Jump to content

Recommended Posts

Black screen with cursor, no task manager, no safe mode, no repair, no restore point after scan with Malwarebytes, Windows 7.
 

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2014 01
Ran by SYSTEM on MININT-FQAQUOL on 01-03-2014 09:50:18
Running from I:\
Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
 
The only official download link for FRST:
Download link for 32-Bit version:
Download link for 64-Bit Version:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)
HKLM-x32\...\Run: [Quick-Drop] - C:\Program Files (x86)\Corel\Corel DVD MovieFactory 7\Corel DVD MovieFactory 7\Quick-Drop.exe [389264 2008-06-02] (Corel Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Policies\Explorer\Run: [57117] - C:\PROGRA~3\LOCALS~1\Temp\msumai.cmd No File
HKU\Ian\...\Run: [AdobeBridge] - [X]
HKU\Ian\...\Run: [Octoshape Streaming Services] - C:\Users\Ian\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)
HKU\Ian\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\Daemon Tools\DTLite.exe [4910912 2011-08-01] (DT Soft Ltd)
HKU\Ian\...\Run: [Novation Automap Server] - C:\Program Files (x86)\Novation\Automap\AutomapServer.exe [3129344 2012-11-15] (Focusrite Audio Engineering Ltd.)
HKU\Ian\...\Run: [Native Instruments Audio 4 DJ Control Panel] - C:\Program Files\Native Instruments\Audio 4 DJ Driver\a4djcpl.exe [12867584 2011-04-11] (Native Instruments GmbH)
HKU\Ian\...\Run: [Remote Mouse] - C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [1198080 2014-01-24] (RemoteMouse.net)
HKU\Ian\...\Run: [EPSON T50 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFFL.EXE [223232 2008-10-09] (SEIKO EPSON CORPORATION)
Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)
 
==================== Services (Whitelisted) =================
 
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)
S2 FolderSize; C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe [114688 2013-02-12] (Brio)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)
S2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)
S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-02-24] ()
S2 rtpMIDIService; C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [1142272 2012-08-23] (Tobias Erichsen)
S2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2012-12-22] ()
 
==================== Drivers (Whitelisted) ====================
 
S0 a2c98e04fd2a64bf; C:\Windows\System32\Drivers\a2c98e04fd2a64bf.sys [78264 2014-02-20] () <===== ATTENTION
S3 a4djavs; C:\Windows\System32\Drivers\a4djavs.sys [358480 2011-04-11] (Native Instruments GmbH)
S3 a4djusb_svc; C:\Windows\System32\Drivers\a4djusb.sys [97360 2011-04-11] (Native Instruments GmbH)
S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()
S3 automap; C:\Windows\System32\DRIVERS\automap.sys [18776 2012-04-19] (Focusrite Audio Engineering Limited)
S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2012-06-03] (DT Soft Ltd)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] ()
S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [53080 2011-10-05] (Novation DMS Ltd.)
S3 teVirtualMIDI64; C:\Windows\System32\DRIVERS\teVirtualMIDI64.sys [30208 2012-08-15] (Tobias Erichsen)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\a2c98e04fd2a64bf.sys 4333CF1F33BB6E32DAD4C3AE5984D3BA
C:\Windows\System32\Drivers\a4djavs.sys 82984567C9B42F7E65B4ADB518282F21
C:\Windows\System32\Drivers\a4djusb.sys 1D35F5E283ED449326B48DBC08A1630B
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 1BF58E56CA271FEF678DC3A9996FAB0A
C:\Windows\System32\DRIVERS\atikmpag.sys 4DD3339D3818356145A4945C1B4CB4C5
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AppleCharger.sys 6BE11AD81D4527D299F0CB5F3731AABC
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys 37CB595C0AB20ECBFA5170D3185690DB
C:\Windows\System32\DRIVERS\automap.sys 62656382273E8E8BA91A5351EEB6645A
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 1ED08A6264C5C92099D6D1DAE5E8F530
C:\Windows\System32\DRIVERS\dtsoftbus01.sys D3D64CF7B2BCEAA34A270F45A3FFFB36
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\E1G6032E.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\SysWOW64\FsUsbExDisk.SYS DDEE99DC54EFA20BD5A442CD733C4462
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\DRIVERS\ggflt.sys 16C2A6BCDDA8952C2035DEC861492A19
C:\Windows\System32\DRIVERS\ggsemc.sys 6B503DF845EABF3457E49FBBDA26C10E
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys 03076F51AF9F78A272CCCDE03E9340CE
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys 1C6E73FC46B509EFF9D0086AA37132DF
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvnusbaudio.sys 7AEAB7A9C665E97F8CF2CC87D9CCEEBB
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys BC08F7F3C53CBEE68670ED1314E290FD
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 907C4464381B5EBDFDC60F6C7D0DEDFC
C:\Windows\System32\DRIVERS\Rt64win7.sys 712944C0A377E9B8743F95BD83E882D4
C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\System32\DRIVERS\ss_bus.sys D21FF3592DAEE244EE8376830A672B52
C:\Windows\System32\DRIVERS\ss_mdfl.sys 451DB3D10E6112E06B4506D4A7BECEC1
C:\Windows\System32\DRIVERS\ss_mdm.sys EF40C8A268A5263A0EF48FED8E57CBED
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\Synth3dVsc.sys C3A39C4079305480972D29C44B868C78
C:\Windows\System32\drivers\tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9
C:\Windows\System32\DRIVERS\tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9
C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9
C:\Windows\System32\DRIVERS\teVirtualMIDI64.sys B1074E2324C61D424EE478122B18ECB7
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:\Windows\system32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys 0C0195C48B6B8582FA6F6373032118DA
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-02-25 19:12 - 2014-03-01 09:50 - 00000000 ____D () C:\FRST
2014-02-21 15:56 - 2010-06-03 11:33 - 00021218 _____ () C:\Users\Ian\Downloads\Modelos de motores Coure-charade.odt
2014-02-21 15:56 - 2010-05-14 04:18 - 00017376 _____ () C:\Users\Ian\Downloads\Modelos.odt
2014-02-21 15:54 - 2014-02-21 15:54 - 00861795 _____ () C:\Users\Ian\Downloads\Manuales_Vs.zip
2014-02-21 07:47 - 2014-02-21 07:47 - 00068894 _____ () C:\Users\Ian\Downloads\369462.rar
2014-02-20 22:07 - 2014-02-20 22:07 - 00015449 _____ () C:\Users\Ian\Downloads\334874.rar
2014-02-20 07:50 - 2014-02-20 07:50 - 00078264 _____ () C:\Windows\System32\Drivers\a2c98e04fd2a64bf.sys
2014-02-19 20:47 - 2014-02-19 20:47 - 00046664 _____ () C:\Users\Ian\Downloads\349779.rar
2014-02-18 14:58 - 2014-02-18 14:58 - 00063304 _____ () C:\Users\Ian\Downloads\Daddy_Yankee_-_Limbo_[audiodump_com] - Part_1.wav
2014-02-18 14:49 - 2014-02-18 14:49 - 00194798 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIOLETA - TOPETE - Part_4.wav
2014-02-18 14:47 - 2014-02-18 14:47 - 00253882 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIOLETA - TOPETE - Part_3.wav
2014-02-18 14:47 - 2014-02-18 14:47 - 00218210 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIOLETA - TOPETE - Part_2.wav
2014-02-18 14:46 - 2014-02-18 14:46 - 00247950 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIOLETA - TOPETE - Part_1.wav
2014-02-18 07:56 - 2014-02-18 07:56 - 00058131 _____ () C:\Users\Ian\Downloads\spandau_ballet-true.mid
2014-02-18 07:51 - 2014-02-18 07:51 - 00031248 _____ () C:\Users\Ian\Downloads\Whitesnake - Is This Love.mid
2014-02-16 10:21 - 2014-02-16 10:21 - 06538836 _____ () C:\Users\Ian\Downloads\Damas Gratis Vs Audio Killers & Knife Party - Bomba Gratis - Derko & Verdun Remix.Mp3.zip
2014-02-15 15:37 - 2014-02-15 15:37 - 00017380 _____ () C:\Users\Ian\AppData\Local\soulseek-client.dat.1392507462943
2014-02-14 16:08 - 2014-02-14 16:08 - 00339968 _____ () C:\Users\Ian\Downloads\Beckers,_D-Nox_-_Confusion_(Original_Mix)_[audiodump_com] - Part_2.wav
2014-02-14 16:02 - 2014-02-14 16:02 - 00045916 _____ () C:\Users\Ian\Downloads\Beckers,_D-Nox_-_Confusion_(Original_Mix)_[audiodump_com] - Part_1.wav
2014-02-13 22:16 - 2014-02-13 22:16 - 00047732 _____ () C:\Users\Ian\Downloads\362818.rar
