Jump to content

vikingdt2

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by vikingdt2

  1. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013 02 Ran by SYSTEM on MININT-GTO502O on 18-11-2013 07:48:13 Running from F:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log. ==================== Registry (Whitelisted) ================== HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated) HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [3203440 2010-04-06] (Dell Inc.) HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company) HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess? HKLM-x32\...\Run: [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-02-21] (Sensible Vision ) HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd) HKLM-x32\...\Run: [FAStartup] - [x] HKLM-x32\...\Run: [] - [x] Lsa: [Notification Packages] scecli FAPassSync Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation) ==================== Services (Whitelisted) ================= S2 ioloFileInfoList; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1072664 2013-05-29] (iolo technologies, LLC) S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1072664 2013-05-29] (iolo technologies, LLC) S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation) S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation) S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x] S2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x] S3 McODS; "C:\ProgramData\McAfee\msc\Updates\Installs\1\vso\%VSINSTALL_DIR64%\mcods.exe" [x] ==================== Drivers (Whitelisted) ==================== S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation) S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation) S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation) ========================== Drivers MD5 ======================= C:\Windows\system32\DRIVERS\1394ohci.sys 969C91060CBB5D17CB8440B5F78B4C51 C:\Windows\System32\DRIVERS\ACPI.sys 794FF35015209B9D44F1360C42C9776D C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\atapi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bcmwl664.sys 8B5D16D20774FC3727F44E161BE2C0AC C:\Windows\System32\DRIVERS\bcmvwl64.sys D224B2E6BB543F1D8F1177D57FEC2950 C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys CA7720B73446FDDEC5C69519C1174C98 C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CtClsFlt.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 24CE1ECF9D0AE0301775B07F5FEA175B C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\ElRawDsk.sys D38A883309E04B9FBFFE1ACA60EA3BBF C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\facap.sys 2C1D443E14F376E8331F52F135DCA9EF C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064 C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys ABBF174CB394F5C437410A788B7E404A C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\igdkmd64.sys 09CE164AFA8483E41808784D7FCA154E C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9 C:\Windows\System32\drivers\RTKVHD64.sys 6E4CCB3AFF07E2B9F2A937385C84B573 C:\Windows\System32\DRIVERS\IntcDAud.sys 58CF58DEE26C909BD6F977B61D246295 C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5 C:\Windows\System32\Drivers\ksecpkg.sys 6F40465A44ECDC1731BEFAFEC5BDD03C C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\L1C62x64.sys 39918DB0EFCF045A1CE6FABBF339F975 C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\MpFilter.sys F8A10560B35C66F9DE212F03DAD5BFA7 C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\msahci.sys BCCF16D5FB1109162380E3E28DC9E4E5 C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\NisDrvWFP.sys 162100E0BC8377710F9D170631921C03 C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 9A6089B056EA1B83B36424FC9D0A300E C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8 C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\PDFsFilter.sys 8570C04D9DBFDDD2CCF655DEB4D84715 C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\System32\Drivers\PxHlpa64.