Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Rootkit malware, ran HitmanPro, can't boot computer
Message
<blockquote data-quote="Agent_J" data-source="post: 187560" data-attributes="member: 21475"><p>Thanks THE! Burned Vista Recovery Disc from link in my OP. PC can now recognize hard drive after chkdsk. Ran FRST again as it still could not boot. More useful info this time:</p><p></p><p>Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014</p><p>Ran by SYSTEM on MINWINPC on 24-04-2014 12:18:30</p><p>Running from F:\</p><p>WIN_VISTA (X86) OS Language: English(US)</p><p>Boot Mode: Recovery</p><p></p><p>The current controlset is ControlSet001</p><p><strong>ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.</strong></p><p></p><p></p><p>The only official download link for FRST:</p><p>Download link for 32-Bit version: <a href="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/" target="_blank">http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/</a></p><p>Download link for 64-Bit Version: <a href="http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/" target="_blank">http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/</a></p><p>Download link from any site other than Bleeping Computer is unpermitted or outdated.</p><p>See tutorial for FRST: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/</a></p><p></p><p>==================== Registry (Whitelisted) ==================</p><p></p><p>HKLM\...\Winlogon: [Userinit]</p><p>HKLM\...\Winlogon: [Shell] [x ] () <=== ATTENTION</p><p>HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess?</p><p>HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess?</p><p>HKU\Jason\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Jason\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5e587e3fced947d09663d146f63004b7-d23a41fc13550866ec920055e2647950aa1d55df --CMPID 0913b</p><p>HKU\Jason\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Jason\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=5e587e3fced947d09663d146f63004b7-d23a41fc13550866ec920055e2647950aa1d55df /CMPID=1213b</p><p>HKU\Jason\...\Policies\Explorer: [HideSCAVolume] 0</p><p>HKU\Jason\...\Policies\Explorer: [HideSCANetwork] 0</p><p></p><p>========================== Services (Whitelisted) =================</p><p></p><p>S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660576 2011-02-12] (Acronis)</p><p>S4 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [0 2014-04-21] ()</p><p>S4 AgereModemAudio; C:\Windows\system32\agrsmsvc.exe [0 2006-10-04] ()</p><p>S2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [634988 2006-11-15] (Diskeeper Corporation)</p><p>S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [0 2014-04-21] ()</p><p>S3 IPSSVC; C:\Windows\system32\IPSSVC.EXE [0 2007-01-29] ()</p><p>S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [0 2014-04-03] ()</p><p>S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [0 2014-04-03] ()</p><p>S4 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [0 2006-12-15] ()</p><p>S3 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [0 2007-01-08] ()</p><p>S2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722496 2006-12-21] (IBM)</p><p>S2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2007-01-08] ()</p><p>S4 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [0 2007-01-08] ()</p><p>S4 AcPrfMgrSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [X]</p><p>S4 AcSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [X]</p><p>S3 ALG; %SystemRoot%\System32\alg.exe [X]</p><p>S3 Appinfo; %SystemRoot%\System32\appinfo.dll [X]</p><p>S4 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X]</p><p>S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [X]</p><p>S2 AudioEndpointBuilder; %SystemRoot%\System32\Audiosrv.dll [X]</p><p>S2 Audiosrv; %SystemRoot%\System32\Audiosrv.dll [X]</p><p>S2 AVGIDSAgent; "C:\Program Files\AVG\AVG2014\avgidsagent.exe" [X]</p><p>S2 avgwd; "C:\Program Files\AVG\AVG2014\avgwdsvc.exe" [X]</p><p>S2 BFE; %SystemRoot%\System32\bfe.dll [X]</p><p>S3 BITS; %systemroot%\system32\qmgr.dll [X]</p><p>S3 Browser; %SystemRoot%\System32\browser.dll [X]</p><p>S3 CertPropSvc; %SystemRoot%\System32\certprop.dll [X]</p><p>S4 clr_optimization_v2.0.50727_32; %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [X]</p><p>S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]</p><p>S2 CryptSvc; %SystemRoot%\system32\cryptsvc.dll [X]</p><p>S2 