2014-02-13 20:42 - 2014-02-13 20:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-12 12:25 - 2014-02-12 12:25 - 00302132 _____ () C:\Users\Ian\Downloads\OFF TRANSLATION TEAM Y GRANDIET - Part_4.wav
2014-02-12 12:24 - 2014-02-12 12:24 - 00306372 _____ () C:\Users\Ian\Downloads\OFF TRANSLATION TEAM Y GRANDIET - Part_3.wav
2014-02-12 12:22 - 2014-02-12 12:22 - 00017344 _____ () C:\Users\Ian\AppData\Local\soulseek-client.dat.1392236571408
2014-02-12 12:18 - 2014-02-12 12:18 - 00826244 _____ () C:\Users\Ian\Downloads\OFF TRANSLATION TEAM Y GRANDIET - Part_2.wav
2014-02-12 12:17 - 2014-02-12 12:17 - 00267360 _____ () C:\Users\Ian\Downloads\OFF TRANSLATION TEAM Y GRANDIET - Part_1.wav
2014-02-12 09:30 - 2014-02-12 09:30 - 00046067 _____ () C:\Users\Ian\Downloads\174980.rar
2014-02-12 06:48 - 2014-02-12 06:48 - 00230074 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_5.wav
2014-02-12 06:46 - 2014-02-12 06:46 - 00495522 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_4.wav
2014-02-11 17:41 - 2014-02-11 17:41 - 00034788 _____ () C:\Users\Ian\Downloads\366821.rar
2014-02-11 14:17 - 2014-02-11 14:17 - 00344554 _____ () C:\Users\Ian\Downloads\OFF ZEBRA CORAZON - Part_2 - Part_1.wav
2014-02-11 14:11 - 2014-02-11 14:11 - 00404812 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIERNES VIOLETA - Part_7.wav
2014-02-11 14:09 - 2014-02-11 14:09 - 00275854 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_3.wav
2014-02-11 14:08 - 2014-02-11 14:08 - 00457382 _____ () C:\Users\Ian\Downloads\OFF ZEBRA CORAZON - Part_1 - Part_1.wav
2014-02-11 14:06 - 2014-02-11 14:06 - 00404812 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIERNES VIOLETA - Part_6.wav
2014-02-11 14:05 - 2014-02-11 14:05 - 00884786 _____ () C:\Users\Ian\Downloads\OFF ZEBRA CORAZON - Part_2.wav
2014-02-11 14:05 - 2014-02-11 14:05 - 00509090 _____ () C:\Users\Ian\Downloads\OFF ZEBRA CORAZON - Part_1.wav
2014-02-11 08:35 - 2014-02-11 08:35 - 00519270 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_2.wav
2014-02-11 08:28 - 2014-02-11 08:28 - 00302174 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_1.wav
2014-02-11 07:21 - 2014-02-22 15:40 - 00003788 _____ () C:\Windows\PFRO.log
2014-02-10 12:44 - 2014-02-10 12:44 - 00371698 _____ () C:\Users\Ian\Downloads\OFF ZEBRA MARLOS - Part_1.wav
2014-02-10 11:20 - 2014-02-20 19:59 - 00001680 _____ () C:\Windows\setupact.log
2014-02-10 11:20 - 2014-02-10 11:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-09 22:46 - 2014-02-09 22:46 - 00005765 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-09 22:46 - 2014-02-09 22:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-09 22:46 - 2013-12-18 16:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-09 22:46 - 2013-12-18 16:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-09 22:46 - 2013-12-18 16:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-09 22:46 - 2013-12-18 16:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-09 14:32 - 2014-02-09 14:32 - 00073602 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-look_around.mid
2014-02-09 14:32 - 2014-02-09 14:32 - 00037534 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-give_it_away.mid
2014-02-09 14:31 - 2014-02-09 14:31 - 00035296 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-cant_stop.mid
2014-02-09 14:30 - 2014-02-09 14:30 - 00050662 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-otherside.mid
2014-02-09 14:29 - 2014-02-09 14:29 - 00045391 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-aeroplane.mid
2014-02-09 14:29 - 2014-02-09 14:29 - 00017703 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-road_trippin.mid
2014-02-09 14:28 - 2014-02-09 14:28 - 00016592 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-higher_ground.mid
2014-02-09 14:27 - 2014-02-09 14:27 - 00053601 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-californication.mid
2014-02-09 14:21 - 2014-02-09 14:21 - 00019766 _____ () C:\Users\Ian\Downloads\Hail_To_The_King_-_Avenged_Sevenfold_-_Piano.mid
2014-02-09 14:17 - 2014-02-09 14:17 - 00088079 _____ () C:\Users\Ian\Downloads\avenged_sevenfold-afterlife.mid
2014-02-09 09:42 - 2014-02-09 09:42 - 00061135 _____ () C:\Users\Ian\Downloads\Fleetwood Mac - Everywhere 1.mid
2014-02-08 18:03 - 2014-02-08 18:03 - 00072639 _____ () C:\Users\Ian\Downloads\366111.rar
2014-02-07 13:06 - 2014-02-07 13:06 - 00131740 _____ () C:\Users\Ian\Downloads\Come_and_Hell_-_Supastar_(Victor_Ruiz_Remix)_[audiodump_com] - Part_1.wav
2014-02-06 13:58 - 2014-02-06 13:58 - 00000233 _____ () C:\Users\Ian\Desktop\01.mid
2014-02-06 13:42 - 2014-02-06 13:43 - 90464042 _____ () C:\Users\Ian\Downloads\funky 4 samplers.rar
2014-02-05 11:25 - 2014-02-05 11:25 - 00017358 _____ () C:\Users\Ian\AppData\Local\soulseek-client.dat.1391628345298
2014-02-04 16:07 - 2014-02-04 16:07 - 00002908 _____ () C:\Users\Ian\Downloads\Mord_Fustang_-_We_Are_Now_Connected__Frozen_Ray_20120105054228.mid
2014-02-04 16:00 - 2014-02-04 16:00 - 00000631 _____ () C:\Users\Ian\Downloads\Mord_Fustang_-_Milky_Way__robocat_20110922014639.mid
2014-02-04 15:46 - 2014-02-04 15:46 - 00558320 _____ () C:\Users\Ian\Downloads\Froxic_-_-_Quasar_(Original_Mix)_[audiodump_com].mp3.sfk
2014-02-03 22:09 - 2014-02-03 22:09 - 00001054 _____ () C:\Users\Public\Desktop\Remote Mouse.lnk
2014-02-03 22:09 - 2014-02-03 22:09 - 00001054 _____ () C:\ProgramData\Desktop\Remote Mouse.lnk
2014-02-03 22:09 - 2014-02-03 22:09 - 00000000 ____D () C:\Program Files (x86)\Remote Mouse
2014-02-03 22:08 - 2014-02-03 22:08 - 00482333 _____ (Remote Mouse ) C:\Users\Ian\Downloads\RemoteMouse.exe
2014-02-03 19:52 - 2014-02-03 19:52 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2014-02-03 19:52 - 2014-02-03 19:52 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2014-02-03 19:47 - 2014-02-03 19:47 - 00027760 _____ (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys
2014-02-03 19:47 - 2014-02-03 19:47 - 00014448 _____ (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys
2014-02-03 19:47 - 2014-02-03 19:47 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-02-03 19:46 - 2014-02-03 19:46 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2014-02-03 19:40 - 2014-02-03 19:40 - 00000000 ____D () C:\Users\Ian\.android
2014-02-03 19:39 - 2014-02-03 19:39 - 00000000 ____D () C:\Program Files (x86)\ClockworkMod
2014-02-03 19:38 - 2014-02-03 19:39 - 11060224 _____ () C:\Users\Ian\Downloads\CarbonSetup.msi
2014-02-03 14:48 - 2014-02-03 14:48 - 00164932 _____ () C:\Users\Ian\Downloads\fgdhfi909 - Part_1.wav
2014-02-03 14:47 - 2014-02-03 14:47 - 00278408 _____ () C:\Users\Ian\Downloads\fgdhfi909.wav
2014-02-03 14:46 - 2014-02-03 14:46 - 00298780 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_5.wav
2014-02-03 14:44 - 2014-02-03 14:44 - 00176172 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_4.wav
2014-02-03 14:42 - 2014-02-03 14:42 - 00170772 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_3.wav
2014-02-03 14:41 - 2014-02-03 14:41 - 00200116 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_2.wav
2014-02-03 14:41 - 2014-02-03 14:41 - 00120116 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_1.wav
2014-02-01 14:31 - 2014-02-01 14:31 - 00043498 _____ () C:\Users\Ian\Downloads\james_brown-sex_machine.mid
2014-02-01 14:14 - 2014-02-01 14:14 - 00076137 _____ () C:\Users\Ian\Downloads\Stevie Wonder - Superstition.mid
2014-02-01 14:14 - 2014-02-01 14:14 - 00072821 _____ () C:\Users\Ian\Downloads\Stevie_Wonder_-_Superstition.mid
2014-02-01 14:10 - 2014-02-01 14:10 - 00072821 _____ () C:\Users\Ian\Downloads\stevie_wonder-superstition.mid
2014-02-01 14:02 - 2014-02-01 14:02 - 00053248 _____ () C:\Users\Ian\Downloads\Curtis Mayfield - SUPERFLY.mid
2014-02-01 13:07 - 2014-02-01 13:07 - 00000000 ____D () C:\Users\Ian\Superior Drummer
2014-02-01 12:56 - 2012-02-06 08:55 - 00974848 _____ (Uderzo Software e Consulenza Informatica) C:\Users\Ian\Desktop\SpaceSniffer.exe
2014-02-01 12:55 - 2014-02-01 12:55 - 01536858 _____ () C:\Users\Ian\Downloads\spacesniffer_1_1_4_0.zip
2014-02-01 12:47 - 2014-02-01 12:47 - 00000000 ____D () C:\Users\Ian\Documents\Toontrack
 