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\Drivers\RtsUStor.sys 22D6B47D004A6568C500680BE2972854 C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09 C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3 C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\SynTP.sys C25866BDF0E818E02BB8E76845D26E54 C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys 31BA4A33AFAB6A69EA092B18017F737F C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys 537A4E03D7103C12D42DFD8FFDB5BDC9 C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit C:\Windows\system32\drivers\usbehci.sys FBB21EBE49F6D560DB37AC25FBC68E66 C:\Windows\System32\DRIVERS\usbhub.sys 6B7A8A99C4A459E73C286A6763EA24CC C:\Windows\system32\drivers\usbohci.sys 8C88AA7617B4CBC2E4BED61D26B33A27 C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit C:\Windows\system32\drivers\usbuhci.sys 0B5B3B2DF3FD1709618ACFA50B8392B0 C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1 C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys 4D52C872018AF7E18D078978DCC3F6F2 C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-11-18 07:47 - 2013-11-18 07:47 - 00000000 ____D C:\FRST 2013-11-17 21:24 - 2013-11-17 21:25 - 00000000 ____D C:\Windows\Microsoft Antimalware 2013-11-17 18:07 - 2013-11-17 18:07 - 00000000 ____D C:\Windows\pss 2013-11-17 17:59 - 2013-11-17 17:59 - 00000000 ____D C:\Users\rocket\AppData\Roaming\Malwarebytes 2013-11-17 17:58 - 2013-11-17 17:58 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\rocket\Desktop\mbam-setup-1.75.0.1300.exe 2013-11-17 17:58 - 2013-11-17 17:58 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-11-17 17:58 - 2013-11-17 17:58 - 00001111 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk 2013-11-17 17:58 - 2013-11-17 17:58 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-17 17:58 - 2013-11-17 17:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-17 17:58 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys 2013-11-06 02:00 - 2013-11-06 02:01 - 00000000 ____D C:\eb976771b2c9b103981af8c6 2013-11-02 07:10 - 2013-11-02 07:10 - 00000000 ____D C:\fa7025648a06f006d02725 2013-10-27 16:01 - 2013-10-27 16:01 - 00000000 ____D C:\269c08e512dcaf307eb10afedbc11b 2013-10-27 01:00 - 2013-10-27 01:01 - 00000000 ____D C:\48d8c66b00ad7e08d2 2013-10-23 03:21 - 2013-10-23 03:21 - 00000000 ____D C:\c146fc4dec5b55ba9a50 2013-10-21 01:00 - 2013-10-21 01:00 - 00000000 ____D C:\348f6663efdb15d1f8370c77c8 ==================== One Month Modified Files and Folders ======= 2013-11-18 07:47 - 2013-11-18 07:47 - 00000000 ____D C:\FRST 2013-11-17 21:25 - 2013-11-17 21:24 - 00000000 ____D C:\Windows\Microsoft Antimalware 2013-11-17 18:22 - 2009-07-13 23:10 - 01578718 _____ C:\Windows\WindowsUpdate.log 2013-11-17 18:16 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-11-17 18:16 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-11-17 18:08 - 2010-10-25 23:12 - 00096968 _____ C:\Windows\PFRO.log 2013-11-17 18:08 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-11-17 18:08 - 2009-07-13 22:51 - 00125897 _____ C:\Windows\setupact.log 2013-11-17 18:07 - 2013-11-17 18:07 - 00000000 ____D C:\Windows\pss 2013-11-17 18:06 - 2013-06-23 08:06 - 00000000 ____D C:\Users\rocket\AppData\Roaming\DefaultTab 2013-11-17 17:59 - 2013-11-17 17:59 - 00000000 ____D C:\Users\rocket\AppData\Roaming\Malwarebytes 2013-11-17 17:58 - 2013-11-17 17:58 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\rocket\Desktop\mbam-setup-1.75.0.1300.exe 2013-11-17 17:58 - 2013-11-17 17:58 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-11-17 17:58 - 2013-11-17 17:58 - 00001111 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk 2013-11-17 17:58 - 2013-11-17 17:58 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-11-17 17:58 - 2013-11-17 17:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-11-17 11:27 - 2012-03-25 17:52 - 00002374 _____ C:\Users\rocket\Desktop\Google Chrome.lnk 2013-11-17 11:24 - 2012-03-25 17:51 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1488074424-825075824-416149989-1001UA.job 2013-11-17 09:34 - 2013-06-26 03:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-11-13 19:18 - 2012-03-25 17:51 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1488074424-825075824-416149989-1001Core.job 2013-11-13 15:24 - 2013-08-19 01:01 - 00000000 ____D C:\Windows\System32\MRT 2013-11-13 15:24 - 2010-12-09 18:07 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-11-11 