Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Police Malware Virus - I cant remove
Message
<blockquote data-quote="ebonixa" data-source="post: 121333" data-attributes="member: 8358"><p>Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-05-2013</p><p>Ran by SYSTEM on 19-05-2013 01:43:10</p><p>Running from H:\</p><p>Windows 7 Home Premium (X64) OS Language: English(US)</p><p>Internet Explorer Version 9</p><p>Boot Mode: Recovery</p><p>The current controlset is ControlSet001</p><p><strong>ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.</strong></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464984 2012-10-12] (Microsoft Corporation)</p><p>HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2075288 2012-10-12] (Microsoft Corporation)</p><p>HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)</p><p>HKLM\...\Run: [McAfeeWrapperApplication] "C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe" [453344 2011-05-11] (McAfee, Inc.)</p><p>HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)</p><p>HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited)</p><p>HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()</p><p>HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.)</p><p>HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)</p><p>HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()</p><p>HKLM-x32\...\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start [63360 2010-12-08] (DivX, LLC)</p><p>HKLM-x32\...\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454160 2012-10-06] (McAfee, Inc.)</p><p>HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)</p><p>HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.)</p><p>HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.)</p><p>HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-21] ()</p><p>HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-21] ()</p><p>HKU\Ebonixa\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-15] (Google Inc.)</p><p>HKU\Ebonixa\...\Run: [Google Update] "C:\Users\Ebonixa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-24] (Google Inc.)</p><p>HKU\Ebonixa\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation)</p><p>HKU\Ebonixa\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1635752 2013-05-03] (Valve Corporation)</p><p>HKU\Ebonixa\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)</p><p>HKU\Ebonixa\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Ebonixa\Documents\2b727d08.exe [27136 2013-05-18] ()</p><p>HKU\Ebonixa\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION </p><p>HKU\UpdatusUser\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-21] ()</p><p>AppInit_DLLs: C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll [162336 2009-07-21] ()</p><p>Startup: C:\ProgramData\Start Menu\Programs\Startup\Photo Frame.lnk</p><p>ShortcutTarget: Photo Frame.lnk -> C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe (North Star com.)</p><p></p><p>==================== Services (Whitelisted) =================</p><p></p><p>S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-09-30] (WildTangent, Inc.)</p><p>S2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated)</p><p>S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.)</p><p>S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [120592 2013-03-04] (McAfee, Inc.)</p><p>S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.)</p><p>S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.)</p><p>S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [378952 2012-11-21] (McAfee, Inc.)</p><p>S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.)</p><p>S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.)</p><p>S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1007288 2012-10-05] (McAfee, Inc.)</p><p>S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-11-08] (McAfee, Inc.)</p><p>S2 mfevtp; C:\Windows\system32\mfevtps.exe [177680 2012-11-08] (McAfee, Inc.)</p><p>S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)</p><p>S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.)</p><p>S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [931640 2012-01-25] (Trusteer Ltd.)</p><p>S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.)</p><p>S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group)</p><p>S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()</p><p>S2 VhdAttach; C:\Program Files\Josip Medved\VHD Attach\VhdAttachService.exe [190384 2012-03-14] (Josip Medved)</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2011-07-22] ()</p><p>S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-11-08] (McAfee, Inc.)</p><p>S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.)</p><p>S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2011-07-22] ()</p><p>S2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74120 2012-10-19] (McAfee, Inc.)</p><p>S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-11-08] (McAfee, Inc.)</p><p>S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-11-08] (McAfee, Inc.)</p><p>S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-11-08] (McAfee, Inc.)</p><p>S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-11-08] (McAfee, Inc.)</p><p>S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [328976 2012-11-01] (McAfee, Inc.)</p><p>S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [97208 2012-11-01] (McAfee, Inc.)</p><p>S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-11-08] (McAfee, Inc.)</p><p>S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)</p><p>S1 RapportCerberus_43926; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-11-01] ()</p><p>S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2012-01-25] (Trusteer Ltd.)</p><p>S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [63760 2012-01-25] (Trusteer Ltd.)</p><p>S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2012-01-25] (Trusteer Ltd.)</p><p>S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd)</p><p>S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.)</p><p>S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.)</p><p>S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.)</p><p>S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117080 2012-05-22] (Oracle Corporation)</p><p>S3 mfeavfk01; No ImagePath</p><p>S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x]</p><p>S0 sr; </p><p>S2 srservice; </p><p>S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x]</p><p></p><p>========================== Drivers MD5 =======================</p><p></p><p>C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825</p><p>C:\Windows\System32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6</p><p>C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49</p><p>C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048</p><p>C:\Windows\system32\drivers\appid.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\atksgt.sys B4BDE3F758A34658A37DFED3D9783CD8</p><p>C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\cfwids.sys DF8D07059E7237E0BE9C1421EF5F9482</p><p>C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit</p><p>C:\Windows\System32\CLFS.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD</p><p>C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\dc3d.sys E6CE7188CC47AE5DAFDAF552D370C52F</p><p>C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\discache.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D</p><p>C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578</p><p>C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B</p><p>C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0</p><p>C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F</p><p>C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B</p><p>C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A</p><p>C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\HipShieldK.sys 852681A14AFEE00C0C3179429A08C868</p><p>C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\iaStor.sys BE7D72FCF442C26975942007E0831241</p><p>C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366</p><p>C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\RTKVHD64.sys 2E3B99E8C23BE2BF32EBE1DB5261F275</p><p>C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4</p><p>C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07</p><p>C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\lirsgt.sys 955982BF4421B77722196552B62E8DC2</p><p>C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\McPvDrv.sys D0885CA52ACD97E0C93A565BDD2270D9</p><p>C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\mfeapfk.sys 2D53234C24B0103FDE0BE06782AA6F80</p><p>C:\Windows\System32\drivers\mfeavfk.sys C0EAF4F2367C44157E1DE4817238FEC2</p><p>C:\Windows\System32\drivers\mfefirek.sys 6856931F9F5B757E9D09369CC35096B9</p><p>C:\Windows\System32\drivers\mfehidk.sys 62E4C929A4DB48616B1B90143B48C948</p><p>C:\Windows\System32\DRIVERS\mfencbdc.sys 9C9FC3770BD600B2D761D666234C244D</p><p>C:\Windows\System32\DRIVERS\mfencrk.sys 93241CC8509B622B47EEA1B8505CF511</p><p>C:\Windows\System32\drivers\mfewfpk.sys E18162EA85F1531964F8222CC9E25E26</p><p>C:\Windows\System32\DRIVERS\MOBK.sys 3800C23D0D90C59AAFCDEFDC82B5C4AF</p><p>C:\Windows\System32\drivers\modem.