==================== One Month Modified Files and Folders =======
 
2014-03-01 09:50 - 2014-02-25 19:12 - 00000000 ____D () C:\FRST
2014-02-23 10:32 - 2009-07-13 20:45 - 00003072 _____ () C:\Windows\System32\umstartup.etl
2014-02-22 15:40 - 2014-02-11 07:21 - 00003788 _____ () C:\Windows\PFRO.log
2014-02-21 18:45 - 2012-10-15 15:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-21 18:45 - 2012-06-01 18:40 - 00001030 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-21 16:24 - 2012-08-29 10:19 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3453534919-3466754778-1962564136-1000UA.job
2014-02-21 15:54 - 2014-02-21 15:54 - 00861795 _____ () C:\Users\Ian\Downloads\Manuales_Vs.zip
2014-02-21 11:45 - 2012-06-01 18:40 - 00001026 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-21 10:24 - 2012-08-29 10:19 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3453534919-3466754778-1962564136-1000Core.job
2014-02-21 07:48 - 2013-03-21 03:58 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer
2014-02-21 07:47 - 2014-02-21 07:47 - 00068894 _____ () C:\Users\Ian\Downloads\369462.rar
2014-02-21 05:13 - 2012-06-01 20:25 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\uTorrent
2014-02-20 22:07 - 2014-02-20 22:07 - 00015449 _____ () C:\Users\Ian\Downloads\334874.rar
2014-02-20 20:45 - 2012-10-15 15:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-20 20:45 - 2012-06-01 18:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-20 20:45 - 2012-06-01 18:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-20 19:59 - 2014-02-10 11:20 - 00001680 _____ () C:\Windows\setupact.log
2014-02-20 19:58 - 2013-06-08 09:12 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-02-20 19:58 - 2013-05-31 08:42 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-02-20 19:58 - 2012-12-20 12:33 - 00000000 ___RD () C:\Users\Ian\Dropbox
2014-02-20 19:58 - 2012-12-20 12:30 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Dropbox
2014-02-20 19:58 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-20 18:18 - 2013-09-23 11:57 - 00000000 ____D () C:\Users\Ian\AppData\Local\CrashDumps
2014-02-20 18:15 - 2013-03-19 06:03 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\piServer
2014-02-20 07:50 - 2014-02-20 07:50 - 00078264 _____ () C:\Windows\System32\Drivers\a2c98e04fd2a64bf.sys
2014-02-20 07:49 - 2012-06-01 17:02 - 01994932 _____ () C:\Windows\WindowsUpdate.log
2014-02-19 20:47 - 2014-02-19 20:47 - 00046664 _____ () C:\Users\Ian\Downloads\349779.rar
2014-02-18 14:58 - 2014-02-18 14:58 - 00063304 _____ () C:\Users\Ian\Downloads\Daddy_Yankee_-_Limbo_[audiodump_com] - Part_1.wav
2014-02-18 14:49 - 2014-02-18 14:49 - 00194798 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIOLETA - TOPETE - Part_4.wav
2014-02-18 14:47 - 2014-02-18 14:47 - 00253882 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIOLETA - TOPETE - Part_3.wav
2014-02-18 14:47 - 2014-02-18 14:47 - 00218210 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIOLETA - TOPETE - Part_2.wav
2014-02-18 14:46 - 2014-02-18 14:46 - 00247950 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIOLETA - TOPETE - Part_1.wav
2014-02-18 07:56 - 2014-02-18 07:56 - 00058131 _____ () C:\Users\Ian\Downloads\spandau_ballet-true.mid
2014-02-18 07:51 - 2014-02-18 07:51 - 00031248 _____ () C:\Users\Ian\Downloads\Whitesnake - Is This Love.mid
2014-02-18 05:35 - 2012-07-24 21:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 10:21 - 2014-02-16 10:21 - 06538836 _____ () C:\Users\Ian\Downloads\Damas Gratis Vs Audio Killers & Knife Party - Bomba Gratis - Derko & Verdun Remix.Mp3.zip
2014-02-15 15:37 - 2014-02-15 15:37 - 00017380 _____ () C:\Users\Ian\AppData\Local\soulseek-client.dat.1392507462943
2014-02-14 16:08 - 2014-02-14 16:08 - 00339968 _____ () C:\Users\Ian\Downloads\Beckers,_D-Nox_-_Confusion_(Original_Mix)_[audiodump_com] - Part_2.wav
2014-02-14 16:02 - 2014-02-14 16:02 - 00045916 _____ () C:\Users\Ian\Downloads\Beckers,_D-Nox_-_Confusion_(Original_Mix)_[audiodump_com] - Part_1.wav
2014-02-13 22:16 - 2014-02-13 22:16 - 00047732 _____ () C:\Users\Ian\Downloads\362818.rar
2014-02-13 20:42 - 2014-02-13 20:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-12 12:25 - 2014-02-12 12:25 - 00302132 _____ () C:\Users\Ian\Downloads\OFF TRANSLATION TEAM Y GRANDIET - Part_4.wav
2014-02-12 12:24 - 2014-02-12 12:24 - 00306372 _____ () C:\Users\Ian\Downloads\OFF TRANSLATION TEAM Y GRANDIET - Part_3.wav
2014-02-12 12:22 - 2014-02-12 12:22 - 00017344 _____ () C:\Users\Ian\AppData\Local\soulseek-client.dat.1392236571408
2014-02-12 12:18 - 2014-02-12 12:18 - 00826244 _____ () C:\Users\Ian\Downloads\OFF TRANSLATION TEAM Y GRANDIET - Part_2.wav
2014-02-12 12:17 - 2014-02-12 12:17 - 00267360 _____ () C:\Users\Ian\Downloads\OFF TRANSLATION TEAM Y GRANDIET - Part_1.wav
2014-02-12 09:30 - 2014-02-12 09:30 - 00046067 _____ () C:\Users\Ian\Downloads\174980.rar
2014-02-12 09:27 - 2012-06-01 23:21 - 00000000 ____D () C:\Users\Ian\.smplayer
2014-02-12 06:48 - 2014-02-12 06:48 - 00230074 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_5.wav
2014-02-12 06:46 - 2014-02-12 06:46 - 00495522 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_4.wav
2014-02-11 17:41 - 2014-02-11 17:41 - 00034788 _____ () C:\Users\Ian\Downloads\366821.rar
2014-02-11 14:17 - 2014-02-11 14:17 - 00344554 _____ () C:\Users\Ian\Downloads\OFF ZEBRA CORAZON - Part_2 - Part_1.wav
2014-02-11 14:11 - 2014-02-11 14:11 - 00404812 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIERNES VIOLETA - Part_7.wav
2014-02-11 14:09 - 2014-02-11 14:09 - 00275854 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_3.wav
2014-02-11 14:08 - 2014-02-11 14:08 - 00457382 _____ () C:\Users\Ian\Downloads\OFF ZEBRA CORAZON - Part_1 - Part_1.wav
2014-02-11 14:06 - 2014-02-11 14:06 - 00404812 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIERNES VIOLETA - Part_6.wav
2014-02-11 14:05 - 2014-02-11 14:05 - 00884786 _____ () C:\Users\Ian\Downloads\OFF ZEBRA CORAZON - Part_2.wav
2014-02-11 14:05 - 2014-02-11 14:05 - 00509090 _____ () C:\Users\Ian\Downloads\OFF ZEBRA CORAZON - Part_1.wav
2014-02-11 08:35 - 2014-02-11 08:35 - 00519270 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_2.wav
2014-02-11 08:28 - 2014-02-11 08:28 - 00302174 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_1.wav
2014-02-10 12:44 - 2014-02-10 12:44 - 00371698 _____ () C:\Users\Ian\Downloads\OFF ZEBRA MARLOS - Part_1.wav
2014-02-10 11:40 - 2012-06-01 18:40 - 00004026 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-10 11:40 - 2012-06-01 18:40 - 00003774 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-10 11:20 - 2014-02-10 11:20 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-10 11:20 - 2012-06-01 19:33 - 00000920 _____ () C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3453534919-3466754778-1962564136-1000UA.job
2014-02-10 11:20 - 2012-06-01 19:33 - 00000868 _____ () C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3453534919-3466754778-1962564136-1000Core.job
2014-02-09 22:48 - 2012-06-01 19:33 - 00003898 _____ () C:\Windows\System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-3453534919-3466754778-1962564136-1000UA
2014-02-09 22:48 - 2012-06-01 19:33 - 00003502 _____ () C:\Windows\System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-3453534919-3466754778-1962564136-1000Core
2014-02-09 22:46 - 2014-02-09 22:46 - 00005765 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-02-09 22:46 - 2014-02-09 22:46 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-09 22:46 - 2012-09-25 18:54 - 00000000 ____D () C:\Program Files (x86)\Java
2014-02-09 14:32 - 2014-02-09 14:32 - 00073602 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-look_around.mid
2014-02-09 14:32 - 2014-02-09 14:32 - 00037534 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-give_it_away.mid
2014-02-09 14:31 - 2014-02-09 14:31 - 00035296 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-cant_stop.mid
2014-02-09 14:30 - 2014-02-09 14:30 - 00050662 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-otherside.mid
2014-02-09 14:29 - 2014-02-09 14:29 - 00045391 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-aeroplane.mid
2014-02-09 14:29 - 2014-02-09 14:29 - 00017703 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-road_trippin.mid
2014-02-09 14:28 - 2014-02-09 14:28 - 00016592 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-higher_ground.mid
2014-02-09 14:27 - 2014-02-09 14:27 - 00053601 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-californication.mid
2014-02-09 14:21 - 2014-02-09 14:21 - 00019766 _____ () C:\Users\Ian\Downloads\Hail_To_The_King_-_Avenged_Sevenfold_-_Piano.mid
2014-02-09 14:17 - 2014-02-09 14:17 - 00088079 _____ () C:\Users\Ian\Downloads\avenged_sevenfold-afterlife.mid
2014-02-09 09:42 - 2014-02-09 09:42 - 00061135 _____ () C:\Users\Ian\Downloads\Fleetwood Mac - Everywhere 1.mid
2014-02-08 20:42 - 2013-12-29 12:51 - 00000000 ____D () C:\Users\Ian\Desktop\Día por día
2014-02-08 18:03 - 2014-02-08 18:03 - 00072639 _____ () C:\Users\Ian\Downloads\366111.rar
2014-02-07 13:06 - 2014-02-07 13:06 - 00131740 _____ () C:\Users\Ian\Downloads\Come_and_Hell_-_Supastar_(Victor_Ruiz_Remix)_[audiodump_com] - Part_1.wav
2014-02-07 12:58 - 2012-06-10 06:15 - 00000021 _____ () C:\Windows\SurCode.INI
2014-02-07 08:42 - 2012-06-03 13:01 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite
2014-02-06 15:07 - 2012-07-24 18:43 - 00000000 ____D () C:\Program Files (x86)\Native Instruments
2014-02-06 15:07 - 2012-06-02 13:49 - 00000000 ____D () C:\Program Files (x86)\VstPlugins
2014-02-06 13:58 - 2014-02-06 13:58 - 00000233 _____ () C:\Users\Ian\Desktop\01.mid
2014-02-06 13:43 - 2014-02-06 13:42 - 90464042 _____ () C:\Users\Ian\Downloads\funky 4 samplers.rar
2014-02-05 11:25 - 2014-02-05 11:25 - 00017358 _____ () C:\Users\Ian\AppData\Local\soulseek-client.dat.1391628345298
2014-02-05 10:32 - 2014-01-29 19:53 - 00000000 ____D () C:\Users\Ian\Downloads\CD YO
2014-02-04 16:07 - 2014-02-04 16:07 - 00002908 _____ () C:\Users\Ian\Downloads\Mord_Fustang_-_We_Are_Now_Connected__Frozen_Ray_20120105054228.mid
2014-02-04 16:00 - 2014-02-04 16:00 - 00000631 _____ () C:\Users\Ian\Downloads\Mord_Fustang_-_Milky_Way__robocat_20110922014639.mid
2014-02-04 15:46 - 2014-02-04 15:46 - 00558320 _____ () C:\Users\Ian\Downloads\Froxic_-_-_Quasar_(Original_Mix)_[audiodump_com].mp3.sfk
2014-02-04 04:59 - 2012-06-26 13:34 - 00001456 _____ () C:\Users\Ian\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-02-03 22:09 - 2014-02-03 22:09 - 00001054 _____ () C:\Users\Public\Desktop\Remote Mouse.lnk
2014-02-03 22:09 - 2014-02-03 22:09 - 00001054 _____ () C:\ProgramData\Desktop\Remote Mouse.lnk
2014-02-03 22:09 - 2014-02-03 22:09 - 00000000 ____D () C:\Program Files (x86)\Remote Mouse
2014-02-03 22:08 - 2014-02-03 22:08 - 00482333 _____ (Remote Mouse ) C:\Users\Ian\Downloads\RemoteMouse.exe
2014-02-03 19:52 - 2014-02-03 19:52 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf
2014-02-03 19:52 - 2014-02-03 19:52 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf
2014-02-03 19:47 - 2014-02-03 19:47 - 00027760 _____ (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys
2014-02-03 19:47 - 2014-02-03 19:47 - 00014448 _____ (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys
2014-02-03 19:47 - 2014-02-03 19:47 - 00000000 ____D () C:\ProgramData\Sony Mobile
2014-02-03 19:46 - 2014-02-03 19:46 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile
2014-02-03 19:40 - 2014-02-03 19:40 - 00000000 ____D () C:\Users\Ian\.android
2014-02-03 19:40 - 2012-06-01 17:00 - 00000000 ____D () C:\users\Ian
2014-02-03 19:39 - 2014-02-03 19:39 - 00000000 ____D () C:\Program Files (x86)\ClockworkMod
2014-02-03 19:39 - 2014-02-03 19:38 - 11060224 _____ () C:\Users\Ian\Downloads\CarbonSetup.msi
2014-02-03 19:12 - 2013-11-14 13:24 - 00002026 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
2014-02-03 19:12 - 2013-11-14 13:24 - 00002026 _____ () C:\ProgramData\Desktop\Sony PC Companion 2.1.lnk
2014-02-03 19:12 - 2012-06-01 17:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-02-03 14:48 - 2014-02-03 14:48 - 00164932 _____ () C:\Users\Ian\Downloads\fgdhfi909 - Part_1.wav
2014-02-03 14:47 - 2014-02-03 14:47 - 00278408 _____ () C:\Users\Ian\Downloads\fgdhfi909.wav
2014-02-03 14:46 - 2014-02-03 14:46 - 00298780 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_5.wav
2014-02-03 14:44 - 2014-02-03 14:44 - 00176172 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_4.wav
2014-02-03 14:42 - 2014-02-03 14:42 - 00170772 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_3.wav
2014-02-03 14:41 - 2014-02-03 14:41 - 00200116 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_2.wav
2014-02-03 14:41 - 2014-02-03 14:41 - 00120116 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_1.wav
2014-02-03 02:26 - 2012-06-12 05:03 - 00000432 _____ () C:\Windows\Tasks\At1.job
2014-02-01 14:31 - 2014-02-01 14:31 - 00043498 _____ () C:\Users\Ian\Downloads\james_brown-sex_machine.mid
2014-02-01 14:14 - 2014-02-01 14:14 - 00076137 _____ () C:\Users\Ian\Downloads\Stevie Wonder - Superstition.mid
2014-02-01 14:14 - 2014-02-01 14:14 - 00072821 _____ () C:\Users\Ian\Downloads\Stevie_Wonder_-_Superstition.mid
2014-02-01 14:10 - 2014-02-01 14:10 - 00072821 _____ () C:\Users\Ian\Downloads\stevie_wonder-superstition.mid
2014-02-01 14:02 - 2014-02-01 14:02 - 00053248 _____ () C:\Users\Ian\Downloads\Curtis Mayfield - SUPERFLY.mid
2014-02-01 13:07 - 2014-02-01 13:07 - 00000000 ____D () C:\Users\Ian\Superior Drummer
2014-02-01 12:55 - 2014-02-01 12:55 - 01536858 _____ () C:\Users\Ian\Downloads\spacesniffer_1_1_4_0.zip
2014-02-01 12:47 - 2014-02-01 12:47 - 00000000 ____D () C:\Users\Ian\Documents\Toontrack
 
Files to move or delete:
====================
C:\Windows\Tasks\At1.job
 
 
Some content of TEMP:
====================
C:\Users\Ian\AppData\Local\Temp\javasysmo2390211161915115658.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo2553462891198296815.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo2713995137915530137.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo3208668797512452993.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo5535621217281191994.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo6308476793707859565.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo6916697602651644984.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo7102880802229240220.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo7572713171699864898.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo8097214107177319727.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo8357967155125780854.dll
C:\Users\Ian\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ian\AppData\Local\Temp\Setup-yabrowser.exe
C:\Users\Ian\AppData\Local\Temp\yupdate-exec-yabrowser.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe
[2012-04-07 07:36] - [2011-02-25 22:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48
 
C:\Windows\SysWOW64\explorer.exe
[2012-04-07 07:36] - [2011-02-25 22:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48
 
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!
 
