files\ATKGFNEX\ASMMAP64.sys 2DB34EDD17D3A8DA7105A19C95A3DD68 C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\athrx.sys A5E770426D18F8EF332A593F3289DA91 C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\drivers\CamdAudio.sys 9CE6785CD2EAFC5CF06BE0DC8A43D955 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys AAFCB52FE0037207FB6FBEA070D25EFE C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\DrmRAudio.sys 094DD5227F9955AAC15D6BA7247B65C0 C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ETD.sys 1299D1EA00B7A4BF69C5869DCA31E0F6 C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fssfltr.sys 5814011B2F6E088E29D689B5FCD49B8F C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\GUCI_AVS.sys DFD7FF7E57803A6856DED7FEF73535A2 C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\igdkmd64.sys C6238C6ABD6AC99F5D152DA4E9439A3D C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit D:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys 9C6F3F69163133FB8E56AC4A6E163452 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4 C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4 C:\Windows\System32\Drivers\ksecpkg.sys 7EFB9333E4ECCE6AE4AE9D777D9E553E C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\L1E62x64.sys B8E670D7EF61615FA03104552854FAC9 C:\Windows\System32\DRIVERS\LEqdUsb.Sys BECBD7CD46776B8739EE18061F45A581 C:\Windows\System32\DRIVERS\LHidEqd.Sys 21D6BD7D62C270059EB8E2B1D4095880 C:\Windows\System32\DRIVERS\LHidFilt.Sys B6552D382FF070B4ED34CBD6737277C0 C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lmimirr.sys 413ECDCFAD9A82804D3674C8D7EEC24E C:\Windows\system32\drivers\LMIRfsDriver.sys C57D3FAA50E6F395759FFB7C709BD944 C:\Windows\System32\DRIVERS\LMouFilt.Sys 73C1F563AB73D459DFFE682D66476558 C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lullaby.sys 085435AE1A124361304044029B5CC644 C:\Windows\system32\drivers\mbamchameleon.sys 8B03202C731A0B967927EB7E5B2E470C C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\MpFilter.sys F8A10560B35C66F9DE212F03DAD5BFA7 C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ATK64AMD.sys 032D35C996F21D19A205A7C8F0B76F3C C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\NisDrvWFP.sys 162100E0BC8377710F9D170631921C03 C:\Windows\SysWow64\npptNT2.sys 9131FE60ADFAB595C8DA53AD6A06AA31 C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\SysWow64\Drivers\PCASp60.sys 5EACB8A19CAD7057806FBBF9550165E1 C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RsFx0151.sys C606C5F712A3761896CEFFA4AF6B1268 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SiSG664.sys 1BC348CF6BAA90EC8E533EF6E6A69933 C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tbhsd.sys 93F0F5EF8A4CA261372DF98B31B2BD05 C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899 C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899 C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24 C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31 C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\System32\drivers\viahduaa.sys FE595D1A1B781190BB483444B62CC607 C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wacmoumonitor.sys 37E4600E2CDAD3C1A3613A25B97D457C C:\Windows\System32\DRIVERS\wacommousefilter.sys E04D43C7D1641E95D35CAE6086C7E350 C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wacomvhid.sys 9D45E06348C6703FBA2064AC149AABDA C:\Windows\System32\DRIVERS\WacomVKHid.sys 8B4255329EDFBA3ECFBD0714476FAD38 C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wimfltr.sys 52DED146E4797E6CCF94799E8E22BB2A C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys AD12F5C7251BB8D575D560894E73CBBA C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys AD12F5C7251BB8D575D560894E73CBBA C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys AD12F5C7251BB8D575D560894E73CBBA C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys AD12F5C7251BB8D575D560894E73CBBA C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys AD12F5C7251BB8D575D560894E73CBBA C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-12 09:58 - 2013-05-12 09:58 - 00000000 ____D C:\FRST 2013-05-12 09:04 - 2013-05-12 08:51 - 01315919 ____A (Farbar) C:\FRST.exe 2013-05-11 05:11 - 2013-05-11 05:11 - 00309760 ___SH (WINner Tweak Software) C:\Users\Kellner\AppData\Roaming\{272C7919-0431-1606-001F-160F0305091B}.exe 2013-05-11 05:11 - 2013-05-11 05:11 - 00012957 ____A C:\Users\Kellner\Desktop\hs_err_pid1924.log 2013-04-30 18:21 - 2013-02-21 02:30 - 01766912 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-04-30 18:21 - 2013-02-21 02:30 - 01129984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-04-30 18:21 - 2013-02-21 02:29 - 14323200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-04-30 18:21 - 2013-02-21 02:29 - 13761024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-04-30 18:21 - 2013-02-21 02:29 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-04-30 18:21 - 2013-02-21 02:29 - 02046464 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-04-30 18:21 - 2013-02-21 02:29 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-04-30 18:21 - 2013-02-21 02:29 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-04-30 18:21 - 2013-02-21 02:29 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-04-30 18:21 - 2013-02-21 02:29 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-04-30 18:21 - 2013-02-21 02:29 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-04-30 18:21 - 2013-02-21 02:29 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-04-30 18:21 - 2013-02-21 02:29 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-04-30 18:21 - 2013-02-21 02:15 - 02240512 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-04-30 18:21 - 2013-02-21 02:15 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-04-30 18:21 - 2013-02-21 02:14 - 19230208 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-04-30 18:21 - 2013-02-21 02:14 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-04-30 18:21 - 2013-02-21 02:14 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-04-30 18:21 - 2013-02-21 02:14 - 02647040 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-04-30 18:21 - 2013-02-21 02:14 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-04-30 