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC</p><p>C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163</p><p>C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C</p><p>C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\nx6000.sys BB590070D606AE6F008341FC9A7B2AD7</p><p>C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88</p><p>C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\netr28x.sys B964D4C524A80ABA22DB16FC1EDED0A9</p><p>C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0</p><p>C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\nvlddmkm.sys FCBA1C22727939E7CFF9EB08FE9692AB</p><p>C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD</p><p>C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A</p><p>C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C</p><p>C:\Windows\System32\drivers\pci.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\point64.sys 5BC4D480DD527EB0CF33A67A090A130E</p><p>C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1</p><p>C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit</p><p>C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys F98487B25828441B1C6488C642C2AC10</p><p>C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys 345CAF7431B5E8D889E7F6FD15EFAE60</p><p>C:\Windows\System32\Drivers\RapportKE64.sys 639E619348BB5184DCFA37B9CA6597C7</p><p>C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys 9BC1C7C30198D36F84A58018CE21FBDA</p><p>C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A</p><p>C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys 4AAFFFA67AC4DFA3D9985D78573887E2</p><p>C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1</p><p>C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\Rt64win7.sys 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A</p><p>C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\SECDRV.SYS ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B</p><p>C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28</p><p>C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3</p><p>C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899</p><p>C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899</p><p>C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC</p><p>C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8</p><p>C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit</p><p>C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240</p><p>C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A</p><p>C:\Windows\System32\DRIVERS\lgx64bus.sys 5FCC71487888589A9244AF54CFEFAB29</p><p>C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C</p><p>C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\lgx64diag.sys 3FB6E423F7567C92C32EA786F5FD0C69</p><p>C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B</p><p>C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24</p><p>C:\Windows\System32\DRIVERS\lgx64modem.sys 78D551F5B93488B4666F5FC8DD4815F3</p><p>C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31</p><p>C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6</p><p>C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD</p><p>C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50</p><p>C:\Windows\System32\DRIVERS\VBoxNetAdp.sys 48630B4530C80AAF3DDE9633E4291D8C</p><p>C:\Windows\System32\Drivers\VBoxUSB.sys 075EA3A313446EE2BD760F20F00BEFD7</p><p>C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\vga.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\vhdmp.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit</p><p>C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4</p><p>C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit</p><p>C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit</p><p>C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D</p><p>C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit</p><p>C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit</p><p>C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F</p><p>C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2013-05-19 01:28 - 2013-05-19 01:28 - 00000000 ____D C:\FRST</p><p>2013-05-18 13:38 - 2013-05-18 13:38 - 01038470 ____A C:\ProgramData\2433f433</p><p>2013-05-18 13:38 - 2013-05-18 13:38 - 01038421 ____A C:\Users\Ebonixa\AppData\Roaming\2433f433</p><p>2013-05-18 13:38 - 2013-05-18 13:38 - 01038396 ____A C:\Users\Ebonixa\AppData\Local\2433f433</p><p>2013-05-18 13:38 - 2013-05-18 13:38 - 00027136 ____A C:\Users\Ebonixa\Documents\2b727d08.exe</p><p>2013-05-18 02:25 - 2013-05-18 02:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E9423082-F149-40F4-A7F2-B4A5CCCAEC26}</p><p>2013-05-17 10:31 - 2013-05-17 10:32 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{45235006-C801-487A-AB05-3DCF15C3C219}</p><p>2013-05-17 10:08 - 2013-05-17 10:08 - 00000000 __SHD C:\found.000</p><p>2013-05-17 10:01 - 2013-05-17 10:01 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk</p><p>2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69</p><p>2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\Program Files\iTunes</p><p>2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\Program Files\iPod</p><p>2013-05-16 22:31 - 2013-05-16 22:31 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{871C2234-30DD-4B06-A1C5-E09DB659313A}</p><p>2013-05-15 21:54 - 2013-05-16 09:54 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{A6186DFC-0BF2-4544-930B-258344CB1647}</p><p>2013-05-15 18:01 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe</p><p>2013-05-15 18:01 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll</p><p>2013-05-15 18:01 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll</p><p>2013-05-15 18:01 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll</p><p>2013-05-15 18:01 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll</p><p>2013-05-15 18:01 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll</p><p>2013-05-15 18:01 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll</p><p>2013-05-15 18:01 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll</p><p>2013-05-15 18:01 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll</p><p>2013-05-15 18:01 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll</p><p>2013-05-15 18:01 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll</p><p>2013-05-15 18:01 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll</p><p>2013-05-15 18:01 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll</p><p>2013-05-15 18:01 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb</p><p>2013-05-15 18:01 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb</p><p>2013-05-15 18:01 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe</p><p>2013-05-15 18:01 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe</p><p>2013-05-15 18:00 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll</p><p>2013-05-15 18:00 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll</p><p>2013-05-15 18:00 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll</p><p>2013-05-15 18:00 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll</p><p>2013-05-15 18:00 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll</p><p>2013-05-15 18:00 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll</p><p>2013-05-15 18:00 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll</p><p>2013-05-15 18:00 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll</p><p>2013-05-15 