==================== EXE ASSOCIATION =====================
 
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
 
==================== Restore Points  =========================
 
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=D:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {64361e83-acd3-11e1-907c-e4026dbd1cbc}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
testsigning             Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {64361e83-acd3-11e1-907c-e4026dbd1cbc}
nx                      OptIn
numproc                 4
usefirmwarepcisettings  No
 
Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[C:]\Recovery\64361e85-acd3-11e1-907c-e4026dbd1cbc\Winre.wim,{64361e86-acd3-11e1-907c-e4026dbd1cbc}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[C:]\Recovery\64361e85-acd3-11e1-907c-e4026dbd1cbc\Winre.wim,{64361e86-acd3-11e1-907c-e4026dbd1cbc}
systemroot              \windows
nx                      OptIn
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {64361e83-acd3-11e1-907c-e4026dbd1cbc}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=D:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes
 
EMS Settings
------------
identifier              {emssettings}
bootems                 Yes
 
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
 
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
 
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
 
Device options
--------------
identifier              {64361e86-acd3-11e1-907c-e4026dbd1cbc}
description             Ramdisk Options
ramdisksdidevice        partition=C:
ramdisksdipath          \Recovery\64361e85-acd3-11e1-907c-e4026dbd1cbc\boot.sdi
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 16%
Total physical RAM: 4079.43 MB
Available physical RAM: 3418.44 MB
Total Pagefile: 4077.63 MB
Available Pagefile: 3407.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:99.9 GB) (Free:11.88 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:100 GB) (Free:8.47 GB) NTFS
Drive g: () (Fixed) (Total:731.51 GB) (Free:122.71 GB) NTFS
Drive h: (W8_X64_X86_AIO_EN-US) (CDROM) (Total:3.83 GB) (Free:0 GB) UDF
Drive i: (EOS_DIGITAL) (Removable) (Total:14.91 GB) (Free:14.8 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (TB) (Fixed) (Total:931.51 GB) (Free:23.55 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A1DA5E56)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F970AF9A)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 2 (Size: 15 GB) (Disk ID: EB27EB27)
 
Partition: GPT Partition Type.
 
 
LastRegBack: 2014-02-18 05:55
 
==================== End Of Log ============================
 
Link to post
Share on other sites

Hello and post-32477-1261866970.gif

 

P2P/Piracy Warning:

 

 

 

   

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

 

Next,

 

Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Next,

 

Reboot your system, see if it will now load normally. If successful continue:

 

Download Farbar Recovery Scan Tool and save it to your desktop.

 

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

 

  •  

     

  • Double-click to run it. When the tool opens click Yes to disclaimer.

     

     

  • Press Scan button.

     

     

  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

     

     

  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

     

     

 

 

Kevin...

fixlist.txt

Link to post
Share on other sites

All done and when I rebooted my system and the same thing happened

Here is the fixlog:
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-02-2014 01
Ran by SYSTEM at 2014-03-02 16:38:31 Run:2
Running from I:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
Start
LastRegBack: 2014-02-18 05:55
End
*****************
 
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
 
==== End of Fixlog ====
Link to post
Share on other sites

Delete the previous fixlist.txt  Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

 

Re-boot, any change?

fixlist.txt

Link to post
Share on other sites

No changes =(

Here is the new Fixlog:
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-02-2014 01
Ran by SYSTEM at 2014-03-02 19:02:23 Run:3
Running from I:\
Boot Mode: Recovery
==============================================
 
Content of fixlist:
*****************
Start
S0 a2c98e04fd2a64bf; C:\Windows\System32\Drivers\a2c98e04fd2a64bf.sys 
HKLM\...\Policies\Explorer\Run: [57117] - C:\PROGRA~3\LOCALS~1\Temp\msumai.cmd No File
C:\PROGRA~3\LOCALS~1\Temp\msumai.cmd
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\Windows\Tasks\At1.job
C:\Users\Ian\AppData\Local\Temp\javasysmo2390211161915115658.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo2553462891198296815.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo2713995137915530137.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo3208668797512452993.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo5535621217281191994.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo6308476793707859565.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo6916697602651644984.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo7102880802229240220.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo7572713171699864898.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo8097214107177319727.dll
C:\Users\Ian\AppData\Local\Temp\javasysmo8357967155125780854.dll
C:\Users\Ian\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Ian\AppData\Local\Temp\Setup-yabrowser.exe
C:\Users\Ian\AppData\Local\Temp\yupdate-exec-yabrowser.exe
LastRegBack: 2014-02-18 05:55
End
*****************
 
a2c98e04fd2a64bf => Service not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\policies\Explorer\Run\\57117 => Value deleted successfully.
"C:\PROGRA~3\LOCALS~1\Temp\msumai.cmd" => File/Directory not found.
dgderdrv => Service deleted successfully.
gdrv => Service deleted successfully.
NLNdisMP => Service deleted successfully.
NLNdisPT => Service deleted successfully.
VGPU => Service deleted successfully.
C:\Windows\Tasks\At1.job => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\javasysmo2390211161915115658.dll => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\javasysmo2553462891198296815.dll => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\javasysmo2713995137915530137.dll => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\javasysmo3208668797512452993.dll => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\javasysmo5535621217281191994.dll => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\javasysmo6308476793707859565.dll => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\javasysmo6916697602651644984.dll => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\javasysmo7102880802229240220.dll => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\javasysmo7572713171699864898.dll => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\javasysmo8097214107177319727.dll => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\javasysmo8357967155125780854.dll => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\Setup-yabrowser.exe => Moved successfully.
C:\Users\Ian\AppData\Local\Temp\yupdate-exec-yabrowser.exe => Moved successfully.
DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.
 
==== End of Fixlog ====
Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-02-2014 01

Ran by SYSTEM on MININT-5SL6324 on 02-03-2014 19:28:49

Running from I:\

Windows 7 Enterprise Service Pack 1 (X64) OS Language: English(US)

Internet Explorer Version 9

Boot Mode: Recovery

 

The current controlset is ControlSet001

ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.

 

 

The only official download link for FRST:

Download link for 32-Bit version:

Download link for 64-Bit Version:

Download link from any site other than Bleeping Computer is unpermitted or outdated.


 

==================== Registry (Whitelisted) ==================

 

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor)

HKLM-x32\...\Run: [Quick-Drop] - C:\Program Files (x86)\Corel\Corel DVD MovieFactory 7\Corel DVD MovieFactory 7\Quick-Drop.exe [389264 2008-06-02] (Corel Corporation)

HKLM-x32\...\Run: [sunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)

HKLM\...\Policies\Explorer\Run: [57117] - C:\PROGRA~3\LOCALS~1\Temp\msumai.cmd No File

HKU\Ian\...\Run: [AdobeBridge] - [X]

HKU\Ian\...\Run: [Octoshape Streaming Services] - C:\Users\Ian\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [107800 2011-03-24] (Octoshape ApS)

HKU\Ian\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\Daemon Tools\DTLite.exe [4910912 2011-08-01] (DT Soft Ltd)

HKU\Ian\...\Run: [Novation Automap Server] - C:\Program Files (x86)\Novation\Automap\AutomapServer.exe [3129344 2012-11-15] (Focusrite Audio Engineering Ltd.)

HKU\Ian\...\Run: [Native Instruments Audio 4 DJ Control Panel] - C:\Program Files\Native Instruments\Audio 4 DJ Driver\a4djcpl.exe [12867584 2011-04-11] (Native Instruments GmbH)

HKU\Ian\...\Run: [Remote Mouse] - C:\Program Files (x86)\Remote Mouse\RemoteMouse.exe [1198080 2014-01-24] (RemoteMouse.net)

HKU\Ian\...\Run: [EPSON T50 Series] - C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFFL.EXE [223232 2008-10-09] (SEIKO EPSON CORPORATION)

Startup: C:\Users\Ian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk ->  (No File)

 

==================== Services (Whitelisted) =================

 

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [38440 2013-09-19] (Just Develop It)

S2 FolderSize; C:\Program Files (x86)\FolderSize\FolderSizeSvc.exe [114688 2013-02-12] (Brio)

S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [234776 2012-09-05] (McAfee, Inc.)

S2 PanService; C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe [625304 2012-09-28] (Pandora.TV)

S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-02-24] ()

S2 rtpMIDIService; C:\Program Files (x86)\Tobias Erichsen\rtpMIDI\rtpMIDISvc.exe [1142272 2012-08-23] (Tobias Erichsen)

S2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Producer\ScsiAccess.exe [186760 2012-12-22] ()

 

==================== Drivers (Whitelisted) ====================

 

S3 a4djavs; C:\Windows\System32\Drivers\a4djavs.sys [358480 2011-04-11] (Native Instruments GmbH)

S3 a4djusb_svc; C:\Windows\System32\Drivers\a4djusb.sys [97360 2011-04-11] (Native Instruments GmbH)

S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [21104 2011-01-10] ()

S3 automap; C:\Windows\System32\DRIVERS\automap.sys [18776 2012-04-19] (Focusrite Audio Engineering Limited)

S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2012-06-03] (DT Soft Ltd)

S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-04-18] ()

S3 NvnUsbAudio; C:\Windows\System32\DRIVERS\nvnusbaudio.sys [53080 2011-10-05] (Novation DMS Ltd.)