18:21 - 2013-02-21 02:14 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-04-30 18:21 - 2013-02-21 02:14 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-04-30 18:21 - 2013-02-21 02:14 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-04-30 18:21 - 2013-02-21 02:14 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-04-30 18:21 - 2013-02-21 02:14 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-04-30 18:21 - 2013-02-21 02:14 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-04-30 18:21 - 2013-02-21 02:14 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-04-30 18:21 - 2013-02-19 04:01 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-04-30 18:21 - 2013-02-19 03:42 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-04-30 18:21 - 2013-02-19 03:10 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-04-30 18:21 - 2013-02-19 02:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-04-29 18:29 - 2013-04-29 18:29 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-04-29 18:29 - 2013-04-29 18:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-04-29 18:29 - 2013-04-29 18:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-04-29 18:29 - 2013-04-29 18:29 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-04-29 18:29 - 2013-04-29 18:29 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-04-29 18:29 - 2013-04-29 18:29 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-04-29 18:29 - 2013-04-29 18:29 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-04-29 18:29 - 2013-04-29 18:29 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-04-29 18:26 - 2013-04-29 18:32 - 00007921 ____A C:\Windows\IE10_main.log 2013-04-23 12:59 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys ==================== One Month Modified Files and Folders ======= 2013-05-12 09:58 - 2013-05-12 09:58 - 00000000 ____D C:\FRST 2013-05-12 08:51 - 2013-05-12 09:04 - 01315919 ____A (Farbar) C:\FRST.exe 2013-05-12 08:37 - 2011-10-04 03:07 - 00000000 ____D C:\users\Kellner 2013-05-12 08:37 - 2009-11-30 18:51 - 00000000 ____D C:\ProgramData\P4G 2013-05-12 08:37 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration 2013-05-12 05:41 - 2009-07-13 20:45 - 00010240 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-12 05:41 - 2009-07-13 20:45 - 00010240 ____A C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-12 05:39 - 2011-10-09 00:23 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3731080413-921759781-3865725728-1000UA.job 2013-05-12 05:38 - 2011-10-10 02:49 - 00079170 ____A C:\Windows\setupact.log 2013-05-12 05:38 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-12 05:05 - 2009-11-30 17:54 - 01615756 ____A C:\Windows\WindowsUpdate.log 2013-05-12 04:57 - 2012-05-09 22:07 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-11 08:28 - 2009-07-13 21:13 - 00916008 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-11 05:11 - 2013-05-11 05:11 - 00309760 ___SH (WINner Tweak Software) C:\Users\Kellner\AppData\Roaming\{272C7919-0431-1606-001F-160F0305091B}.exe 2013-05-11 05:11 - 2013-05-11 05:11 - 00012957 ____A C:\Users\Kellner\Desktop\hs_err_pid1924.log 2013-05-11 04:55 - 2013-03-29 09:20 - 00000000 ____D C:\Users\Kellner\AppData\Roaming\Skype 2013-05-10 18:28 - 2013-01-31 16:23 - 00000936 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3731080413-921759781-3865725728-1000UA.job 2013-05-10 15:28 - 2013-01-31 16:23 - 00000914 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3731080413-921759781-3865725728-1000Core.job 2013-05-10 13:39 - 2011-10-09 00:23 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3731080413-921759781-3865725728-1000Core.job 2013-05-06 17:20 - 2012-01-08 08:01 - 00000000 ____D C:\Users\Kellner\Downloads\Adobe_Illustrator_CS5 2013-05-05 13:44 - 2011-10-10 22:49 - 00067978 ____A C:\Windows\PFRO.log 2013-05-05 09:04 - 2009-07-13 21:08 - 00032562 ____A C:\Windows\Tasks\SCHEDLGU.TXT 2013-05-02 07:29 - 2011-11-19 15:46 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-04-30 12:00 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2013-04-29 18:32 - 2013-04-29 18:26 - 00007921 ____A C:\Windows\IE10_main.log 2013-04-29 18:29 - 2013-04-29 18:29 - 01509376 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-04-29 18:29 - 2013-04-29 18:29 - 01441280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2013-04-29 18:29 - 2013-04-29 18:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2013-04-29 18:29 - 2013-04-29 18:29 - 01400416 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat 2013-04-29 18:29 - 2013-04-29 18:29 - 01054720 ____A (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00905728 ____A (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00762368 ____A (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00719360 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00629248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00599552 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00523264 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00452096 ____A (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00441856 ____A (Microsoft Corporation) C:\Windows\System32\html.iec 2013-04-29 18:29 - 2013-04-29 18:29 - 00361984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2013-04-29 18:29 - 2013-04-29 18:29 - 00357888 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00281600 ____A (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00270848 ____A (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00247296 ____A (Microsoft Corporation) C:\Windows\System32\webcheck.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00242200 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00235008 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00232960 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00226816 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00226304 ____A (Microsoft Corporation) C:\Windows\System32\elshyph.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00216064 ____A (Microsoft Corporation) C:\Windows\System32\msls31.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00204800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\msrating.