18:00 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll</p><p>2013-05-15 18:00 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll</p><p>2013-05-15 18:00 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll</p><p>2013-05-15 18:00 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll</p><p>2013-05-15 18:00 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll</p><p>2013-05-15 18:00 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll</p><p>2013-05-15 09:39 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys</p><p>2013-05-15 09:39 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys</p><p>2013-05-15 09:39 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe</p><p>2013-05-15 09:39 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll</p><p>2013-05-15 09:39 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll</p><p>2013-05-15 09:39 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll</p><p>2013-05-15 09:39 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll</p><p>2013-05-15 09:39 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll</p><p>2013-05-15 09:39 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll</p><p>2013-05-15 09:39 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll</p><p>2013-05-15 09:39 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll</p><p>2013-05-15 09:38 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys</p><p>2013-05-15 09:38 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll</p><p>2013-05-15 09:38 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll</p><p>2013-05-15 09:11 - 2013-05-15 09:12 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{25C91D86-52FE-4A0C-89BE-72CD4CCCA599}</p><p>2013-05-14 12:27 - 2013-04-20 11:03 - 2412408213 ____A C:\Users\Ebonixa\Desktop\The Bourne Ultimatum.mp4</p><p>2013-05-14 11:05 - 2013-05-14 11:05 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{EBDA5BE1-2098-422E-A5BA-B297FB0C55C1}</p><p>2013-05-13 01:13 - 2013-05-13 01:14 - 00000000 ____D C:\Users\Ebonixa\Desktop\Birthday</p><p>2013-05-13 01:04 - 2013-05-13 13:04 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F5C08CFC-582E-4A20-9B5D-DEFE034B42E6}</p><p>2013-05-11 00:42 - 2013-05-12 12:43 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{052EB9B2-97B9-4FEA-BABB-68FE7FB795D1}</p><p>2013-05-08 09:12 - 2013-05-08 09:12 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{078CCC4D-097E-4345-A3A2-D9F45CAACA33}</p><p>2013-05-07 11:48 - 2013-05-07 11:48 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{40DA6ABD-837D-4AA9-A145-A8FEDD130978}</p><p>2013-05-06 22:39 - 2013-05-06 22:39 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{D39793F3-5F31-4926-9BCD-41A1E896FE3C}</p><p>2013-05-06 03:45 - 2013-05-06 03:45 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{D0250FFD-A12C-45F7-A106-57A96F09046F}</p><p>2013-05-05 03:44 - 2013-05-05 15:45 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4CFF497C-2F46-44AA-8FB8-FA8B1A8EA6DE}</p><p>2013-05-03 23:10 - 2013-05-04 11:11 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E4A55321-5928-40D3-9353-BA723A94D9C8}</p><p>2013-05-03 10:26 - 2013-05-03 10:26 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{32AC9B0D-A19A-4AD6-B662-8E22C95C5F4F}</p><p>2013-05-01 03:24 - 2013-05-01 03:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F980877C-C9D6-4EFB-91A8-64167A8CBA00}</p><p>2013-04-29 06:25 - 2013-04-29 06:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4056126B-3D55-4039-9BC3-66CBB9D113A1}</p><p>2013-04-28 03:04 - 2013-04-28 03:04 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{21E5A57B-F0BE-4BD4-9FE9-EC88CC525A85}</p><p>2013-04-27 01:19 - 2013-04-27 13:20 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{C3BEECA4-D1C7-4486-81B1-D431FEFB0354}</p><p>2013-04-24 11:55 - 2013-04-27 07:24 - 00000000 ____D C:\ProgramData\Yahoo!</p><p>2013-04-24 11:45 - 2013-04-27 07:24 - 00000000 ____D C:\Program Files (x86)\Yahoo!</p><p>2013-04-24 09:32 - 2013-04-27 07:18 - 00000000 ____D C:\Program Files (x86)\MyPC Backup</p><p>2013-04-24 09:30 - 2013-04-24 09:30 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Babylon</p><p>2013-04-24 09:30 - 2013-04-24 09:30 - 00000000 ____D C:\ProgramData\Babylon</p><p>2013-04-24 04:19 - 2013-04-24 04:19 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4C62F919-1DB9-4018-9A5B-A72035C6C51A}</p><p>2013-04-23 10:50 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys</p><p>2013-04-23 10:45 - 2013-04-23 10:46 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F53A483A-04DE-46DD-B52B-F4AF0C430E1A}</p><p>2013-04-22 13:47 - 2013-04-23 10:39 - 00000000 ____D C:\ProgramData\E49B794EFB8B08280000E49A94BB0ED0</p><p>2013-04-22 01:13 - 2013-04-22 13:13 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{870A5655-66F4-44C6-893B-809F9DE4EF6E}</p><p>2013-04-21 02:51 - 2013-04-21 02:52 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{1CABE137-A1AE-47AF-8FE4-CDDBB76F44FF}</p><p>2013-04-20 01:42 - 2013-04-20 13:42 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E353FCF5-0065-4008-A24B-DDC997C90E51}</p><p>2013-04-19 04:17 - 2013-04-19 04:17 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{6C763C36-F1A7-47FF-B4CB-85450D330D01}</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2013-05-19 01:28 - 2013-05-19 01:28 - 00000000 ____D C:\FRST</p><p>2013-05-19 00:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache</p><p>2013-05-18 15:21 - 2012-06-24 04:24 - 00000418 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job</p><p>2013-05-18 15:21 - 2011-08-15 10:34 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2013-05-18 15:21 - 2010-09-17 18:14 - 00000000 ____D C:\ProgramData\NVIDIA</p><p>2013-05-18 15:21 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT</p><p>2013-05-18 15:21 - 2009-07-13 20:51 - 00167691 ____A C:\Windows\setupact.log</p><p>2013-05-18 15:01 - 2010-09-17 18:09 - 01512877 ____A C:\Windows\WindowsUpdate.log</p><p>2013-05-18 14:59 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-18 14:59 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2013-05-18 13:43 - 2010-11-19 09:30 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Azureus</p><p>2013-05-18 13:41 - 2011-07-24 01:37 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84892216-39173874-2601006852-1000UA.job</p><p>2013-05-18 13:38 - 2013-05-18 13:38 - 01038470 ____A C:\ProgramData\2433f433</p><p>2013-05-18 13:38 - 2013-05-18 13:38 - 01038421 ____A C:\Users\Ebonixa\AppData\Roaming\2433f433</p><p>2013-05-18 13:38 - 2013-05-18 13:38 - 01038396 ____A C:\Users\Ebonixa\AppData\Local\2433f433</p><p>2013-05-18 13:38 - 2013-05-18 13:38 - 00027136 ____A C:\Users\Ebonixa\Documents\2b727d08.exe</p><p>2013-05-18 13:38 - 2011-08-15 10:34 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2013-05-18 13:14 - 2012-09-10 13:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job</p><p>2013-05-18 13:03 - 2013-03-09 01:08 - 00001856 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk</p><p>2013-05-18 09:41 - 2011-07-24 01:37 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84892216-39173874-2601006852-1000Core.job</p><p>2013-05-18 02:29 - 2009-07-13 21:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI</p><p>2013-05-18 02:26 - 2013-03-08 12:34 - 00000000 __RSD C:\Users\Ebonixa\Documents\McAfee Vaults</p><p>2013-05-18 02:25 - 2013-05-18 02:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E9423082-F149-40F4-A7F2-B4A5CCCAEC26}</p><p>2013-05-18 02:24 - 2012-11-05 10:25 - 00000000 ____D C:\Program Files (x86)\Steam</p><p>2013-05-18 02:24 - 2010-11-20 05:43 - 00000000 ____D C:\Users\Ebonixa\Tracing</p><p>2013-05-17 10:32 - 2013-05-17 10:31 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{45235006-C801-487A-AB05-3DCF15C3C219}</p><p>2013-05-17 10:08 - 2013-05-17 10:08 - 00000000 __SHD C:\found.000</p><p>2013-05-17 10:01 - 2013-05-17 10:01 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk</p><p>2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69</p><p>2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\Program Files\iTunes</p><p>2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\Program Files\iPod</p><p>2013-05-17 10:01 - 2010-11-25 11:36 - 00000000 ____D C:\Program Files (x86)\iTunes</p><p>2013-05-17 09:53 - 2012-12-30 11:56 - 