Reply to thread

Message: <blockquote data-quote="john R" data-source="post: 135802" data-attributes="member: 12418"><hr />Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 16-09-2013 03Ran by spike (administrator) on spike-PC on 17-09-2013 00:11:19Running from E:\Microsoft Windows 7 Home Premium  (X86) OS Language: English(US)Internet Explorer Version 8Boot Mode: Normal==================== Processes (Whitelisted) ======================================= Registry (Whitelisted) ====================================== Internet (Whitelisted) ============================================== Services (Whitelisted) ===================================== Drivers (Whitelisted) ====================R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-13] (Microsoft Corporation)==================== NetSvcs (Whitelisted) ======================================= One Month Created Files and Folders ========2013-09-17 02:56 - 2013-09-17 00:09 - 00000000 ____D C:\Windows\Panther2013-09-17 02:40 - 2013-09-17 02:40 - 00000000 ____D C:\Windows.old.0002013-09-17 02:00 - 2013-09-17 02:55 - 00008192 __RSH C:\BOOTSECT.BAK2013-09-17 02:00 - 2013-09-17 00:09 - 00010954 _____ C:\Windows\WindowsUpdate.log2013-09-17 02:00 - 2009-07-13 20:38 - 00383562 __RSH C:\bootmgr2013-09-17 02:00 - 2008-06-19 15:42 - 00000211 ____H C:\Boot.BAK2013-09-17 01:59 - 2013-09-17 01:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf2013-09-17 01:57 - 2013-09-17 02:01 - 00001313 _____ C:\Windows\TSSysprep.log2013-09-17 01:45 - 2013-09-17 01:45 - 00000000 ____D C:\Windows.old2013-09-17 00:11 - 2013-09-17 00:11 - 00000000 ____D C:\FRST2013-09-17 00:10 - 2013-09-17 00:10 - 00001413 _____ C:\Users\spike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-09-17 00:09 - 2013-09-17 00:10 - 00000000 ____D C:\Users\spike2013-09-17 00:09 - 2013-09-17 00:09 - 00000020 ___SH C:\Users\spike\ntuser.ini2013-09-17 00:09 - 2013-09-17 00:09 - 00000000 __SHD C:\Recovery2013-09-17 00:09 - 2013-09-17 00:09 - 00000000 ____D C:\Users\spike\AppData\Local\VirtualStore2013-09-17 00:09 - 2009-07-13 23:42 - 00000000 ___RD C:\Users\spike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories2013-09-17 00:09 - 2009-07-13 23:37 - 00000000 ___RD C:\Users\spike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance==================== One Month Modified Files and Folders =======2013-09-17 02:55 - 2013-09-17 02:00 - 00008192 __RSH C:\BOOTSECT.BAK2013-09-17 02:55 - 2009-07-13 23:57 - 00025600 ___SH C:\Windows\system32\config\BCD-Template.LOG2013-09-17 02:55 - 2009-07-13 23:52 - 00028672 _____ C:\Windows\system32\config\BCD-Template2013-09-17 02:40 - 2013-09-17 02:40 - 00000000 ____D C:\Windows.old.0002013-09-17 02:08 - 2009-07-13 23:34 - 00012208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02013-09-17 02:08 - 2009-07-13 23:34 - 00012208 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02013-09-17 02:08 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\rescache2013-09-17 02:07 - 2009-07-13 23:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT2013-09-17 02:06 - 2009-07-13 23:39 - 00020466 _____ C:\Windows\setupact.log2013-09-17 02:06 - 2009-07-13 23:33 - 00266808 _____ C:\Windows\system32\FNTCACHE.DAT2013-09-17 02:02 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\Microsoft.NET2013-09-17 02:01 - 2013-09-17 01:57 - 00001313 _____ C:\Windows\TSSysprep.log2013-09-17 02:00 - 2004-08-11 17:00 - 00000355 __RSH C:\Boot.ini.saved2013-09-17 01:59 - 2013-09-17 01:59 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf2013-09-17 01:57 - 2009-07-13 23:34 - 00001774 _____ C:\Windows\DtcInstall.log2013-09-17 01:45 - 2013-09-17 01:45 - 00000000 ____D C:\Windows.old2013-09-17 00:11 - 2013-09-17 00:11 - 00000000 ____D C:\FRST2013-09-17 00:10 - 2013-09-17 00:10 - 00001413 _____ C:\Users\spike\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk2013-09-17 