S3 teVirtualMIDI64; C:\Windows\System32\DRIVERS\teVirtualMIDI64.sys [30208 2012-08-15] (Tobias Erichsen)

S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)

S3 dgderdrv; System32\drivers\dgderdrv.sys [X]

S3 gdrv; \??\C:\Windows\gdrv.sys [X]

S3 NLNdisMP; system32\DRIVERS\nlndis.sys [X]

S3 NLNdisPT; system32\DRIVERS\nlndis.sys [X]

S3 VGPU; System32\drivers\rdvgkmd.sys [X]

 

========================== Drivers MD5 =======================

 

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit

C:\Windows\System32\Drivers\a4djavs.sys 82984567C9B42F7E65B4ADB518282F21

C:\Windows\System32\Drivers\a4djusb.sys 1D35F5E283ED449326B48DBC08A1630B

C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit

C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit

C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit

C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825

C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit

C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\atikmdag.sys 1BF58E56CA271FEF678DC3A9996FAB0A

C:\Windows\System32\DRIVERS\atikmpag.sys 4DD3339D3818356145A4945C1B4CB4C5

C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit

C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49

C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit

C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048

C:\Windows\system32\drivers\appid.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AppleCharger.sys 6BE11AD81D4527D299F0CB5F3731AABC

C:\Windows\system32\drivers\arc.sys ==> MD5 is legit

C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit

C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit

C:\Windows\System32\drivers\AtihdW76.sys 37CB595C0AB20ECBFA5170D3185690DB

C:\Windows\System32\DRIVERS\automap.sys 62656382273E8E8BA91A5351EEB6645A

C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit

C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit

C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit

C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit

C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit

C:\Windows\System32\CLFS.sys ==> MD5 is legit

C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit

C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD

C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit

C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\csc.sys ==> MD5 is legit

C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit

C:\Windows\System32\drivers\discache.sys ==> MD5 is legit

C:\Windows\System32\drivers\disk.sys ==> MD5 is legit

C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415

C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit

C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS 1ED08A6264C5C92099D6D1DAE5E8F530

C:\Windows\System32\DRIVERS\dtsoftbus01.sys D3D64CF7B2BCEAA34A270F45A3FFFB36

C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\E1G6032E.sys ==> MD5 is legit

C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit

C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit

C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit

C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit

C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit

C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit

C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit

C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit

C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit

C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit

C:\Windows\SysWOW64\FsUsbExDisk.SYS DDEE99DC54EFA20BD5A442CD733C4462

C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B

C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit

C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F

C:\Windows\System32\DRIVERS\ggflt.sys 16C2A6BCDDA8952C2035DEC861492A19

C:\Windows\System32\DRIVERS\ggsemc.sys 6B503DF845EABF3457E49FBBDA26C10E

C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit

C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A

C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit

C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit

C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit

C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit

C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit

C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit

C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366

C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit

C:\Windows\System32\drivers\RTKVHD64.sys 03076F51AF9F78A272CCCDE03E9340CE

C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit

C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit

C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit

C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4

C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07

C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit

C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit

C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit

C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit

C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\HECIx64.sys 1C6E73FC46B509EFF9D0086AA37132DF

C:\Windows\System32\drivers\modem.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit

C:\Windows\system32\drivers\mouhid.sys ==> MD5 is legit

C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit

C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit

C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit

C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC

C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163

C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C

C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit

C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit

C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit

C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit

C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit

C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit

C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit

C:\Windows\System32\drivers\ndis.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit

C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit

C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit

C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit

C:\Windows\System32\Drivers\Ntfs.sys A2F74975097F52A00745F9637451FDD8

C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\nvnusbaudio.sys 7AEAB7A9C665E97F8CF2CC87D9CCEEBB

C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD

C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A

C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit

C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit

C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C

C:\Windows\System32\drivers\pci.sys ==> MD5 is legit

C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit

C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit

C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit

C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit

C:\Windows\system32\drivers\processr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit

C:\Windows\System32\Drivers\PxHlpa64.sys BC08F7F3C53CBEE68670ED1314E290FD

C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit

C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit

C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit

C:\Windows\System32\drivers\rdpvideominiport.sys ==> MD5 is legit

C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A

C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\revoflt.sys 9C3AC71A9934B884FAC567A8807E9C4D

C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit

C:\Windows\System32\Drivers\RtsUStor.sys 907C4464381B5EBDFDC60F6C7D0DEDFC

C:\Windows\System32\DRIVERS\Rt64win7.sys 712944C0A377E9B8743F95BD83E882D4

C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit

C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit

C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit

C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit

C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit

C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit

C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit

C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit

C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B

C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28

C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3

C:\Windows\System32\DRIVERS\ss_bus.sys D21FF3592DAEE244EE8376830A672B52

C:\Windows\System32\DRIVERS\ss_mdfl.sys 451DB3D10E6112E06B4506D4A7BECEC1

C:\Windows\System32\DRIVERS\ss_mdm.sys EF40C8A268A5263A0EF48FED8E57CBED

C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit

C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit

C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit

C:\Windows\system32\drivers\Synth3dVsc.sys C3A39C4079305480972D29C44B868C78

C:\Windows\System32\drivers\tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9

C:\Windows\System32\DRIVERS\tcpip.sys ACB82BDA8F46C84F465C1AFA517DC4B9

C:\Windows\System32\drivers\tcpipreg.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit

C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8

C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit

C:\Windows\system32\drivers\terminpt.sys 2B5BDFF688EC9871D7EC5837833374E9

C:\Windows\System32\DRIVERS\teVirtualMIDI64.sys B1074E2324C61D424EE478122B18ECB7

C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit

C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit

C:\Windows\system32\drivers\TsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8

C:\Windows\system32\drivers\tsusbhub.sys E1748D04AE40118B62BC18AC86032192

C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit

C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit

C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit

C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit

C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A

C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C

C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B

C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24

C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31

C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6

C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD

C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit

C:\Windows\System32\drivers\vga.sys ==> MD5 is legit

C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit

C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit

C:\Windows\system32\drivers\vmbus.sys ==> MD5 is legit

C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit

C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit

C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit

C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit

C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit

C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit

C:\Windows\system32\drivers\wd.sys ==> MD5 is legit

C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit

C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit

C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit

C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys 0C0195C48B6B8582FA6F6373032118DA

C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D

C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit

C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit

C:\Windows\System32\drivers\WudfPf.sys ==> MD5 is legit

C:\Windows\System32\DRIVERS\WUDFRd.sys ==> MD5 is legit

 

==================== NetSvcs (Whitelisted) ===================

 

 

==================== One Month Created Files and Folders ========

 

2014-03-02 16:38 - 2014-03-02 19:02 - 00000000 ____D () C:\Windows\System32\config\HiveBackup

2014-03-02 02:56 - 2014-03-01 06:11 - 32243712 _____ () C:\Windows\System32\config\System.bartbackup1

2014-03-02 02:56 - 2014-02-24 20:47 - 84410368 _____ () C:\Windows\System32\config\Software.bartbackup1

2014-03-02 02:56 - 2014-02-24 15:22 - 00524288 _____ () C:\Windows\System32\config\Default.bartbackup1

2014-03-02 02:56 - 2014-02-24 15:22 - 00262144 _____ () C:\Windows\System32\config\Security.bartbackup1

2014-03-02 02:56 - 2014-02-21 18:50 - 00262144 _____ () C:\Windows\System32\config\Sam.bartbackup1

2014-02-25 19:12 - 2014-03-02 19:28 - 00000000 ____D () C:\FRST

2014-02-21 15:56 - 2010-06-03 11:33 - 00021218 _____ () C:\Users\Ian\Downloads\Modelos de motores Coure-charade.odt

2014-02-21 15:56 - 2010-05-14 04:18 - 00017376 _____ () C:\Users\Ian\Downloads\Modelos.odt

2014-02-21 15:54 - 2014-02-21 15:54 - 00861795 _____ () C:\Users\Ian\Downloads\Manuales_Vs.zip

2014-02-21 07:47 - 2014-02-21 07:47 - 00068894 _____ () C:\Users\Ian\Downloads\369462.rar

2014-02-20 22:07 - 2014-02-20 22:07 - 00015449 _____ () C:\Users\Ian\Downloads\334874.rar

2014-02-20 07:50 - 2014-02-20 07:50 - 00078264 _____ () C:\Windows\System32\Drivers\a2c98e04fd2a64bf.sys

2014-02-19 20:47 - 2014-02-19 20:47 - 00046664 _____ () C:\Users\Ian\Downloads\349779.rar

2014-02-18 14:58 - 2014-02-18 14:58 - 00063304 _____ () C:\Users\Ian\Downloads\Daddy_Yankee_-_Limbo_[audiodump_com] - Part_1.wav

2014-02-18 14:49 - 2014-02-18 14:49 - 00194798 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIOLETA - TOPETE - Part_4.wav

2014-02-18 14:47 - 2014-02-18 14:47 - 00253882 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIOLETA - TOPETE - Part_3.wav

2014-02-18 14:47 - 2014-02-18 14:47 - 00218210 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIOLETA - TOPETE - Part_2.wav

2014-02-18 14:46 - 2014-02-18 14:46 - 00247950 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIOLETA - TOPETE - Part_1.wav

2014-02-18 07:56 - 2014-02-18 07:56 - 00058131 _____ () C:\Users\Ian\Downloads\spandau_ballet-true.mid

2014-02-18 07:51 - 2014-02-18 07:51 - 00031248 _____ () C:\Users\Ian\Downloads\Whitesnake - Is This Love.mid

2014-02-16 10:21 - 2014-02-16 10:21 - 06538836 _____ () C:\Users\Ian\Downloads\Damas Gratis Vs Audio Killers & Knife Party - Bomba Gratis - Derko & Verdun Remix.Mp3.zip

2014-02-15 15:37 - 2014-02-15 15:37 - 00017380 _____ () C:\Users\Ian\AppData\Local\soulseek-client.dat.1392507462943

2014-02-14 16:08 - 2014-02-14 16:08 - 00339968 _____ () C:\Users\Ian\Downloads\Beckers,_D-Nox_-_Confusion_(Original_Mix)_[audiodump_com] - Part_2.wav

2014-02-14 16:02 - 2014-02-14 16:02 - 00045916 _____ () C:\Users\Ian\Downloads\Beckers,_D-Nox_-_Confusion_(Original_Mix)_[audiodump_com] - Part_1.wav

2014-02-13 22:16 - 2014-02-13 22:16 - 00047732 _____ () C:\Users\Ian\Downloads\362818.rar

2014-02-13 20:42 - 2014-02-13 20:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-02-12 12:25 - 2014-02-12 12:25 - 00302132 _____ () C:\Users\Ian\Downloads\OFF TRANSLATION TEAM Y GRANDIET - Part_4.wav

2014-02-12 12:24 - 2014-02-12 12:24 - 00306372 _____ () C:\Users\Ian\Downloads\OFF TRANSLATION TEAM Y GRANDIET - Part_3.wav

2014-02-12 12:22 - 2014-02-12 12:22 - 00017344 _____ () C:\Users\Ian\AppData\Local\soulseek-client.dat.1392236571408

2014-02-12 12:18 - 2014-02-12 12:18 - 00826244 _____ () C:\Users\Ian\Downloads\OFF TRANSLATION TEAM Y GRANDIET - Part_2.wav

2014-02-12 12:17 - 2014-02-12 12:17 - 00267360 _____ () C:\Users\Ian\Downloads\OFF TRANSLATION TEAM Y GRANDIET - Part_1.wav

2014-02-12 09:30 - 2014-02-12 09:30 - 00046067 _____ () C:\Users\Ian\Downloads\174980.rar

2014-02-12 06:48 - 2014-02-12 06:48 - 00230074 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_5.wav

2014-02-12 06:46 - 2014-02-12 06:46 - 00495522 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_4.wav

2014-02-11 17:41 - 2014-02-11 17:41 - 00034788 _____ () C:\Users\Ian\Downloads\366821.rar

2014-02-11 14:17 - 2014-02-11 14:17 - 00344554 _____ () C:\Users\Ian\Downloads\OFF ZEBRA CORAZON - Part_2 - Part_1.wav

2014-02-11 14:11 - 2014-02-11 14:11 - 00404812 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIERNES VIOLETA - Part_7.wav

2014-02-11 14:09 - 2014-02-11 14:09 - 00275854 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_3.wav

2014-02-11 14:08 - 2014-02-11 14:08 - 00457382 _____ () C:\Users\Ian\Downloads\OFF ZEBRA CORAZON - Part_1 - Part_1.wav

2014-02-11 14:06 - 2014-02-11 14:06 - 00404812 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIERNES VIOLETA - Part_6.wav

2014-02-11 14:05 - 2014-02-11 14:05 - 00884786 _____ () C:\Users\Ian\Downloads\OFF ZEBRA CORAZON - Part_2.wav

2014-02-11 14:05 - 2014-02-11 14:05 - 00509090 _____ () C:\Users\Ian\Downloads\OFF ZEBRA CORAZON - Part_1.wav

2014-02-11 08:35 - 2014-02-11 08:35 - 00519270 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_2.wav

2014-02-11 08:28 - 2014-02-11 08:28 - 00302174 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_1.wav

