Jump to content

Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-11-2013 02
Ran by SYSTEM on MININT-GTO502O on 18-11-2013 07:48:13
Running from F:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [synTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2122536 2010-05-07] (Synaptics Incorporated)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [QuickSet] - C:\Program Files\Dell\QuickSet\quickset.exe [3203440 2010-04-06] (Dell Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [2045440 2010-09-02] (Eastman Kodak Company)
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?
HKLM-x32\...\Run: [FATrayAlert] - C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe [95560 2010-02-21] (Sensible Vision )
HKLM-x32\...\Run: [Dell Webcam Central] - C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744 2009-06-24] (Creative Technology Ltd)
HKLM-x32\...\Run: [FAStartup] - [x]
HKLM-x32\...\Run: [] - [x]
Lsa: [Notification Packages] scecli FAPassSync
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Services (Whitelisted) =================

S2 ioloFileInfoList; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1072664 2013-05-29] (iolo technologies, LLC)
S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [1072664 2013-05-29] (iolo technologies, LLC)
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
S2 McMPFSvc; "C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
S2 McNaiAnn; "C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [x]
S3 McODS; "C:\ProgramData\McAfee\msc\Updates\Installs\1\vso\%VSINSTALL_DIR64%\mcods.exe" [x]

==================== Drivers (Whitelisted) ====================

S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [23464 2008-12-09] (EldoS Corporation)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)

========================== Drivers MD5 =======================

C:\Windows\system32\DRIVERS\1394ohci.sys 969C91060CBB5D17CB8440B5F78B4C51
C:\Windows\System32\DRIVERS\ACPI.sys 794FF35015209B9D44F1360C42C9776D
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DB9D6C6B2CD95A9CA414D045B627422E
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys ==> MD5 is legit
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bcmwl664.sys 8B5D16D20774FC3727F44E161BE2C0AC
C:\Windows\System32\DRIVERS\bcmvwl64.sys D224B2E6BB543F1D8F1177D57FEC2950
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys CA7720B73446FDDEC5C69519C1174C98
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CtClsFlt.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 24CE1ECF9D0AE0301775B07F5FEA175B
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\ElRawDsk.sys D38A883309E04B9FBFFE1ACA60EA3BBF
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\facap.sys 2C1D443E14F376E8331F52F135DCA9EF
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys D3E3F93D67821A2DB2B3D9FAC2DC2064
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys B6AC71AAA2B10848F57FC49D55A651AF
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys ABBF174CB394F5C437410A788B7E404A
C:\Windows\system32\drivers\iaStorV.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\igdkmd64.sys 09CE164AFA8483E41808784D7FCA154E
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Impcd.sys DD587A55390ED2295BCE6D36AD567DA9
C:\Windows\System32\drivers\RTKVHD64.sys 6E4CCB3AFF07E2B9F2A937385C84B573
C:\Windows\System32\DRIVERS\IntcDAud.sys 58CF58DEE26C909BD6F977B61D246295
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 4F4B5FDE429416877DE7143044582EB5
C:\Windows\System32\Drivers\ksecpkg.sys 6F40465A44ECDC1731BEFAFEC5BDD03C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 39918DB0EFCF045A1CE6FABBF339F975
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys F8A10560B35C66F9DE212F03DAD5BFA7
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb10.sys F0067552F8F9B33D7C59403AB808A3CB
C:\Windows\System32\DRIVERS\mrxsmb20.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msahci.sys BCCF16D5FB1109162380E3E28DC9E4E5
C:\Windows\system32\DRIVERS\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys 162100E0BC8377710F9D170631921C03
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 9A6089B056EA1B83B36424FC9D0A300E
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 90061B1ACFE8CCAA5345750FFE08D8B8
C:\Windows\System32\DRIVERS\pci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PDFsFilter.sys 8570C04D9DBFDDD2CCF655DEB4D84715
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys 447DE7E3DEA39D422C1504F245B668B1
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 22D6B47D004A6568C500680BE2972854
C:\Windows\system32\DRIVERS\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09
C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C
C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C
C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv2.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srvnet.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys C25866BDF0E818E02BB8E76845D26E54
C:\Windows\System32\drivers\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\DRIVERS\tcpip.sys 5CFB7AB8F9524D1A1E14369DE63B83CC
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 7518F7BCFD4B308ABC9192BACAF6C970
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 31BA4A33AFAB6A69EA092B18017F737F
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys 537A4E03D7103C12D42DFD8FFDB5BDC9
C:\Windows\system32\DRIVERS\usbcir.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbehci.sys FBB21EBE49F6D560DB37AC25FBC68E66
C:\Windows\System32\DRIVERS\usbhub.sys 6B7A8A99C4A459E73C286A6763EA24CC
C:\Windows\system32\drivers\usbohci.sys 8C88AA7617B4CBC2E4BED61D26B33A27
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS ==> MD5 is legit
C:\Windows\system32\drivers\usbuhci.sys 0B5B3B2DF3FD1709618ACFA50B8392B0
C:\Windows\System32\Drivers\usbvideo.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys 9E425AC5C9A5A973273D169F43B4F5E1
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys 4D52C872018AF7E18D078978DCC3F6F2
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-18 07:47 - 2013-11-18 07:47 - 00000000 ____D C:\FRST
2013-11-17 21:24 - 2013-11-17 21:25 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-11-17 18:07 - 2013-11-17 18:07 - 00000000 ____D C:\Windows\pss
2013-11-17 17:59 - 2013-11-17 17:59 - 00000000 ____D C:\Users\rocket\AppData\Roaming\Malwarebytes
2013-11-17 17:58 - 2013-11-17 17:58 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\rocket\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-17 17:58 - 2013-11-17 17:58 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-17 17:58 - 2013-11-17 17:58 - 00001111 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-17 17:58 - 2013-11-17 17:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-17 17:58 - 2013-11-17 17:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-17 17:58 - 2013-04-04 13:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2013-11-06 02:00 - 2013-11-06 02:01 - 00000000 ____D C:\eb976771b2c9b103981af8c6
2013-11-02 07:10 - 2013-11-02 07:10 - 00000000 ____D C:\fa7025648a06f006d02725
2013-10-27 16:01 - 2013-10-27 16:01 - 00000000 ____D C:\269c08e512dcaf307eb10afedbc11b
2013-10-27 01:00 - 2013-10-27 01:01 - 00000000 ____D C:\48d8c66b00ad7e08d2
2013-10-23 03:21 - 2013-10-23 03:21 - 00000000 ____D C:\c146fc4dec5b55ba9a50
2013-10-21 01:00 - 2013-10-21 01:00 - 00000000 ____D C:\348f6663efdb15d1f8370c77c8