00000000 ____D C:\Users\Ebonixa\Desktop\Rayon</p><p>2013-05-17 04:14 - 2012-06-24 04:24 - 00000442 ____A C:\Windows\Tasks\PC Optimizer Pro Updates.job</p><p>2013-05-16 22:31 - 2013-05-16 22:31 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{871C2234-30DD-4B06-A1C5-E09DB659313A}</p><p>2013-05-16 09:54 - 2013-05-15 21:54 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{A6186DFC-0BF2-4544-930B-258344CB1647}</p><p>2013-05-15 18:27 - 2009-07-13 20:45 - 00432296 ____A C:\Windows\System32\FNTCACHE.DAT</p><p>2013-05-15 18:08 - 2010-11-19 06:29 - 00000000 ____D C:\ProgramData\Microsoft Help</p><p>2013-05-15 18:05 - 2010-11-30 11:32 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe</p><p>2013-05-15 09:12 - 2013-05-15 09:11 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{25C91D86-52FE-4A0C-89BE-72CD4CCCA599}</p><p>2013-05-14 12:16 - 2012-05-09 22:51 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe</p><p>2013-05-14 12:16 - 2011-08-15 10:34 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2013-05-14 11:25 - 2010-05-10 16:55 - 00000000 ____D C:\ProgramData\Adobe</p><p>2013-05-14 11:05 - 2013-05-14 11:05 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{EBDA5BE1-2098-422E-A5BA-B297FB0C55C1}</p><p>2013-05-14 11:05 - 2010-11-19 16:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\CrashDumps</p><p>2013-05-13 13:04 - 2013-05-13 01:04 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F5C08CFC-582E-4A20-9B5D-DEFE034B42E6}</p><p>2013-05-13 01:14 - 2013-05-13 01:13 - 00000000 ____D C:\Users\Ebonixa\Desktop\Birthday</p><p>2013-05-12 12:43 - 2013-05-11 00:42 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{052EB9B2-97B9-4FEA-BABB-68FE7FB795D1}</p><p>2013-05-11 03:29 - 2010-11-19 11:17 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Skype</p><p>2013-05-08 09:12 - 2013-05-08 09:12 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{078CCC4D-097E-4345-A3A2-D9F45CAACA33}</p><p>2013-05-07 11:48 - 2013-05-07 11:48 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{40DA6ABD-837D-4AA9-A145-A8FEDD130978}</p><p>2013-05-06 22:39 - 2013-05-06 22:39 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{D39793F3-5F31-4926-9BCD-41A1E896FE3C}</p><p>2013-05-06 04:31 - 2013-03-23 10:15 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Might & Magic Heroes VI</p><p>2013-05-06 03:45 - 2013-05-06 03:45 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{D0250FFD-A12C-45F7-A106-57A96F09046F}</p><p>2013-05-05 15:45 - 2013-05-05 03:44 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4CFF497C-2F46-44AA-8FB8-FA8B1A8EA6DE}</p><p>2013-05-04 11:11 - 2013-05-03 23:10 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E4A55321-5928-40D3-9353-BA723A94D9C8}</p><p>2013-05-04 08:15 - 2010-11-19 06:12 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Adobe</p><p>2013-05-03 10:26 - 2013-05-03 10:26 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{32AC9B0D-A19A-4AD6-B662-8E22C95C5F4F}</p><p>2013-05-03 10:25 - 2013-03-09 01:03 - 00000000 ____D C:\Program Files (x86)\McAfee</p><p>2013-05-03 10:25 - 2010-05-10 16:58 - 01192848 ____A C:\Windows\PFRO.log</p><p>2013-05-01 17:06 - 2013-01-27 12:16 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe</p><p>2013-05-01 11:31 - 2013-03-08 12:33 - 00000000 ____D C:\Program Files\McAfee</p><p>2013-05-01 03:25 - 2013-05-01 03:24 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F980877C-C9D6-4EFB-91A8-64167A8CBA00}</p><p>2013-04-29 06:25 - 2013-04-29 06:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4056126B-3D55-4039-9BC3-66CBB9D113A1}</p><p>2013-04-28 03:04 - 2013-04-28 03:04 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{21E5A57B-F0BE-4BD4-9FE9-EC88CC525A85}</p><p>2013-04-27 13:20 - 2013-04-27 01:19 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{C3BEECA4-D1C7-4486-81B1-D431FEFB0354}</p><p>2013-04-27 07:24 - 2013-04-24 11:55 - 00000000 ____D C:\ProgramData\Yahoo!</p><p>2013-04-27 07:24 - 2013-04-24 11:45 - 00000000 ____D C:\Program Files (x86)\Yahoo!</p><p>2013-04-27 07:19 - 2013-03-09 04:53 - 00002059 ____A C:\Users\Public\Desktop\Configure McAfee Online Backup Service.lnk</p><p>2013-04-27 07:18 - 2013-04-24 09:32 - 00000000 ____D C:\Program Files (x86)\MyPC Backup</p><p>2013-04-24 09:30 - 2013-04-24 09:30 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Babylon</p><p>2013-04-24 09:30 - 2013-04-24 09:30 - 00000000 ____D C:\ProgramData\Babylon</p><p>2013-04-24 04:19 - 2013-04-24 04:19 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4C62F919-1DB9-4018-9A5B-A72035C6C51A}</p><p>2013-04-23 10:46 - 2013-04-23 10:45 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F53A483A-04DE-46DD-B52B-F4AF0C430E1A}</p><p>2013-04-23 10:40 - 2013-04-11 12:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox</p><p>2013-04-23 10:39 - 2013-04-22 13:47 - 00000000 ____D C:\ProgramData\E49B794EFB8B08280000E49A94BB0ED0</p><p>2013-04-22 13:13 - 2013-04-22 01:13 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{870A5655-66F4-44C6-893B-809F9DE4EF6E}</p><p>2013-04-21 03:15 - 2011-12-02 17:15 - 00000000 ____D C:\Program Files (x86)\World of Warcraft</p><p>2013-04-21 02:52 - 2013-04-21 02:51 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{1CABE137-A1AE-47AF-8FE4-CDDBB76F44FF}</p><p>2013-04-20 13:42 - 2013-04-20 01:42 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E353FCF5-0065-4008-A24B-DDC997C90E51}</p><p>2013-04-20 11:03 - 2013-05-14 12:27 - 2412408213 ____A C:\Users\Ebonixa\Desktop\The Bourne Ultimatum.mp4</p><p>2013-04-19 04:17 - 2013-04-19 04:17 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{6C763C36-F1A7-47FF-B4CB-85450D330D01}</p><p></p><p>==================== Known DLLs (Whitelisted) ================</p><p></p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\System32\winlogon.exe => MD5 is legit</p><p>C:\Windows\System32\wininit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\wininit.exe => MD5 is legit</p><p>C:\Windows\explorer.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\explorer.exe => MD5 is legit</p><p>C:\Windows\System32\svchost.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\svchost.exe => MD5 is legit</p><p>C:\Windows\System32\services.exe => MD5 is legit</p><p>C:\Windows\System32\User32.dll => MD5 is legit</p><p>C:\Windows\SysWOW64\User32.dll => MD5 is legit</p><p>C:\Windows\System32\userinit.exe => MD5 is legit</p><p>C:\Windows\SysWOW64\userinit.exe => MD5 is legit</p><p>C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: exefile => OK</p><p>HKLM\...\exefile\DefaultIcon: %1 => OK</p><p>HKLM\...\exefile\open\command: "%1" %* => OK</p><p></p><p>==================== Restore Points =========================</p><p></p><p>Restore point made on: 2013-05-15 09:26:10</p><p>Restore point made on: 2013-05-15 18:00:41</p><p></p><p>==================== BCD ================================</p><p></p><p>Windows Boot Manager</p><p>--------------------</p><p>identifier {bootmgr}</p><p>device partition=Y:</p><p>description Windows Boot Manager</p><p>locale en-US</p><p>inherit {globalsettings}</p><p>default {default}</p><p>resumeobject {a6b45ddf-c096-11df-9988-b9460d959c47}</p><p>displayorder {default}</p><p>toolsdisplayorder {memdiag}</p><p>timeout 30</p><p></p><p>Windows Boot Loader</p><p>-------------------</p><p>identifier {default}</p><p>device partition=C:</p><p>path \Windows\system32\winload.exe</p><p>description Windows 7</p><p>locale en-US</p><p>inherit {bootloadersettings}</p><p>recoverysequence {current}</p><p>recoveryenabled Yes</p><p>osdevice partition=C:</p><p>systemroot \Windows</p><p>resumeobject {a6b45ddf-c096-11df-9988-b9460d959c47}</p><p>nx OptIn</p><p>increaseuserva 2560</p><p></p><p>Windows Boot Loader</p><p>-------------------</p><p>identifier {current}</p><p>device ramdisk=[C:]\Recovery\a6b45de1-c096-11df-9988-b9460d959c47\Winre.wim,{a6b45de2-c096-11df-9988-b9460d959c47}</p><p>path \windows\system32\winload.exe</p><p>description Windows Recovery Environment</p><p>inherit {bootloadersettings}</p><p>osdevice ramdisk=[C:]\Recovery\a6b45de1-c096-11df-9988-b9460d959c47\Winre.wim,{a6b45de2-c096-11df-9988-b9460d959c47}</p><p>systemroot \windows</p><p>nx OptIn</p><p>winpe Yes</p><p></p><p>Resume from Hibernate</p><p>---------------------</p><p>identifier {a6b45ddf-c096-11df-9988-b9460d959c47}</p><p>device