2014-02-11 07:21 - 2014-03-02 14:03 - 00005630 _____ () C:\Windows\PFRO.log

2014-02-10 12:44 - 2014-02-10 12:44 - 00371698 _____ () C:\Users\Ian\Downloads\OFF ZEBRA MARLOS - Part_1.wav

2014-02-10 11:20 - 2014-02-20 19:59 - 00001680 _____ () C:\Windows\setupact.log

2014-02-10 11:20 - 2014-02-10 11:20 - 00000000 _____ () C:\Windows\setuperr.log

2014-02-09 22:46 - 2014-02-09 22:46 - 00005765 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log

2014-02-09 22:46 - 2014-02-09 22:46 - 00000000 ____D () C:\ProgramData\Oracle

2014-02-09 22:46 - 2013-12-18 16:09 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-02-09 22:46 - 2013-12-18 16:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe

2014-02-09 22:46 - 2013-12-18 16:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe

2014-02-09 22:46 - 2013-12-18 16:03 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe

2014-02-09 14:32 - 2014-02-09 14:32 - 00073602 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-look_around.mid

2014-02-09 14:32 - 2014-02-09 14:32 - 00037534 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-give_it_away.mid

2014-02-09 14:31 - 2014-02-09 14:31 - 00035296 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-cant_stop.mid

2014-02-09 14:30 - 2014-02-09 14:30 - 00050662 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-otherside.mid

2014-02-09 14:29 - 2014-02-09 14:29 - 00045391 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-aeroplane.mid

2014-02-09 14:29 - 2014-02-09 14:29 - 00017703 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-road_trippin.mid

2014-02-09 14:28 - 2014-02-09 14:28 - 00016592 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-higher_ground.mid

2014-02-09 14:27 - 2014-02-09 14:27 - 00053601 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-californication.mid

2014-02-09 14:21 - 2014-02-09 14:21 - 00019766 _____ () C:\Users\Ian\Downloads\Hail_To_The_King_-_Avenged_Sevenfold_-_Piano.mid

2014-02-09 14:17 - 2014-02-09 14:17 - 00088079 _____ () C:\Users\Ian\Downloads\avenged_sevenfold-afterlife.mid

2014-02-09 09:42 - 2014-02-09 09:42 - 00061135 _____ () C:\Users\Ian\Downloads\Fleetwood Mac - Everywhere 1.mid

2014-02-08 18:03 - 2014-02-08 18:03 - 00072639 _____ () C:\Users\Ian\Downloads\366111.rar

2014-02-07 13:06 - 2014-02-07 13:06 - 00131740 _____ () C:\Users\Ian\Downloads\Come_and_Hell_-_Supastar_(Victor_Ruiz_Remix)_[audiodump_com] - Part_1.wav

2014-02-06 13:58 - 2014-02-06 13:58 - 00000233 _____ () C:\Users\Ian\Desktop\01.mid

2014-02-06 13:42 - 2014-02-06 13:43 - 90464042 _____ () C:\Users\Ian\Downloads\funky 4 samplers.rar

2014-02-05 11:25 - 2014-02-05 11:25 - 00017358 _____ () C:\Users\Ian\AppData\Local\soulseek-client.dat.1391628345298

2014-02-04 16:07 - 2014-02-04 16:07 - 00002908 _____ () C:\Users\Ian\Downloads\Mord_Fustang_-_We_Are_Now_Connected__Frozen_Ray_20120105054228.mid

2014-02-04 16:00 - 2014-02-04 16:00 - 00000631 _____ () C:\Users\Ian\Downloads\Mord_Fustang_-_Milky_Way__robocat_20110922014639.mid

2014-02-04 15:46 - 2014-02-04 15:46 - 00558320 _____ () C:\Users\Ian\Downloads\Froxic_-_-_Quasar_(Original_Mix)_[audiodump_com].mp3.sfk

2014-02-03 22:09 - 2014-02-03 22:09 - 00001054 _____ () C:\Users\Public\Desktop\Remote Mouse.lnk

2014-02-03 22:09 - 2014-02-03 22:09 - 00001054 _____ () C:\ProgramData\Desktop\Remote Mouse.lnk

2014-02-03 22:09 - 2014-02-03 22:09 - 00000000 ____D () C:\Program Files (x86)\Remote Mouse

2014-02-03 22:08 - 2014-02-03 22:08 - 00482333 _____ (Remote Mouse ) C:\Users\Ian\Downloads\RemoteMouse.exe

2014-02-03 19:52 - 2014-02-03 19:52 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf

2014-02-03 19:52 - 2014-02-03 19:52 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf

2014-02-03 19:47 - 2014-02-03 19:47 - 00027760 _____ (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys

2014-02-03 19:47 - 2014-02-03 19:47 - 00014448 _____ (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys

2014-02-03 19:47 - 2014-02-03 19:47 - 00000000 ____D () C:\ProgramData\Sony Mobile

2014-02-03 19:46 - 2014-02-03 19:46 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile

2014-02-03 19:40 - 2014-02-03 19:40 - 00000000 ____D () C:\Users\Ian\.android

2014-02-03 19:39 - 2014-02-03 19:39 - 00000000 ____D () C:\Program Files (x86)\ClockworkMod

2014-02-03 19:38 - 2014-02-03 19:39 - 11060224 _____ () C:\Users\Ian\Downloads\CarbonSetup.msi

2014-02-03 14:48 - 2014-02-03 14:48 - 00164932 _____ () C:\Users\Ian\Downloads\fgdhfi909 - Part_1.wav

2014-02-03 14:47 - 2014-02-03 14:47 - 00278408 _____ () C:\Users\Ian\Downloads\fgdhfi909.wav

2014-02-03 14:46 - 2014-02-03 14:46 - 00298780 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_5.wav

2014-02-03 14:44 - 2014-02-03 14:44 - 00176172 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_4.wav

2014-02-03 14:42 - 2014-02-03 14:42 - 00170772 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_3.wav

2014-02-03 14:41 - 2014-02-03 14:41 - 00200116 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_2.wav

2014-02-03 14:41 - 2014-02-03 14:41 - 00120116 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_1.wav

2014-02-01 14:31 - 2014-02-01 14:31 - 00043498 _____ () C:\Users\Ian\Downloads\james_brown-sex_machine.mid

2014-02-01 14:14 - 2014-02-01 14:14 - 00076137 _____ () C:\Users\Ian\Downloads\Stevie Wonder - Superstition.mid

2014-02-01 14:14 - 2014-02-01 14:14 - 00072821 _____ () C:\Users\Ian\Downloads\Stevie_Wonder_-_Superstition.mid

2014-02-01 14:10 - 2014-02-01 14:10 - 00072821 _____ () C:\Users\Ian\Downloads\stevie_wonder-superstition.mid

2014-02-01 14:02 - 2014-02-01 14:02 - 00053248 _____ () C:\Users\Ian\Downloads\Curtis Mayfield - SUPERFLY.mid

2014-02-01 13:07 - 2014-02-01 13:07 - 00000000 ____D () C:\Users\Ian\Superior Drummer

2014-02-01 12:56 - 2012-02-06 08:55 - 00974848 _____ (Uderzo Software e Consulenza Informatica) C:\Users\Ian\Desktop\SpaceSniffer.exe

2014-02-01 12:55 - 2014-02-01 12:55 - 01536858 _____ () C:\Users\Ian\Downloads\spacesniffer_1_1_4_0.zip

2014-02-01 12:47 - 2014-02-01 12:47 - 00000000 ____D () C:\Users\Ian\Documents\Toontrack

 

==================== One Month Modified Files and Folders =======

 

2014-03-02 19:28 - 2014-02-25 19:12 - 00000000 ____D () C:\FRST

2014-03-02 19:02 - 2014-03-02 16:38 - 00000000 ____D () C:\Windows\System32\config\HiveBackup

2014-03-02 14:03 - 2014-02-11 07:21 - 00005630 _____ () C:\Windows\PFRO.log

2014-03-02 02:56 - 2012-06-01 17:00 - 00000000 ____D () C:\users\Ian

2014-03-01 06:11 - 2014-03-02 02:56 - 32243712 _____ () C:\Windows\System32\config\System.bartbackup1

2014-02-24 20:47 - 2014-03-02 02:56 - 84410368 _____ () C:\Windows\System32\config\Software.bartbackup1

2014-02-24 15:22 - 2014-03-02 02:56 - 00524288 _____ () C:\Windows\System32\config\Default.bartbackup1

2014-02-24 15:22 - 2014-03-02 02:56 - 00262144 _____ () C:\Windows\System32\config\Security.bartbackup1

2014-02-23 10:32 - 2009-07-13 20:45 - 00003072 _____ () C:\Windows\System32\umstartup.etl

2014-02-21 18:50 - 2014-03-02 02:56 - 00262144 _____ () C:\Windows\System32\config\Sam.bartbackup1

2014-02-21 18:45 - 2012-10-15 15:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-02-21 18:45 - 2012-06-01 18:40 - 00001030 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-02-21 16:24 - 2012-08-29 10:19 - 00000920 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3453534919-3466754778-1962564136-1000UA.job

2014-02-21 15:54 - 2014-02-21 15:54 - 00861795 _____ () C:\Users\Ian\Downloads\Manuales_Vs.zip

2014-02-21 11:45 - 2012-06-01 18:40 - 00001026 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2014-02-21 10:24 - 2012-08-29 10:19 - 00000898 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3453534919-3466754778-1962564136-1000Core.job

2014-02-21 07:48 - 2013-03-21 03:58 - 00000000 ____D () C:\Program Files (x86)\The KMPlayer

2014-02-21 07:47 - 2014-02-21 07:47 - 00068894 _____ () C:\Users\Ian\Downloads\369462.rar

2014-02-21 05:13 - 2012-06-01 20:25 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\uTorrent

2014-02-20 22:07 - 2014-02-20 22:07 - 00015449 _____ () C:\Users\Ian\Downloads\334874.rar

2014-02-20 20:45 - 2012-10-15 15:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-02-20 20:45 - 2012-06-01 18:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-02-20 20:45 - 2012-06-01 18:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-02-20 19:59 - 2014-02-10 11:20 - 00001680 _____ () C:\Windows\setupact.log

2014-02-20 19:58 - 2013-06-08 09:12 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job

2014-02-20 19:58 - 2013-05-31 08:42 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job

2014-02-20 19:58 - 2012-12-20 12:33 - 00000000 ___RD () C:\Users\Ian\Dropbox

2014-02-20 19:58 - 2012-12-20 12:30 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\Dropbox

2014-02-20 19:58 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-02-20 18:18 - 2013-09-23 11:57 - 00000000 ____D () C:\Users\Ian\AppData\Local\CrashDumps

2014-02-20 18:15 - 2013-03-19 06:03 - 00000000 ____D () C:\Users\Ian\AppData\Roaming\piServer

2014-02-20 07:50 - 2014-02-20 07:50 - 00078264 _____ () C:\Windows\System32\Drivers\a2c98e04fd2a64bf.sys

2014-02-20 07:49 - 2012-06-01 17:02 - 01994932 _____ () C:\Windows\WindowsUpdate.log

2014-02-19 20:47 - 2014-02-19 20:47 - 00046664 _____ () C:\Users\Ian\Downloads\349779.rar

2014-02-18 14:58 - 2014-02-18 14:58 - 00063304 _____ () C:\Users\Ian\Downloads\Daddy_Yankee_-_Limbo_[audiodump_com] - Part_1.wav

2014-02-18 14:49 - 2014-02-18 14:49 - 00194798 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIOLETA - TOPETE - Part_4.wav

2014-02-18 14:47 - 2014-02-18 14:47 - 00253882 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIOLETA - TOPETE - Part_3.wav