00:10 - 2013-09-17 00:09 - 00000000 ____D C:\Users\spike2013-09-17 00:09 - 2013-09-17 02:56 - 00000000 ____D C:\Windows\Panther2013-09-17 00:09 - 2013-09-17 02:00 - 00010954 _____ C:\Windows\WindowsUpdate.log2013-09-17 00:09 - 2013-09-17 00:09 - 00000020 ___SH C:\Users\spike\ntuser.ini2013-09-17 00:09 - 2013-09-17 00:09 - 00000000 __SHD C:\Recovery2013-09-17 00:09 - 2013-09-17 00:09 - 00000000 ____D C:\Users\spike\AppData\Local\VirtualStore2013-09-17 00:09 - 2009-07-13 21:37 - 00000000 ____D C:\Windows\system32\Recovery==================== Bamital & volsnap Check =================C:\Windows\explorer.exe => MD5 is legitC:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legitC:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.LastRegBack: 2013-09-17 01:56==================== End Of Log ============================<hr />Additional scan result of Farbar Recovery Scan Tool (x86) Version: 16-09-2013 03Ran by spike at 2013-09-17 00:11:48Running from E:\Boot Mode: Normal============================================================================== Installed Programs =========================================== Restore Points  ============================================= Hosts content: ==========================2009-07-13 21:04 - 2009-06-10 16:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============Task: {0D9B5D92-3A22-486D-A887-3AA21597CF27} - System32\Tasks\Microsoft\Windows\Time Synchronization\SynchronizeTime => Sc.exe start w32time task_startedTask: {191232AD-26C4-49F7-BBEF-4B28DE2DEA14} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => C:\Program Files\Windows Defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)Task: {DED983CA-C2B2-4F3B-BD78-0A6450DE3F95} - System32\Tasks\Microsoft\Windows Defender\Mp Scheduled Scan => C:\Program Files\Windows Defender\MpCmdRun.exe [2009-07-13] (Microsoft Corporation)==================== Loaded Modules (whitelisted) =============2009-07-13 18:21 - 2009-07-13 20:15 - 00016384 _____ (Microsoft Corporation) C:\Windows\ehome\ehssetup.dll==================== Faulty Device Manager Devices =============Name: Base System DeviceDescription: Base System DeviceClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.Name: Base System DeviceDescription: Base System DeviceClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.Name: Base System DeviceDescription: Base System DeviceClass Guid: Manufacturer: Service: Problem: : The drivers for this device are not installed. (Code 28)Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.==================== Event log errors: =========================Application errors:==================System errors:=============Error: (09/17/2013 02:05:04 AM) (Source: Service Control Manager) (User: )Description: The Windows Search service terminated with the following error: %%19Microsoft Office Sessions:============================================= Memory info =========================== Percentage of memory in use: 19%Total physical RAM: 3062.04 MBAvailable physical RAM: 2451.91 MBTotal Pagefile: 6122.36 MBAvailable Pagefile: 5464.83 MBTotal Virtual: 2047.88 MBAvailable Virtual: 1882.25 MB==================== Drives ================================Drive c: () (Fixed) (Total:230.3 GB) (Free:162.17 GB) NTFS ==>[Drive with boot components (obtained from BCD)]Drive e: () (Removable) (Total:1.88 GB) (Free:1.76 GB) FAT==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 41AB2316)Partition 1: (Not Active) - (Size=86 MB) - (Type=DE)Partition 2: (Active) - (Size=230 GB) - (Type=07 NTFS)Partition 3: (Not Active) - (Size=2 GB) - (Type=OF Extended)========================================================Disk: 1 (Size: 2 GB) (Disk ID: FCD4315B)Partition 1: (Not Active) - (Size=2 GB) - (Type=06)==================== End Of Log ============================</blockquote>

Verification

Top