partition=C:</p><p>path \Windows\system32\winresume.exe</p><p>description Windows Resume Application</p><p>locale en-US</p><p>inherit {resumeloadersettings}</p><p>filedevice partition=C:</p><p>filepath \hiberfil.sys</p><p>debugoptionenabled No</p><p></p><p>Windows Memory Tester</p><p>---------------------</p><p>identifier {memdiag}</p><p>device partition=Y:</p><p>path \boot\memtest.exe</p><p>description Windows Memory Diagnostic</p><p>locale en-US</p><p>inherit {globalsettings}</p><p>badmemoryaccess Yes</p><p></p><p>EMS Settings</p><p>------------</p><p>identifier {emssettings}</p><p>bootems Yes</p><p></p><p>Debugger Settings</p><p>-----------------</p><p>identifier {dbgsettings}</p><p>debugtype Serial</p><p>debugport 1</p><p>baudrate 115200</p><p></p><p>RAM Defects</p><p>-----------</p><p>identifier {badmemory}</p><p></p><p>Global Settings</p><p>---------------</p><p>identifier {globalsettings}</p><p>inherit {dbgsettings}</p><p> {emssettings}</p><p> {badmemory}</p><p></p><p>Boot Loader Settings</p><p>--------------------</p><p>identifier {bootloadersettings}</p><p>inherit {globalsettings}</p><p> {hypervisorsettings}</p><p></p><p>Hypervisor Settings</p><p>-------------------</p><p>identifier {hypervisorsettings}</p><p>hypervisordebugtype Serial</p><p>hypervisordebugport 1</p><p>hypervisorbaudrate 115200</p><p></p><p>Resume Loader Settings</p><p>----------------------</p><p>identifier {resumeloadersettings}</p><p>inherit {globalsettings}</p><p></p><p>Device options</p><p>--------------</p><p>identifier {a6b45de2-c096-11df-9988-b9460d959c47}</p><p>description Ramdisk Options</p><p>ramdisksdidevice partition=C:</p><p>ramdisksdipath \Recovery\a6b45de1-c096-11df-9988-b9460d959c47\boot.sdi</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Percentage of memory in use: 11%</p><p>Total physical RAM: 8183.11 MB</p><p>Available physical RAM: 7231.09 MB</p><p>Total Pagefile: 8181.26 MB</p><p>Available Pagefile: 7241.49 MB</p><p>Total Virtual: 8192 MB</p><p>Available Virtual: 8191.88 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (Packard Bell) (Fixed) (Total:689.45 GB) (Free:229.48 GB) NTFS (Disk=0 Partition=3)</p><p>Drive e: (DATA) (Fixed) (Total:689.71 GB) (Free:0.09 GB) NTFS (Disk=0 Partition=4)</p><p>Drive f: (PQSERVICE) (Fixed) (Total:18 GB) (Free:6.54 GB) NTFS (Disk=0 Partition=1)</p><p>Drive g: (MMH6 - EFIGS) (CDROM) (Total:5.84 GB) (Free:0 GB) UDF</p><p>Drive h: (EBONIXA'S) (Removable) (Total:74.4 GB) (Free:64.32 GB) exFAT (Disk=1 Partition=1)</p><p>Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</p><p>Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)]</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 7CFACE33)</p><p>Partition 1: (Not Active) - (Size=18 GB) - (Type=27)</p><p>Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)</p><p>Partition 3: (Not Active) - (Size=689 GB) - (Type=07 NTFS)</p><p>Partition 4: (Not Active) - (Size=690 GB) - (Type=07 NTFS)</p><p>Attempted reading MBR returned 0 bytes.</p><p> Could not read MBR for disk 1.</p><p></p><p></p><p>Last Boot: 2013-05-13 15:33</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="ebonixa, post: 121333, member: 8358"] Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-05-2013 Ran by SYSTEM on 19-05-2013 01:43:10 Running from H:\ Windows 7 Home Premium (X64) OS Language: English(US) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.[/b] ==================== Registry (Whitelisted) ================== HKLM\...\Run: [IntelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe" [1464984 2012-10-12] (Microsoft Corporation) HKLM\...\Run: [IntelliPoint] "C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2075288 2012-10-12] (Microsoft Corporation) HKLM\...\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation) HKLM\...\Run: [McAfeeWrapperApplication] "C:\Program Files (x86)\McAfeeMOBK\WrapperTrayIcon.exe" [453344 2011-05-11] (McAfee, Inc.) HKLM\...\RunOnce: [*Restore] C:\Windows\system32\rstrui.exe /RUNONCE [296960 2010-11-20] (Microsoft Corporation) HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [90448 2011-11-01] (Research In Motion Limited) HKLM-x32\...\Run: [Hotkey Utility] C:\Program Files (x86)\Packard Bell\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] () HKLM-x32\...\Run: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [47904 2010-12-14] (Apple Inc.) HKLM-x32\...\Run: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe" [135536 2010-12-13] (Microsoft Corporation) HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.) HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] () HKLM-x32\...\Run: [DivX Download Manager] "C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe" start [63360 2010-12-08] (DivX, LLC) HKLM-x32\...\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey [454160 2012-10-06] (McAfee, Inc.) HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2012-10-24] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [152392 2013-05-15] (Apple Inc.) HKU\Default\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-21] () HKU\Default User\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-21] () HKU\Ebonixa\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2011-08-15] (Google Inc.) HKU\Ebonixa\...\Run: [Google Update] "C:\Users\Ebonixa\AppData\Local\Google\Update\GoogleUpdate.exe" /c [136176 2011-07-24] (Google Inc.) HKU\Ebonixa\...\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background [4280184 2012-03-08] (Microsoft Corporation) HKU\Ebonixa\...\Run: [Steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent [1635752 2013-05-03] (Valve Corporation) HKU\Ebonixa\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.) HKU\Ebonixa\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\Ebonixa\Documents\2b727d08.exe [27136 2013-05-18] () HKU\Ebonixa\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\UpdatusUser\...\RunOnce: [ScrSav] C:\Program Files (x86)\Packard Bell\Screensaver\run_Packard Bell.exe /default [162336 2009-07-21] () AppInit_DLLs: C:\PROGRA~2\WIF0E7~1\Datamngr\x64\datamngr.dll C:\PROGRA~2\WIF0E7~1\Datamngr\x64\IEBHO.dll [162336 2009-07-21] () Startup: C:\ProgramData\Start Menu\Programs\Startup\Photo Frame.lnk ShortcutTarget: Photo Frame.lnk -> C:\Program Files (x86)\Northstar\Photo Frame\Photo Frame.exe (North Star com.) ==================== Services (Whitelisted) ================= S3 GameConsoleService; C:\Program Files (x86)\Packard Bell Games\Packard Bell Game Console\GameConsoleService.exe [246520 2010-09-30] (WildTangent, Inc.) S2 Greg_Service; C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe [1150496 2009-08-28] (Acer Incorporated) S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.) S2 McAfee SiteAdvisor Service; c:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [120592 2013-03-04] (McAfee, Inc.) S2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.) S2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.) S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [378952 2012-11-21] (McAfee, Inc.) S2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.) S2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.) S2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1007288 2012-10-05] (McAfee, Inc.) S2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218320 2012-11-08] (McAfee, Inc.) S2 mfevtp; C:\Windows\system32\mfevtps.exe [177680 2012-11-08] (McAfee, Inc.) S2 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.) S2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [220856 2012-10-06] (McAfee, Inc.) S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [931640 2012-01-25] (Trusteer Ltd.) S3 Symantec RemoteAssist; C:\Program Files (x86)\Common Files\Symantec Shared\Support Controls\ssrc.exe [394704 2008-01-29] (Symantec, Inc.) S2 Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [243232 2010-01-28] (Acer Group) S2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] () S2 VhdAttach; C:\Program Files\Josip Medved\VHD Attach\VhdAttachService.exe [190384 2012-03-14] (Josip Medved) ==================== Drivers (Whitelisted) ==================== S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2011-07-22] () S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [69672 2012-11-08] (McAfee, Inc.) S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197264 