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00185344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00173568 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00167424 ____A (Microsoft Corporation) C:\Windows\System32\iexpress.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00163840 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00158720 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00150528 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\occache.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00144896 ____A (Microsoft Corporation) C:\Windows\System32\wextract.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00138752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00137216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00136192 ____A (Microsoft Corporation) C:\Windows\System32\iepeers.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00135680 ____A (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00125440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00117248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00110592 ____A (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00102912 ____A (Microsoft Corporation) C:\Windows\System32\inseng.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00097280 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00092160 ____A (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00082432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00081408 ____A (Microsoft Corporation) C:\Windows\System32\icardie.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00079872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\tdc.ocx 2013-04-29 18:29 - 2013-04-29 18:29 - 00073728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00069120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00062976 ____A (Microsoft Corporation) C:\Windows\System32\pngfilt.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00061952 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2013-04-29 18:29 - 2013-04-29 18:29 - 00057344 ____A (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00051200 ____A (Microsoft Corporation) C:\Windows\System32\imgutil.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\mshtmler.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00041984 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00038400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00027648 ____A (Microsoft Corporation) C:\Windows\System32\licmgr10.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00023040 ____A (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2013-04-29 18:29 - 2013-04-29 18:29 - 00013824 ____A (Microsoft Corporation) C:\Windows\System32\mshta.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00012800 ____A (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2013-04-29 18:29 - 2013-04-29 18:29 - 00011776 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2013-04-29 14:34 - 2009-07-13 18:34 - 00000461 ____A C:\Windows\win.ini 2013-04-28 15:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\AppCompat 2013-04-26 16:07 - 2013-03-29 09:20 - 00000000 ___RD C:\Program Files (x86)\Skype 2013-04-22 14:49 - 2013-03-31 17:33 - 00000000 ____D C:\Program Files (x86)\HappyLyrics 2013-04-12 12:32 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF 2013-04-12 06:45 - 2013-04-23 12:59 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys Other Malware: =========== C:\ProgramData\FullRemove.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-12 05:05:25 ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=C: description Windows Boot Manager locale en-US inherit {globalsettings} default {default} resumeobject {8cb2d9b0-7c05-11de-842e-b4611d44fefa} displayorder {default} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {572bcd56-ffa7-11d9-aae0-0007e994107d} device ramdisk=[\Device\HarddiskVolume1]\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8} path \windows\system32\boot\winload.exe description Windows Recovery Environment osdevice ramdisk=[\Device\HarddiskVolume1]\winre.wim,{ad6c7bc8-fa0f-11da-8ddf-0013200354d8} systemroot \windows nx OptIn detecthal Yes winpe Yes Windows Boot Loader ------------------- identifier {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale en-US inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {8cb2d9b0-7c05-11de-842e-b4611d44fefa} nx OptIn Windows Boot Loader ------------------- identifier {current} device ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\Winre.wim,{8cb2d9b5-7c05-11de-842e-b4611d44fefa} systemroot \windows nx OptIn winpe Yes Resume from Hibernate --------------------- identifier {8cb2d9b0-7c05-11de-842e-b4611d44fefa} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=C: path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {8cb2d9b5-7c05-11de-842e-b4611d44fefa} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\8cb2d9b4-7c05-11de-842e-b4611d44fefa\boot.sdi Device options -------------- identifier {ad6c7bc8-fa0f-11da-8ddf-0013200354d8} description Ramdisk Device Options ramdisksdidevice partition=\Device\HarddiskVolume1 ramdisksdipath \boot.sdi ==================== Memory info =========================== Percentage of memory in use: 17% Total physical RAM: 4061.09 MB Available physical RAM: 3335.05 MB Total Pagefile: 4059.23 MB Available Pagefile: 3400.6 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:74.52 GB) (Free:2.64 GB) NTFS (Disk=0 Partition=2) ==>[Drive with boot components (obtained from BCD)] Drive d: (DATA) (Fixed) (Total:208.92 GB) (Free:34.36 GB) NTFS (Disk=0 Partition=3) Drive f: (USB20FD) (Removable) (Total:1.92 GB) (Free:0.79 GB) FAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows Vista) (Size: 298 GB) (Disk ID: 76692CA8) Partition 1: (Not Active) - (Size=15 GB) - (Type=1C) Partition 2: (Active) - (Size=75 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=209 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 06B106B0) Partition 1: (Not Active) - (Size=2 GB) - (Type=0E) Last Boot: 2013-05-04 06:19 ==================== End Of Log ============================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.