2014-02-18 14:47 - 2014-02-18 14:47 - 00218210 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIOLETA - TOPETE - Part_2.wav

2014-02-18 14:46 - 2014-02-18 14:46 - 00247950 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIOLETA - TOPETE - Part_1.wav

2014-02-18 07:56 - 2014-02-18 07:56 - 00058131 _____ () C:\Users\Ian\Downloads\spandau_ballet-true.mid

2014-02-18 07:51 - 2014-02-18 07:51 - 00031248 _____ () C:\Users\Ian\Downloads\Whitesnake - Is This Love.mid

2014-02-18 05:35 - 2012-07-24 21:04 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-02-16 10:21 - 2014-02-16 10:21 - 06538836 _____ () C:\Users\Ian\Downloads\Damas Gratis Vs Audio Killers & Knife Party - Bomba Gratis - Derko & Verdun Remix.Mp3.zip

2014-02-15 15:37 - 2014-02-15 15:37 - 00017380 _____ () C:\Users\Ian\AppData\Local\soulseek-client.dat.1392507462943

2014-02-14 16:08 - 2014-02-14 16:08 - 00339968 _____ () C:\Users\Ian\Downloads\Beckers,_D-Nox_-_Confusion_(Original_Mix)_[audiodump_com] - Part_2.wav

2014-02-14 16:02 - 2014-02-14 16:02 - 00045916 _____ () C:\Users\Ian\Downloads\Beckers,_D-Nox_-_Confusion_(Original_Mix)_[audiodump_com] - Part_1.wav

2014-02-13 22:16 - 2014-02-13 22:16 - 00047732 _____ () C:\Users\Ian\Downloads\362818.rar

2014-02-13 20:42 - 2014-02-13 20:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-02-12 12:25 - 2014-02-12 12:25 - 00302132 _____ () C:\Users\Ian\Downloads\OFF TRANSLATION TEAM Y GRANDIET - Part_4.wav

2014-02-12 12:24 - 2014-02-12 12:24 - 00306372 _____ () C:\Users\Ian\Downloads\OFF TRANSLATION TEAM Y GRANDIET - Part_3.wav

2014-02-12 12:22 - 2014-02-12 12:22 - 00017344 _____ () C:\Users\Ian\AppData\Local\soulseek-client.dat.1392236571408

2014-02-12 12:18 - 2014-02-12 12:18 - 00826244 _____ () C:\Users\Ian\Downloads\OFF TRANSLATION TEAM Y GRANDIET - Part_2.wav

2014-02-12 12:17 - 2014-02-12 12:17 - 00267360 _____ () C:\Users\Ian\Downloads\OFF TRANSLATION TEAM Y GRANDIET - Part_1.wav

2014-02-12 09:30 - 2014-02-12 09:30 - 00046067 _____ () C:\Users\Ian\Downloads\174980.rar

2014-02-12 09:27 - 2012-06-01 23:21 - 00000000 ____D () C:\Users\Ian\.smplayer

2014-02-12 06:48 - 2014-02-12 06:48 - 00230074 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_5.wav

2014-02-12 06:46 - 2014-02-12 06:46 - 00495522 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_4.wav

2014-02-11 17:41 - 2014-02-11 17:41 - 00034788 _____ () C:\Users\Ian\Downloads\366821.rar

2014-02-11 14:17 - 2014-02-11 14:17 - 00344554 _____ () C:\Users\Ian\Downloads\OFF ZEBRA CORAZON - Part_2 - Part_1.wav

2014-02-11 14:11 - 2014-02-11 14:11 - 00404812 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIERNES VIOLETA - Part_7.wav

2014-02-11 14:09 - 2014-02-11 14:09 - 00275854 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_3.wav

2014-02-11 14:08 - 2014-02-11 14:08 - 00457382 _____ () C:\Users\Ian\Downloads\OFF ZEBRA CORAZON - Part_1 - Part_1.wav

2014-02-11 14:06 - 2014-02-11 14:06 - 00404812 _____ () C:\Users\Ian\Downloads\OFF ZEBRA - VIERNES VIOLETA - Part_6.wav

2014-02-11 14:05 - 2014-02-11 14:05 - 00884786 _____ () C:\Users\Ian\Downloads\OFF ZEBRA CORAZON - Part_2.wav

2014-02-11 14:05 - 2014-02-11 14:05 - 00509090 _____ () C:\Users\Ian\Downloads\OFF ZEBRA CORAZON - Part_1.wav

2014-02-11 08:35 - 2014-02-11 08:35 - 00519270 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_2.wav

2014-02-11 08:28 - 2014-02-11 08:28 - 00302174 _____ () C:\Users\Ian\Downloads\OFF ZEBRA ENAMORADOS - Part_1.wav

2014-02-10 12:44 - 2014-02-10 12:44 - 00371698 _____ () C:\Users\Ian\Downloads\OFF ZEBRA MARLOS - Part_1.wav

2014-02-10 11:40 - 2012-06-01 18:40 - 00004026 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA

2014-02-10 11:40 - 2012-06-01 18:40 - 00003774 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

2014-02-10 11:20 - 2014-02-10 11:20 - 00000000 _____ () C:\Windows\setuperr.log

2014-02-10 11:20 - 2012-06-01 19:33 - 00000920 _____ () C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3453534919-3466754778-1962564136-1000UA.job

2014-02-10 11:20 - 2012-06-01 19:33 - 00000868 _____ () C:\Windows\Tasks\RockMeltUpdateTaskUserS-1-5-21-3453534919-3466754778-1962564136-1000Core.job

2014-02-09 22:48 - 2012-06-01 19:33 - 00003898 _____ () C:\Windows\System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-3453534919-3466754778-1962564136-1000UA

2014-02-09 22:48 - 2012-06-01 19:33 - 00003502 _____ () C:\Windows\System32\Tasks\RockMeltUpdateTaskUserS-1-5-21-3453534919-3466754778-1962564136-1000Core

2014-02-09 22:46 - 2014-02-09 22:46 - 00005765 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_51-b13.log

2014-02-09 22:46 - 2014-02-09 22:46 - 00000000 ____D () C:\ProgramData\Oracle

2014-02-09 22:46 - 2012-09-25 18:54 - 00000000 ____D () C:\Program Files (x86)\Java

2014-02-09 14:32 - 2014-02-09 14:32 - 00073602 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-look_around.mid

2014-02-09 14:32 - 2014-02-09 14:32 - 00037534 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-give_it_away.mid

2014-02-09 14:31 - 2014-02-09 14:31 - 00035296 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-cant_stop.mid

2014-02-09 14:30 - 2014-02-09 14:30 - 00050662 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-otherside.mid

2014-02-09 14:29 - 2014-02-09 14:29 - 00045391 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-aeroplane.mid

2014-02-09 14:29 - 2014-02-09 14:29 - 00017703 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-road_trippin.mid

2014-02-09 14:28 - 2014-02-09 14:28 - 00016592 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-higher_ground.mid

2014-02-09 14:27 - 2014-02-09 14:27 - 00053601 _____ () C:\Users\Ian\Downloads\red_hot_chili_peppers-californication.mid

2014-02-09 14:21 - 2014-02-09 14:21 - 00019766 _____ () C:\Users\Ian\Downloads\Hail_To_The_King_-_Avenged_Sevenfold_-_Piano.mid

2014-02-09 14:17 - 2014-02-09 14:17 - 00088079 _____ () C:\Users\Ian\Downloads\avenged_sevenfold-afterlife.mid

2014-02-09 09:42 - 2014-02-09 09:42 - 00061135 _____ () C:\Users\Ian\Downloads\Fleetwood Mac - Everywhere 1.mid

2014-02-08 20:42 - 2013-12-29 12:51 - 00000000 ____D () C:\Users\Ian\Desktop\Día por día

2014-02-08 18:03 - 2014-02-08 18:03 - 00072639 _____ () C:\Users\Ian\Downloads\366111.rar

2014-02-07 13:06 - 2014-02-07 13:06 - 00131740 _____ () C:\Users\Ian\Downloads\Come_and_Hell_-_Supastar_(Victor_Ruiz_Remix)_[audiodump_com] - Part_1.wav

2014-02-07 12:58 - 2012-06-10 06:15 - 00000021 _____ () C:\Windows\SurCode.INI

2014-02-07 08:42 - 2012-06-03 13:01 - 00000000 ____D () C:\ProgramData\DAEMON Tools Lite

2014-02-06 15:07 - 2012-07-24 18:43 - 00000000 ____D () C:\Program Files (x86)\Native Instruments

2014-02-06 15:07 - 2012-06-02 13:49 - 00000000 ____D () C:\Program Files (x86)\VstPlugins

2014-02-06 13:58 - 2014-02-06 13:58 - 00000233 _____ () C:\Users\Ian\Desktop\01.mid

2014-02-06 13:43 - 2014-02-06 13:42 - 90464042 _____ () C:\Users\Ian\Downloads\funky 4 samplers.rar

2014-02-05 11:25 - 2014-02-05 11:25 - 00017358 _____ () C:\Users\Ian\AppData\Local\soulseek-client.dat.1391628345298

2014-02-05 10:32 - 2014-01-29 19:53 - 00000000 ____D () C:\Users\Ian\Downloads\CD YO

2014-02-04 16:07 - 2014-02-04 16:07 - 00002908 _____ () C:\Users\Ian\Downloads\Mord_Fustang_-_We_Are_Now_Connected__Frozen_Ray_20120105054228.mid

2014-02-04 16:00 - 2014-02-04 16:00 - 00000631 _____ () C:\Users\Ian\Downloads\Mord_Fustang_-_Milky_Way__robocat_20110922014639.mid

2014-02-04 15:46 - 2014-02-04 15:46 - 00558320 _____ () C:\Users\Ian\Downloads\Froxic_-_-_Quasar_(Original_Mix)_[audiodump_com].mp3.sfk

2014-02-04 04:59 - 2012-06-26 13:34 - 00001456 _____ () C:\Users\Ian\AppData\Local\Adobe Save for Web 13.0 Prefs

2014-02-03 22:09 - 2014-02-03 22:09 - 00001054 _____ () C:\Users\Public\Desktop\Remote Mouse.lnk

2014-02-03 22:09 - 2014-02-03 22:09 - 00001054 _____ () C:\ProgramData\Desktop\Remote Mouse.lnk

2014-02-03 22:09 - 2014-02-03 22:09 - 00000000 ____D () C:\Program Files (x86)\Remote Mouse

2014-02-03 22:08 - 2014-02-03 22:08 - 00482333 _____ (Remote Mouse ) C:\Users\Ian\Downloads\RemoteMouse.exe

2014-02-03 19:52 - 2014-02-03 19:52 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_ggsemc_01009.Wdf

2014-02-03 19:52 - 2014-02-03 19:52 - 00000000 ____H () C:\Windows\System32\Drivers\Msft_Kernel_ggflt_01009.Wdf

2014-02-03 19:47 - 2014-02-03 19:47 - 00027760 _____ (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggsemc.sys

2014-02-03 19:47 - 2014-02-03 19:47 - 00014448 _____ (Sony Ericsson Mobile Communications) C:\Windows\System32\Drivers\ggflt.sys

2014-02-03 19:47 - 2014-02-03 19:47 - 00000000 ____D () C:\ProgramData\Sony Mobile

2014-02-03 19:46 - 2014-02-03 19:46 - 00000000 ____D () C:\Program Files (x86)\Sony Mobile

2014-02-03 19:40 - 2014-02-03 19:40 - 00000000 ____D () C:\Users\Ian\.android

2014-02-03 19:39 - 2014-02-03 19:39 - 00000000 ____D () C:\Program Files (x86)\ClockworkMod