2012-05-28] (McAfee, Inc.) S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2011-07-22] () S2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [74120 2012-10-19] (McAfee, Inc.) S3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [178840 2012-11-08] (McAfee, Inc.) S3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309400 2012-11-08] (McAfee, Inc.) S3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515528 2012-11-08] (McAfee, Inc.) S0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771096 2012-11-08] (McAfee, Inc.) S3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [328976 2012-11-01] (McAfee, Inc.) S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [97208 2012-11-01] (McAfee, Inc.) S0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [339776 2012-11-08] (McAfee, Inc.) S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.) S1 RapportCerberus_43926; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [505720 2012-11-01] () S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [55056 2012-01-25] (Trusteer Ltd.) S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [63760 2012-01-25] (Trusteer Ltd.) S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [61712 2012-01-25] (Trusteer Ltd.) S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44032 2011-07-20] (Research in Motion Ltd) S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-19] (LG Electronics Inc.) S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-19] (LG Electronics Inc.) S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-19] (LG Electronics Inc.) S3 VBoxUSB; C:\Windows\System32\Drivers\VBoxUSB.sys [117080 2012-05-22] (Oracle Corporation) S3 mfeavfk01; No ImagePath S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [x] S0 sr; S2 srservice; S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [x] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825 C:\Windows\System32\DRIVERS\agrsm64.sys 98022774D9930ECBB292E70DB7601DF6 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atksgt.sys B4BDE3F758A34658A37DFED3D9783CD8 C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\System32\drivers\cfwids.sys DF8D07059E7237E0BE9C1421EF5F9482 C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\dc3d.sys E6CE7188CC47AE5DAFDAF552D370C52F C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578 C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F C:\Windows\System32\DRIVERS\hamachi.sys 1E6438D4EA6E1174A3B3B1EDC4DE660B C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\System32\drivers\HipShieldK.sys 852681A14AFEE00C0C3179429A08C868 C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\iaStor.sys BE7D72FCF442C26975942007E0831241 C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\RTKVHD64.sys 2E3B99E8C23BE2BF32EBE1DB5261F275 C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4 C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07 C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lirsgt.sys 955982BF4421B77722196552B62E8DC2 C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\McPvDrv.sys D0885CA52ACD97E0C93A565BDD2270D9 C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\mfeapfk.sys 2D53234C24B0103FDE0BE06782AA6F80 C:\Windows\System32\drivers\mfeavfk.sys C0EAF4F2367C44157E1DE4817238FEC2 C:\Windows\System32\drivers\mfefirek.sys 6856931F9F5B757E9D09369CC35096B9 C:\Windows\System32\drivers\mfehidk.sys 62E4C929A4DB48616B1B90143B48C948 C:\Windows\System32\DRIVERS\mfencbdc.sys 9C9FC3770BD600B2D761D666234C244D C:\Windows\System32\DRIVERS\mfencrk.sys 93241CC8509B622B47EEA1B8505CF511 C:\Windows\System32\drivers\mfewfpk.sys E18162EA85F1531964F8222CC9E25E26 C:\Windows\System32\DRIVERS\MOBK.sys 3800C23D0D90C59AAFCDEFDC82B5C4AF C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\Drivers\nx6000.sys BB590070D606AE6F008341FC9A7B2AD7 C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netr28x.sys B964D4C524A80ABA22DB16FC1EDED0A9 C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nvlddmkm.sys FCBA1C22727939E7CFF9EB08FE9692AB C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\point64.sys 5BC4D480DD527EB0CF33A67A090A130E C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1 C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys F98487B25828441B1C6488C642C2AC10 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys 345CAF7431B5E8D889E7F6FD15EFAE60 C:\Windows\System32\Drivers\RapportKE64.sys 639E619348BB5184DCFA37B9CA6597C7 C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys 9BC1C7C30198D36F84A58018CE21FBDA C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys 4AAFFFA67AC4DFA3D9985D78573887E2 C:\Windows\System32\Drivers\RootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt64win7.sys 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\system32\drivers\SECDRV.SYS ==> MD5 is legit C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899 C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899 C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit C:\Windows\System32\Drivers\usbaapl64.sys C9E9D59C0099A9FF51697E9306A44240 C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A C:\Windows\System32\DRIVERS\lgx64bus.sys 5FCC71487888589A9244AF54CFEFAB29 C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lgx64diag.sys 3FB6E423F7567C92C32EA786F5FD0C69 C:\Windows\system32\drivers\usbehci.sys C025055FE7B87701EB042095DF1A2D7B C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24 C:\Windows\System32\DRIVERS\lgx64modem.sys 78D551F5B93488B4666F5FC8DD4815F3 C:\Windows\system32\drivers\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31 C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50 C:\Windows\System32\DRIVERS\VBoxNetAdp.sys 48630B4530C80AAF3DDE9633E4291D8C C:\Windows\System32\Drivers\VBoxUSB.sys 075EA3A313446EE2BD760F20F00BEFD7 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-05-19 01:28 - 2013-05-19 01:28 - 00000000 ____D C:\FRST 2013-05-18 13:38 - 2013-05-18 13:38 - 01038470 ____A C:\ProgramData\2433f433 2013-05-18 13:38 - 2013-05-18 13:38 - 01038421 ____A C:\Users\Ebonixa\AppData\Roaming\2433f433 2013-05-18 13:38 - 2013-05-18 13:38 - 01038396 ____A C:\Users\Ebonixa\AppData\Local\2433f433 2013-05-18 13:38 - 2013-05-18 13:38 - 00027136 ____A C:\Users\Ebonixa\Documents\2b727d08.exe 2013-05-18 02:25 - 2013-05-18 02:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E9423082-F149-40F4-A7F2-B4A5CCCAEC26} 2013-05-17 10:31 - 2013-05-17 10:32 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{45235006-C801-487A-AB05-3DCF15C3C219} 2013-05-17 10:08 - 2013-05-17 10:08 - 00000000 __SHD C:\found.000 2013-05-17 10:01 - 2013-05-17 10:01 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\Program Files\iTunes 2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\Program Files\iPod 2013-05-16 22:31 - 2013-05-16 22:31 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{871C2234-30DD-4B06-A1C5-E09DB659313A} 2013-05-15 21:54 - 2013-05-16 09:54 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{A6186DFC-0BF2-4544-930B-258344CB1647} 2013-05-15 18:01 - 2013-04-04 22:52 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe 2013-05-15 18:01 - 2013-04-04 22:50 - 02647552 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-05-15 18:01 - 2013-04-04 22:50 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-05-15 18:01 - 2013-04-04 22:50 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-05-15 18:01 - 2013-04-04 22:50 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll 2013-05-15 18:01 - 2013-04-04 22:50 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll 2013-05-15 18:01 - 2013-04-04 22:50 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll 2013-05-15 18:01 - 2013-04-04 21:26 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-05-15 18:01 - 2013-04-04 21:26 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-05-15 18:01 - 2013-04-04 21:26 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-05-15 18:01 - 2013-04-04 21:26 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-05-15 18:01 - 2013-04-04 21:26 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-05-15 18:01 - 2013-04-04 21:26 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-05-15 18:01 - 2013-04-04 20:43 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-05-15 18:01 - 2013-04-04 20:29 