==================== One Month Modified Files and Folders =======

2013-11-18 07:47 - 2013-11-18 07:47 - 00000000 ____D C:\FRST
2013-11-17 21:25 - 2013-11-17 21:24 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-11-17 18:22 - 2009-07-13 23:10 - 01578718 _____ C:\Windows\WindowsUpdate.log
2013-11-17 18:16 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-17 18:16 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-17 18:08 - 2010-10-25 23:12 - 00096968 _____ C:\Windows\PFRO.log
2013-11-17 18:08 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-17 18:08 - 2009-07-13 22:51 - 00125897 _____ C:\Windows\setupact.log
2013-11-17 18:07 - 2013-11-17 18:07 - 00000000 ____D C:\Windows\pss
2013-11-17 18:06 - 2013-06-23 08:06 - 00000000 ____D C:\Users\rocket\AppData\Roaming\DefaultTab
2013-11-17 17:59 - 2013-11-17 17:59 - 00000000 ____D C:\Users\rocket\AppData\Roaming\Malwarebytes
2013-11-17 17:58 - 2013-11-17 17:58 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\rocket\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-17 17:58 - 2013-11-17 17:58 - 00001111 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-17 17:58 - 2013-11-17 17:58 - 00001111 _____ C:\ProgramData\Desktop\Malwarebytes Anti-Malware.lnk
2013-11-17 17:58 - 2013-11-17 17:58 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-17 17:58 - 2013-11-17 17:58 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-17 11:27 - 2012-03-25 17:52 - 00002374 _____ C:\Users\rocket\Desktop\Google Chrome.lnk
2013-11-17 11:24 - 2012-03-25 17:51 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1488074424-825075824-416149989-1001UA.job
2013-11-17 09:34 - 2013-06-26 03:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-13 19:18 - 2012-03-25 17:51 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1488074424-825075824-416149989-1001Core.job
2013-11-13 15:24 - 2013-08-19 01:01 - 00000000 ____D C:\Windows\System32\MRT
2013-11-13 15:24 - 2010-12-09 18:07 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-11 19:44 - 2011-11-24 19:17 - 00002113 _____ C:\Windows\epplauncher.mif
2013-11-11 18:50 - 2009-07-13 23:13 - 00727334 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-06 04:21 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\registration
2013-11-06 03:22 - 2010-12-01 16:22 - 00000000 ____D C:\users\rocket
2013-11-06 02:01 - 2013-11-06 02:00 - 00000000 ____D C:\eb976771b2c9b103981af8c6
2013-11-02 07:10 - 2013-11-02 07:10 - 00000000 ____D C:\fa7025648a06f006d02725
2013-10-27 16:54 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\AppCompat
2013-10-27 16:01 - 2013-10-27 16:01 - 00000000 ____D C:\269c08e512dcaf307eb10afedbc11b
2013-10-27 01:01 - 2013-10-27 01:00 - 00000000 ____D C:\48d8c66b00ad7e08d2
2013-10-23 03:21 - 2013-10-23 03:21 - 00000000 ____D C:\c146fc4dec5b55ba9a50
2013-10-23 03:16 - 2009-07-13 23:08 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-21 01:00 - 2013-10-21 01:00 - 00000000 ____D C:\348f6663efdb15d1f8370c77c8