2014-02-03 19:39 - 2014-02-03 19:38 - 11060224 _____ () C:\Users\Ian\Downloads\CarbonSetup.msi

2014-02-03 19:12 - 2013-11-14 13:24 - 00002026 _____ () C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk

2014-02-03 19:12 - 2013-11-14 13:24 - 00002026 _____ () C:\ProgramData\Desktop\Sony PC Companion 2.1.lnk

2014-02-03 19:12 - 2012-06-01 17:05 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information

2014-02-03 14:48 - 2014-02-03 14:48 - 00164932 _____ () C:\Users\Ian\Downloads\fgdhfi909 - Part_1.wav

2014-02-03 14:47 - 2014-02-03 14:47 - 00278408 _____ () C:\Users\Ian\Downloads\fgdhfi909.wav

2014-02-03 14:46 - 2014-02-03 14:46 - 00298780 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_5.wav

2014-02-03 14:44 - 2014-02-03 14:44 - 00176172 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_4.wav

2014-02-03 14:42 - 2014-02-03 14:42 - 00170772 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_3.wav

2014-02-03 14:41 - 2014-02-03 14:41 - 00200116 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_2.wav

2014-02-03 14:41 - 2014-02-03 14:41 - 00120116 _____ () C:\Users\Ian\Downloads\OFF ZEBRA JUEVES 6 Y VIERNES 7 - Part_1.wav

2014-02-01 14:31 - 2014-02-01 14:31 - 00043498 _____ () C:\Users\Ian\Downloads\james_brown-sex_machine.mid

2014-02-01 14:14 - 2014-02-01 14:14 - 00076137 _____ () C:\Users\Ian\Downloads\Stevie Wonder - Superstition.mid

2014-02-01 14:14 - 2014-02-01 14:14 - 00072821 _____ () C:\Users\Ian\Downloads\Stevie_Wonder_-_Superstition.mid

2014-02-01 14:10 - 2014-02-01 14:10 - 00072821 _____ () C:\Users\Ian\Downloads\stevie_wonder-superstition.mid

2014-02-01 14:02 - 2014-02-01 14:02 - 00053248 _____ () C:\Users\Ian\Downloads\Curtis Mayfield - SUPERFLY.mid

2014-02-01 13:07 - 2014-02-01 13:07 - 00000000 ____D () C:\Users\Ian\Superior Drummer

2014-02-01 12:55 - 2014-02-01 12:55 - 01536858 _____ () C:\Users\Ian\Downloads\spacesniffer_1_1_4_0.zip

2014-02-01 12:47 - 2014-02-01 12:47 - 00000000 ____D () C:\Users\Ian\Documents\Toontrack

 

==================== Known DLLs (Whitelisted) ================

 

 

==================== Bamital & volsnap Check =================

 

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\SysWOW64\wininit.exe => MD5 is legit

C:\Windows\explorer.exe

[2012-04-07 07:36] - [2011-02-25 22:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48

 

C:\Windows\SysWOW64\explorer.exe

[2012-04-07 07:36] - [2011-02-25 22:14] - 2871808 ____A (Microsoft Corporation) 3B69712041F3D63605529BD66DC00C48

 

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\SysWOW64\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\SysWOW64\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\SysWOW64\userinit.exe => MD5 is legit

C:\Windows\System32\rpcss.dll => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

 

 

testsigning: ==> Check for possible unsigned rootkit driver <===== ATTENTION!

 

==================== EXE ASSOCIATION =====================

 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK

 

==================== Restore Points  =========================

 

 

==================== BCD ================================

 

Windows Boot Manager

--------------------

identifier              {bootmgr}

device                  partition=D:

description             Windows Boot Manager

locale                  en-US

inherit                 {globalsettings}

default                 {default}

resumeobject            {64361e83-acd3-11e1-907c-e4026dbd1cbc}

displayorder            {default}

toolsdisplayorder       {memdiag}

timeout                 30

 

Windows Boot Loader

-------------------

identifier              {default}

device                  partition=C:

path                    \Windows\system32\winload.exe

description             Windows 7

locale                  en-US

inherit                 {bootloadersettings}

recoverysequence        {current}

recoveryenabled         Yes

testsigning             Yes

osdevice                partition=C:

systemroot              \Windows

resumeobject            {64361e83-acd3-11e1-907c-e4026dbd1cbc}

nx                      OptIn

numproc                 4

usefirmwarepcisettings  No

 

Windows Boot Loader

-------------------

identifier              {current}

device                  ramdisk=[C:]\Recovery\64361e85-acd3-11e1-907c-e4026dbd1cbc\Winre.wim,{64361e86-acd3-11e1-907c-e4026dbd1cbc}

path                    \windows\system32\winload.exe

description             Windows Recovery Environment

inherit                 {bootloadersettings}

osdevice                ramdisk=[C:]\Recovery\64361e85-acd3-11e1-907c-e4026dbd1cbc\Winre.wim,{64361e86-acd3-11e1-907c-e4026dbd1cbc}

systemroot              \windows

nx                      OptIn

winpe                   Yes

 

Resume from Hibernate

---------------------

identifier              {64361e83-acd3-11e1-907c-e4026dbd1cbc}

device                  partition=C:

path                    \Windows\system32\winresume.exe

description             Windows Resume Application

locale                  en-US

inherit                 {resumeloadersettings}

filedevice              partition=C:

filepath                \hiberfil.sys

debugoptionenabled      No

 

Windows Memory Tester

---------------------

identifier              {memdiag}

device                  partition=D:

path                    \boot\memtest.exe

description             Windows Memory Diagnostic

locale                  en-US

inherit                 {globalsettings}

badmemoryaccess         Yes

 

EMS Settings

------------

identifier              {emssettings}

bootems                 Yes

 

Debugger Settings

-----------------

identifier              {dbgsettings}

debugtype               Serial

debugport               1

baudrate                115200

 

RAM Defects

-----------

identifier              {badmemory}

 

Global Settings

---------------

identifier              {globalsettings}

inherit                 {dbgsettings}

                        {emssettings}

                        {badmemory}

 

Boot Loader Settings

--------------------

identifier              {bootloadersettings}

inherit                 {globalsettings}

                        {hypervisorsettings}

 

Hypervisor Settings

-------------------

identifier              {hypervisorsettings}

hypervisordebugtype     Serial

hypervisordebugport     1

hypervisorbaudrate      115200

 

Resume Loader Settings

----------------------

identifier              {resumeloadersettings}

inherit                 {globalsettings}

 

Device options

--------------

identifier              {64361e86-acd3-11e1-907c-e4026dbd1cbc}

description             Ramdisk Options

ramdisksdidevice        partition=C:

ramdisksdipath          \Recovery\64361e85-acd3-11e1-907c-e4026dbd1cbc\boot.sdi

 

 

==================== Memory info =========================== 

 

Percentage of memory in use: 16%

Total physical RAM: 4079.43 MB

Available physical RAM: 3417.65 MB

Total Pagefile: 4077.63 MB

Available Pagefile: 3411.36 MB

Total Virtual: 8192 MB

Available Virtual: 8191.88 MB

 

==================== Drives ================================

 

Drive c: () (Fixed) (Total:99.9 GB) (Free:11.68 GB) NTFS

Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive f: () (Fixed) (Total:100 GB) (Free:9.49 GB) NTFS

Drive g: () (Fixed) (Total:731.51 GB) (Free:120.67 GB) NTFS

Drive i: (EOS_DIGITAL) (Removable) (Total:14.91 GB) (Free:14.25 GB) NTFS

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (TB) (Fixed) (Total:931.51 GB) (Free:23.55 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A1DA5E56)

 

Partition: GPT Partition Type.

 

========================================================

Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: F970AF9A)

 

Partition: GPT Partition Type.

 

========================================================

Disk: 2 (Size: 15 GB) (Disk ID: EB27EB27)

 

Partition: GPT Partition Type.

 

 

LastRegBack: 2014-02-18 05:55

 

  • ==================== End Of Log ============================
Link to post
Share on other sites

Yes apologies, I forget you cannot boot into windows. I attach another fix for FRST, this will take a dump of the MBR, Can you zip up that file and attach to next reply...

 

Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (MBRDUMP.txt) please zip and post it to your reply.

fixlist.txt

Link to post
Share on other sites

MBR is clean, we have already restored all registry hives yet you cannot boot past black screen...... See if you can do the following:

 

Boot your system, as it starts Press and keep tapping the F8 key about every second until you see the screenshot I attach below:

 

Try option one, select Last Known Good Configuration, hit the enter key. Any improvement ?

 

If 1 fails try option 2, select low resolution, hit the enter key, Any improvement?

 

 

post-3601-0-51719200-1393895129_thumb.pn

Link to post
Share on other sites

I guess we are running out of options, is your system a standard Retail version or OEM version, if not OEM we rebuild the MBR with FRST via RE.... If this fail a reformat and re-install is probably all we have left...

 

Save the attached file fixlist.txt to your flash drive, same place as FRST.

Now please enter System Recovery Options as you did to get the log.

 

Run FRST and press the Fix button just once and wait.

The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply. Any improvement?

 

 

fixlist.txt

Link to post
Share on other sites

Ok one more try, run system file checker (sfc /scannow) to make sure all system files are good, any bad, infected or missing files will be corrected.

 

Go to this link: http://www.sevenforums.com/tutorials/139810-sfc-scannow-run-command-prompt-boot.html read thoroughly and follow method one, that is worth running twice if no improvement after the first run..

 

Kevin...

Link to post
Share on other sites

Yep this is very frustrating for sure, logs do not show any obvious reason for the current issue. Lets try running Bootrec tool, see if we make progress:

 

http://www.sevenforums.com/tutorials/163216-bootrec-exe-tool-how-use-windows-recovery-environment.html

 

 

****Edit

 

Before trying the Bootrec tool run FRST again from the Recovery Environment, use the scan option and save that log...

 

Next,

  • Type or copy/paste explorer.exe;winlogon.exe into the Search: field in FRST then click the Search File(s) button.
  • FRST will search your computer for files and when finished it will produce a log Search.txt on the flash drive.
  • Exit FRST.

·  Close the command window.

·  Post me the FRST.txt and Search.txt logs please.

Link to post
Share on other sites

What are these drives:

 

Drive i: (EOS_DIGITAL) (Removable) (Total:14.91 GB) (Free:14.25 GB) NTFS
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (TB) (Fixed) (Total:931.51 GB) (Free:23.55 GB) NTFS ==>[system with boot components (obtained from reading drive)]
 
Is it possible to remove or disconnect them and only leave the following...
 
Drive c: () (Fixed) (Total:99.9 GB) (Free:11.68 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from reading drive)]
Drive f: () (Fixed) (Total:100 GB) (Free:9.49 GB) NTFS
Drive g: () (Fixed) (Total:731.51 GB) (Free:120.67 GB) NTFS
Link to post
Share on other sites

Drive i: (EOS_DIGITAL) (Removable) (Total:14.91 GB) (Free:14.25 GB) NTFS    --> USB card that I have FRST
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS  -----> is usually the drive that use the windows repair
Drive y: (TB) (Fixed) (Total:931.51 GB) (Free:23.55 GB) NTFS ==>[system with boot components (obtained from reading drive)]   --> is just a partition with data

No changes after disconnect.
Link to post
Share on other sites

I`m at a loss, do not see what is causing the current issue. The only option left is Format and Re-install Windows, is that an option you will consider?

 

If there is important data etc to recover that can be done via Linux based live CD...

 

To recover data you will have to use a linux based system, it is quite straightforward. Go to this link: http://www.howtogeek.com/howto/windows-vista/use-ubuntu-live-cd-to-backup-files-from-your-dead-windows-computer/ for the full instructions on how to use Ubuntu..

 

Kevin...

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.