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-05-15 18:01 - 2013-04-04 19:51 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe 2013-05-15 18:01 - 2013-04-04 19:38 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-05-15 18:00 - 2013-04-04 22:52 - 02242048 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-05-15 18:00 - 2013-04-04 22:52 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-05-15 18:00 - 2013-04-04 22:50 - 19231232 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-05-15 18:00 - 2013-04-04 22:50 - 15404032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-05-15 18:00 - 2013-04-04 22:50 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-05-15 18:00 - 2013-04-04 22:50 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-05-15 18:00 - 2013-04-04 22:50 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-05-15 18:00 - 2013-04-04 21:28 - 01767424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-05-15 18:00 - 2013-04-04 21:28 - 01130496 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-05-15 18:00 - 2013-04-04 21:26 - 14323712 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-05-15 18:00 - 2013-04-04 21:26 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-05-15 18:00 - 2013-04-04 21:26 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-05-15 18:00 - 2013-04-04 21:26 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-05-15 18:00 - 2013-04-04 21:26 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-05-15 09:39 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys 2013-05-15 09:39 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys 2013-05-15 09:39 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe 2013-05-15 09:39 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll 2013-05-15 09:39 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2013-05-15 09:39 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll 2013-05-15 09:39 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll 2013-05-15 09:39 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll 2013-05-15 09:39 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll 2013-05-15 09:39 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll 2013-05-15 09:39 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll 2013-05-15 09:38 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-05-15 09:38 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll 2013-05-15 09:38 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll 2013-05-15 09:11 - 2013-05-15 09:12 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{25C91D86-52FE-4A0C-89BE-72CD4CCCA599} 2013-05-14 12:27 - 2013-04-20 11:03 - 2412408213 ____A C:\Users\Ebonixa\Desktop\The Bourne Ultimatum.mp4 2013-05-14 11:05 - 2013-05-14 11:05 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{EBDA5BE1-2098-422E-A5BA-B297FB0C55C1} 2013-05-13 01:13 - 2013-05-13 01:14 - 00000000 ____D C:\Users\Ebonixa\Desktop\Birthday 2013-05-13 01:04 - 2013-05-13 13:04 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F5C08CFC-582E-4A20-9B5D-DEFE034B42E6} 2013-05-11 00:42 - 2013-05-12 12:43 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{052EB9B2-97B9-4FEA-BABB-68FE7FB795D1} 2013-05-08 09:12 - 2013-05-08 09:12 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{078CCC4D-097E-4345-A3A2-D9F45CAACA33} 2013-05-07 11:48 - 2013-05-07 11:48 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{40DA6ABD-837D-4AA9-A145-A8FEDD130978} 2013-05-06 22:39 - 2013-05-06 22:39 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{D39793F3-5F31-4926-9BCD-41A1E896FE3C} 2013-05-06 03:45 - 2013-05-06 03:45 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{D0250FFD-A12C-45F7-A106-57A96F09046F} 2013-05-05 03:44 - 2013-05-05 15:45 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4CFF497C-2F46-44AA-8FB8-FA8B1A8EA6DE} 2013-05-03 23:10 - 2013-05-04 11:11 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E4A55321-5928-40D3-9353-BA723A94D9C8} 2013-05-03 10:26 - 2013-05-03 10:26 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{32AC9B0D-A19A-4AD6-B662-8E22C95C5F4F} 2013-05-01 03:24 - 2013-05-01 03:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F980877C-C9D6-4EFB-91A8-64167A8CBA00} 2013-04-29 06:25 - 2013-04-29 06:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4056126B-3D55-4039-9BC3-66CBB9D113A1} 2013-04-28 03:04 - 2013-04-28 03:04 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{21E5A57B-F0BE-4BD4-9FE9-EC88CC525A85} 2013-04-27 01:19 - 2013-04-27 13:20 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{C3BEECA4-D1C7-4486-81B1-D431FEFB0354} 2013-04-24 11:55 - 2013-04-27 07:24 - 00000000 ____D C:\ProgramData\Yahoo! 2013-04-24 11:45 - 2013-04-27 07:24 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2013-04-24 09:32 - 2013-04-27 07:18 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-04-24 09:30 - 2013-04-24 09:30 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Babylon 2013-04-24 09:30 - 2013-04-24 09:30 - 00000000 ____D C:\ProgramData\Babylon 2013-04-24 04:19 - 2013-04-24 04:19 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4C62F919-1DB9-4018-9A5B-A72035C6C51A} 2013-04-23 10:50 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys 2013-04-23 10:45 - 2013-04-23 10:46 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F53A483A-04DE-46DD-B52B-F4AF0C430E1A} 2013-04-22 13:47 - 2013-04-23 10:39 - 00000000 ____D C:\ProgramData\E49B794EFB8B08280000E49A94BB0ED0 2013-04-22 01:13 - 2013-04-22 13:13 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{870A5655-66F4-44C6-893B-809F9DE4EF6E} 2013-04-21 02:51 - 2013-04-21 02:52 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{1CABE137-A1AE-47AF-8FE4-CDDBB76F44FF} 2013-04-20 01:42 - 2013-04-20 13:42 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E353FCF5-0065-4008-A24B-DDC997C90E51} 2013-04-19 04:17 - 2013-04-19 04:17 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{6C763C36-F1A7-47FF-B4CB-85450D330D01} ==================== One Month Modified Files and Folders ======= 2013-05-19 01:28 - 2013-05-19 01:28 - 00000000 ____D C:\FRST 2013-05-19 00:15 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache 2013-05-18 15:21 - 2012-06-24 04:24 - 00000418 ____A C:\Windows\Tasks\PC Optimizer Pro64 startups.job 2013-05-18 15:21 - 2011-08-15 10:34 - 00000896 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-05-18 15:21 - 2010-09-17 18:14 - 00000000 ____D C:\ProgramData\NVIDIA 2013-05-18 15:21 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-05-18 15:21 - 2009-07-13 20:51 - 00167691 ____A C:\Windows\setupact.log 2013-05-18 15:01 - 2010-09-17 18:09 - 01512877 ____A C:\Windows\WindowsUpdate.log 2013-05-18 14:59 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-05-18 14:59 - 2009-07-13 20:45 - 00009920 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-05-18 13:43 - 2010-11-19 09:30 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Azureus 2013-05-18 13:41 - 2011-07-24 01:37 - 00000916 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84892216-39173874-2601006852-1000UA.job 2013-05-18 13:38 - 2013-05-18 13:38 - 01038470 ____A C:\ProgramData\2433f433 2013-05-18 13:38 - 2013-05-18 13:38 - 01038421 ____A C:\Users\Ebonixa\AppData\Roaming\2433f433 2013-05-18 13:38 - 2013-05-18 13:38 - 01038396 ____A C:\Users\Ebonixa\AppData\Local\2433f433 2013-05-18 13:38 - 2013-05-18 13:38 - 00027136 ____A C:\Users\Ebonixa\Documents\2b727d08.exe 2013-05-18 13:38 - 2011-08-15 10:34 - 00000900 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-05-18 13:14 - 2012-09-10 13:24 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-05-18 13:03 - 2013-03-09 01:08 - 00001856 ____A C:\Users\Public\Desktop\McAfee Total Protection.lnk 2013-05-18 09:41 - 2011-07-24 01:37 - 00000864 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-84892216-39173874-2601006852-1000Core.job 2013-05-18 02:29 - 2009-07-13 21:13 - 00779306 ____A C:\Windows\System32\PerfStringBackup.INI 2013-05-18 02:26 - 2013-03-08 12:34 - 00000000 __RSD C:\Users\Ebonixa\Documents\McAfee Vaults 2013-05-18 02:25 - 2013-05-18 02:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E9423082-F149-40F4-A7F2-B4A5CCCAEC26} 2013-05-18 02:24 - 2012-11-05 10:25 - 00000000 ____D C:\Program Files (x86)\Steam 2013-05-18 02:24 - 2010-11-20 05:43 - 00000000 ____D C:\Users\Ebonixa\Tracing 