19:44 - 2011-11-24 19:17 - 00002113 _____ C:\Windows\epplauncher.mif 2013-11-11 18:50 - 2009-07-13 23:13 - 00727334 _____ C:\Windows\System32\PerfStringBackup.INI 2013-11-06 04:21 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration 2013-11-06 03:22 - 2010-12-01 16:22 - 00000000 ____D C:\users\rocket 2013-11-06 02:01 - 2013-11-06 02:00 - 00000000 ____D C:\eb976771b2c9b103981af8c6 2013-11-02 07:10 - 2013-11-02 07:10 - 00000000 ____D C:\fa7025648a06f006d02725 2013-10-27 16:54 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat 2013-10-27 16:01 - 2013-10-27 16:01 - 00000000 ____D C:\269c08e512dcaf307eb10afedbc11b 2013-10-27 01:01 - 2013-10-27 01:00 - 00000000 ____D C:\48d8c66b00ad7e08d2 2013-10-23 03:21 - 2013-10-23 03:21 - 00000000 ____D C:\c146fc4dec5b55ba9a50 2013-10-23 03:16 - 2009-07-13 23:08 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-10-21 01:00 - 2013-10-21 01:00 - 00000000 ____D C:\348f6663efdb15d1f8370c77c8 ZeroAccess: C:\$Recycle.Bin\S-1-5-18\$c614d3bf243a3fd7a4fd36cd3756874b Some content of TEMP: ==================== C:\Users\rocket\AppData\Local\Temp\imagepackage64.exe C:\Users\rocket\AppData\Local\Temp\mpam-fex64.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit TDL4: custom:26000022 <===== ATTENTION! ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= 38 Restore point made on: 2013-11-04 18:57:43 Restore point made on: 2013-11-05 04:37:19 Restore point made on: 2013-11-06 02:00:42 Restore point made on: 2013-11-06 03:29:53 Restore point made on: 2013-11-06 03:43:44 Restore point made on: 2013-11-07 03:27:13 Restore point made on: 2013-11-07 03:39:42 Restore point made on: 2013-11-07 14:46:43 Restore point made on: 2013-11-07 17:14:04 Restore point made on: 2013-11-07 19:19:36 Restore point made on: 2013-11-08 14:36:10 Restore point made on: 2013-11-08 15:28:17 Restore point made on: 2013-11-08 16:30:48 Restore point made on: 2013-11-08 17:38:31 Restore point made on: 2013-11-08 19:11:46 Restore point made on: 2013-11-09 05:44:40 Restore point made on: 2013-11-09 06:24:55 Restore point made on: 2013-11-09 06:55:32 Restore point made on: 2013-11-09 08:16:40 Restore point made on: 2013-11-09 09:59:31 Restore point made on: 2013-11-09 18:17:46 Restore point made on: 2013-11-09 19:46:12 Restore point made on: 2013-11-11 02:00:36 Restore point made on: 2013-11-11 19:43:48 Restore point made on: 2013-11-12 04:28:45 Restore point made on: 2013-11-13 04:39:23 Restore point made on: 2013-11-13 15:24:33 Restore point made on: 2013-11-13 20:00:46 Restore point made on: 2013-11-14 04:34:33 Restore point made on: 2013-11-14 16:56:25 Restore point made on: 2013-11-14 20:04:05 Restore point made on: 2013-11-15 04:34:42 Restore point made on: 2013-11-15 15:38:58 Restore point made on: 2013-11-15 19:17:16 Restore point made on: 2013-11-16 09:44:32 Restore point made on: 2013-11-16 11:37:12 Restore point made on: 2013-11-16 20:57:18 Restore point made on: 2013-11-17 09:53:21 ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 5940.52 MB Available physical RAM: 5261.29 MB Total Pagefile: 5938.67 MB Available Pagefile: 5263.53 MB Total Virtual: 8192 MB Available Virtual: 8191.87 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:396.29 GB) NTFS Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.45 GB) NTFS ==>[system with boot components (obtained from reading drive)] ATTENTION: Malware custom entry on BCD on drive e: detected. Drive f: (Mikes Passport) (Fixed) (Total:232.88 GB) (Free:76.38 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 07F2837E) Partition 1: (Not Active) - (Size=102 MB) - (Type=DE) Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 233 GB) (Disk ID: 5B6AC646) Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS) LastRegBack: 2013-11-11 02:28 ==================== End Of Log ============================
  2. I had a virus and when I deleted the virus I was stuck with this error message.. PLEASE HELP
  3. I downloaded the frst program, ran it and attached it. Could someone please help with the BSOD error im getting. I tried bootsec /fixmbr and the other 2 to fix the MBR but that didn't work. ANY HELP?? please.FRST.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.