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$c614d3bf243a3fd7a4fd36cd3756874b

Some content of TEMP:
====================
C:\Users\rocket\AppData\Local\Temp\imagepackage64.exe
C:\Users\rocket\AppData\Local\Temp\mpam-fex64.exe

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

TDL4: custom:26000022 <===== ATTENTION!

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

38
Restore point made on: 2013-11-04 18:57:43
Restore point made on: 2013-11-05 04:37:19
Restore point made on: 2013-11-06 02:00:42
Restore point made on: 2013-11-06 03:29:53
Restore point made on: 2013-11-06 03:43:44
Restore point made on: 2013-11-07 03:27:13
Restore point made on: 2013-11-07 03:39:42
Restore point made on: 2013-11-07 14:46:43
Restore point made on: 2013-11-07 17:14:04
Restore point made on: 2013-11-07 19:19:36
Restore point made on: 2013-11-08 14:36:10
Restore point made on: 2013-11-08 15:28:17
Restore point made on: 2013-11-08 16:30:48
Restore point made on: 2013-11-08 17:38:31
Restore point made on: 2013-11-08 19:11:46
Restore point made on: 2013-11-09 05:44:40
Restore point made on: 2013-11-09 06:24:55
Restore point made on: 2013-11-09 06:55:32
Restore point made on: 2013-11-09 08:16:40
Restore point made on: 2013-11-09 09:59:31
Restore point made on: 2013-11-09 18:17:46
Restore point made on: 2013-11-09 19:46:12
Restore point made on: 2013-11-11 02:00:36
Restore point made on: 2013-11-11 19:43:48
Restore point made on: 2013-11-12 04:28:45
Restore point made on: 2013-11-13 04:39:23
Restore point made on: 2013-11-13 15:24:33
Restore point made on: 2013-11-13 20:00:46
Restore point made on: 2013-11-14 04:34:33
Restore point made on: 2013-11-14 16:56:25
Restore point made on: 2013-11-14 20:04:05
Restore point made on: 2013-11-15 04:34:42
Restore point made on: 2013-11-15 15:38:58
Restore point made on: 2013-11-15 19:17:16
Restore point made on: 2013-11-16 09:44:32
Restore point made on: 2013-11-16 11:37:12
Restore point made on: 2013-11-16 20:57:18
Restore point made on: 2013-11-17 09:53:21

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 5940.52 MB
Available physical RAM: 5261.29 MB
Total Pagefile: 5938.67 MB
Available Pagefile: 5263.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:396.29 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:14.65 GB) (Free:6.45 GB) NTFS ==>[system with boot components (obtained from reading drive)]
ATTENTION: Malware custom entry on BCD on drive e: detected.
Drive f: (Mikes Passport) (Fixed) (Total:232.88 GB) (Free:76.38 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 466 GB) (Disk ID: 07F2837E)
Partition 1: (Not Active) - (Size=102 MB) - (Type=DE)
Partition 2: (Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 233 GB) (Disk ID: 5B6AC646)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

LastRegBack: 2013-11-11 02:28

==================== End Of Log ============================

Link to post
Share on other sites

  • 3 weeks later...
  • 3 weeks later...
  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.