2013-05-17 10:32 - 2013-05-17 10:31 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{45235006-C801-487A-AB05-3DCF15C3C219} 2013-05-17 10:08 - 2013-05-17 10:08 - 00000000 __SHD C:\found.000 2013-05-17 10:01 - 2013-05-17 10:01 - 00001795 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\Program Files\iTunes 2013-05-17 10:01 - 2013-05-17 10:01 - 00000000 ____D C:\Program Files\iPod 2013-05-17 10:01 - 2010-11-25 11:36 - 00000000 ____D C:\Program Files (x86)\iTunes 2013-05-17 09:53 - 2012-12-30 11:56 - 00000000 ____D C:\Users\Ebonixa\Desktop\Rayon 2013-05-17 04:14 - 2012-06-24 04:24 - 00000442 ____A C:\Windows\Tasks\PC Optimizer Pro Updates.job 2013-05-16 22:31 - 2013-05-16 22:31 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{871C2234-30DD-4B06-A1C5-E09DB659313A} 2013-05-16 09:54 - 2013-05-15 21:54 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{A6186DFC-0BF2-4544-930B-258344CB1647} 2013-05-15 18:27 - 2009-07-13 20:45 - 00432296 ____A C:\Windows\System32\FNTCACHE.DAT 2013-05-15 18:08 - 2010-11-19 06:29 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-05-15 18:05 - 2010-11-30 11:32 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-05-15 09:12 - 2013-05-15 09:11 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{25C91D86-52FE-4A0C-89BE-72CD4CCCA599} 2013-05-14 12:16 - 2012-05-09 22:51 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-05-14 12:16 - 2011-08-15 10:34 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-05-14 11:25 - 2010-05-10 16:55 - 00000000 ____D C:\ProgramData\Adobe 2013-05-14 11:05 - 2013-05-14 11:05 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{EBDA5BE1-2098-422E-A5BA-B297FB0C55C1} 2013-05-14 11:05 - 2010-11-19 16:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\CrashDumps 2013-05-13 13:04 - 2013-05-13 01:04 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F5C08CFC-582E-4A20-9B5D-DEFE034B42E6} 2013-05-13 01:14 - 2013-05-13 01:13 - 00000000 ____D C:\Users\Ebonixa\Desktop\Birthday 2013-05-12 12:43 - 2013-05-11 00:42 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{052EB9B2-97B9-4FEA-BABB-68FE7FB795D1} 2013-05-11 03:29 - 2010-11-19 11:17 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Skype 2013-05-08 09:12 - 2013-05-08 09:12 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{078CCC4D-097E-4345-A3A2-D9F45CAACA33} 2013-05-07 11:48 - 2013-05-07 11:48 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{40DA6ABD-837D-4AA9-A145-A8FEDD130978} 2013-05-06 22:39 - 2013-05-06 22:39 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{D39793F3-5F31-4926-9BCD-41A1E896FE3C} 2013-05-06 04:31 - 2013-03-23 10:15 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Might & Magic Heroes VI 2013-05-06 03:45 - 2013-05-06 03:45 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{D0250FFD-A12C-45F7-A106-57A96F09046F} 2013-05-05 15:45 - 2013-05-05 03:44 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4CFF497C-2F46-44AA-8FB8-FA8B1A8EA6DE} 2013-05-04 11:11 - 2013-05-03 23:10 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E4A55321-5928-40D3-9353-BA723A94D9C8} 2013-05-04 08:15 - 2010-11-19 06:12 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Adobe 2013-05-03 10:26 - 2013-05-03 10:26 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{32AC9B0D-A19A-4AD6-B662-8E22C95C5F4F} 2013-05-03 10:25 - 2013-03-09 01:03 - 00000000 ____D C:\Program Files (x86)\McAfee 2013-05-03 10:25 - 2010-05-10 16:58 - 01192848 ____A C:\Windows\PFRO.log 2013-05-01 17:06 - 2013-01-27 12:16 - 00278800 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe 2013-05-01 11:31 - 2013-03-08 12:33 - 00000000 ____D C:\Program Files\McAfee 2013-05-01 03:25 - 2013-05-01 03:24 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F980877C-C9D6-4EFB-91A8-64167A8CBA00} 2013-04-29 06:25 - 2013-04-29 06:25 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4056126B-3D55-4039-9BC3-66CBB9D113A1} 2013-04-28 03:04 - 2013-04-28 03:04 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{21E5A57B-F0BE-4BD4-9FE9-EC88CC525A85} 2013-04-27 13:20 - 2013-04-27 01:19 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{C3BEECA4-D1C7-4486-81B1-D431FEFB0354} 2013-04-27 07:24 - 2013-04-24 11:55 - 00000000 ____D C:\ProgramData\Yahoo! 2013-04-27 07:24 - 2013-04-24 11:45 - 00000000 ____D C:\Program Files (x86)\Yahoo! 2013-04-27 07:19 - 2013-03-09 04:53 - 00002059 ____A C:\Users\Public\Desktop\Configure McAfee Online Backup Service.lnk 2013-04-27 07:18 - 2013-04-24 09:32 - 00000000 ____D C:\Program Files (x86)\MyPC Backup 2013-04-24 09:30 - 2013-04-24 09:30 - 00000000 ____D C:\Users\Ebonixa\AppData\Roaming\Babylon 2013-04-24 09:30 - 2013-04-24 09:30 - 00000000 ____D C:\ProgramData\Babylon 2013-04-24 04:19 - 2013-04-24 04:19 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{4C62F919-1DB9-4018-9A5B-A72035C6C51A} 2013-04-23 10:46 - 2013-04-23 10:45 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{F53A483A-04DE-46DD-B52B-F4AF0C430E1A} 2013-04-23 10:40 - 2013-04-11 12:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-04-23 10:39 - 2013-04-22 13:47 - 00000000 ____D C:\ProgramData\E49B794EFB8B08280000E49A94BB0ED0 2013-04-22 13:13 - 2013-04-22 01:13 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{870A5655-66F4-44C6-893B-809F9DE4EF6E} 2013-04-21 03:15 - 2011-12-02 17:15 - 00000000 ____D C:\Program Files (x86)\World of Warcraft 2013-04-21 02:52 - 2013-04-21 02:51 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{1CABE137-A1AE-47AF-8FE4-CDDBB76F44FF} 2013-04-20 13:42 - 2013-04-20 01:42 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{E353FCF5-0065-4008-A24B-DDC997C90E51} 2013-04-20 11:03 - 2013-05-14 12:27 - 2412408213 ____A C:\Users\Ebonixa\Desktop\The Bourne Ultimatum.mp4 2013-04-19 04:17 - 2013-04-19 04:17 - 00000000 ____D C:\Users\Ebonixa\AppData\Local\{6C763C36-F1A7-47FF-B4CB-85450D330D01} ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-05-15 09:26:10 Restore point made on: 2013-05-15 18:00:41 ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=Y: description Windows Boot Manager locale en-US inherit {globalsettings} default {default} resumeobject {a6b45ddf-c096-11df-9988-b9460d959c47} displayorder {default} toolsdisplayorder {memdiag} timeout 30 Windows Boot Loader ------------------- identifier {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale en-US inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {a6b45ddf-c096-11df-9988-b9460d959c47} nx OptIn increaseuserva 2560 Windows Boot Loader ------------------- identifier {current} device ramdisk=[C:]\Recovery\a6b45de1-c096-11df-9988-b9460d959c47\Winre.wim,{a6b45de2-c096-11df-9988-b9460d959c47} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[C:]\Recovery\a6b45de1-c096-11df-9988-b9460d959c47\Winre.wim,{a6b45de2-c096-11df-9988-b9460d959c47} systemroot \windows nx OptIn winpe Yes Resume from Hibernate --------------------- identifier {a6b45ddf-c096-11df-9988-b9460d959c47} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=Y: path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {a6b45de2-c096-11df-9988-b9460d959c47} description Ramdisk Options ramdisksdidevice partition=C: ramdisksdipath \Recovery\a6b45de1-c096-11df-9988-b9460d959c47\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 11% Total physical RAM: 8183.11 MB Available physical RAM: 7231.09 MB Total Pagefile: 8181.26 MB Available Pagefile: 7241.49 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (Packard Bell) (Fixed) (Total:689.45 GB) (Free:229.48 GB) NTFS (Disk=0 Partition=3) Drive e: (DATA) (Fixed) (Total:689.71 GB) (Free:0.09 GB) NTFS (Disk=0 Partition=4) Drive f: (PQSERVICE) (Fixed) (Total:18 GB) (Free:6.54 GB) NTFS (Disk=0 Partition=1) Drive g: (MMH6 - EFIGS) (CDROM) (Total:5.84 GB) (Free:0 GB) UDF Drive h: (EBONIXA'S) (Removable) (Total:74.4 GB) (Free:64.32 GB) exFAT (Disk=1 Partition=1) Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=2) ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: 7CFACE33) Partition 1: (Not Active) - (Size=18 GB) - (Type=27) Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=689 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=690 GB) - (Type=07 NTFS) Attempted reading MBR returned 0 bytes. Could not read MBR for disk 1. Last Boot: 2013-05-13 15:33 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top