CscService; %SystemRoot%\System32\cscsvc.dll [X]</p><p>S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]</p><p>S3 DFSR; %SystemRoot%\system32\DFSR.exe [X]</p><p>S2 Dhcp; %SystemRoot%\System32\dhcpcsvc.dll [X]</p><p>S2 Dnscache; %SystemRoot%\System32\dnsrslvr.dll [X]</p><p>S3 dot3svc; %SystemRoot%\System32\dot3svc.dll [X]</p><p>S2 DPS; %SystemRoot%\system32\dps.dll [X]</p><p>S3 EapHost; %SystemRoot%\System32\eapsvc.dll [X]</p><p>S2 EMDMgmt; %systemroot%\system32\emdmgmt.dll [X]</p><p>S2 Eventlog; %SystemRoot%\System32\wevtsvc.dll [X]</p><p>S2 EventSystem; %systemroot%\system32\es.dll [X]</p><p>S4 Fax; %systemroot%\system32\fxssvc.exe [X]</p><p>S3 fdPHost; %SystemRoot%\system32\fdPHost.dll [X]</p><p>S2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [X]</p><p>S2 FontCache; %SystemRoot%\system32\FntCache.dll [X]</p><p>S3 FontCache3.0.0.0; %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [X]</p><p>S2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [X]</p><p>S2 gpsvc; %SystemRoot%\System32\gpsvc.dll [X]</p><p>S4 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X]</p><p>S4 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X]</p><p>S2 HitmanPro37CrusaderBoot; "C:\Users\Jason\Desktop\HitmanPro.exe" /crusader:boot [X]</p><p>S3 hkmsvc; %SystemRoot%\system32\kmsvc.dll [X]</p><p>S4 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [X]</p><p>S3 idsvc; "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X]</p><p>S3 IKEEXT; %SystemRoot%\System32\ikeext.dll [X]</p><p>S3 IPBusEnum; %SystemRoot%\system32\ipbusenum.dll [X]</p><p>S4 iphlpsvc; %SystemRoot%\System32\iphlpsvc.dll [X]</p><p>S2 KtmRm; %systemroot%\system32\msdtckrm.dll [X]</p><p>S2 LanmanServer; %SystemRoot%\System32\srvsvc.dll [X]</p><p>S2 LanmanWorkstation; %SystemRoot%\System32\wkssvc.dll [X]</p><p>S3 lltdsvc; %SystemRoot%\System32\lltdsvc.dll [X]</p><p>S3 Microsoft Office Groove Audit Service; "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" [X]</p><p>S2 MMCSS; %SystemRoot%\system32\mmcss.dll [X]</p><p>S4 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X]</p><p>S2 MpsSvc; %SystemRoot%\system32\mpssvc.dll [X]</p><p>S3 MSDTC; %SystemRoot%\System32\msdtc.exe [X]</p><p>S3 MSiSCSI; %systemroot%\system32\iscsiexe.dll [X]</p><p>S3 MSIServer; %systemroot%\system32\msiexec.exe /V [X]</p><p>S3 napagent; %SystemRoot%\system32\qagentRT.dll [X]</p><p>S3 Netman; %SystemRoot%\System32\netman.dll [X]</p><p>S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X]</p><p>S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X]</p><p>S2 netprofm; %SystemRoot%\System32\netprofm.dll [X]</p><p>S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X]</p><p>S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X]</p><p>S2 NlaSvc; %SystemRoot%\System32\nlasvc.dll [X]</p><p>S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X]</p><p>S2 nsi; %systemroot%\system32\nsisvc.dll [X]</p><p>S3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [X]</p><p>S3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]</p><p>S3 p2pimsvc; %SystemRoot%\system32\p2psvc.dll [X]</p><p>S3 p2psvc; %SystemRoot%\system32\p2psvc.dll [X]</p><p>S2 PcaSvc; %SystemRoot%\System32\pcasvc.dll [X]</p><p>S3 pla; %systemroot%\system32\pla.dll [X]</p><p>S2 PlugPlay; %SystemRoot%\system32\umpnpmgr.dll [X]</p><p>S3 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [X]</p><p>S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X]</p><p>S4 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [X]</p><p>S3 PNRPAutoReg; %SystemRoot%\system32\p2psvc.dll [X]</p><p>S3 PNRPsvc; %SystemRoot%\system32\p2psvc.dll [X]</p><p>S2 PolicyAgent; %SystemRoot%\System32\ipsecsvc.dll [X]</p><p>S2 ProfSvc; %systemroot%\system32\profsvc.dll [X]</p><p>S3 QWAVE; %windir%\system32\qwave.dll [X]</p><p>S3 RasAuto; %SystemRoot%\System32\rasauto.dll [X]</p><p>S4 RasMan; %SystemRoot%\System32\rasmans.dll [X]</p><p>S4 RemoteAccess; %SystemRoot%\System32\mprdim.dll [X]</p><p>S3 RemoteRegistry; %SystemRoot%\system32\regsvc.dll [X]</p><p>S2 rpcnet; C:\Windows\system32\rpcnet.exe [X]</p><p>S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X]</p><p>S4 SandraDataSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe [X]</p><p>S4 SandraTheSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe [X]</p><p>S3 SCardSvr; %SystemRoot%\System32\SCardSvr.dll [X]</p><p>S2 Schedule; %systemroot%\system32\schedsvc.dll [X]</p><p>S3 SCPolicySvc; %SystemRoot%\System32\certprop.dll [X]</p><p>S3 SDRSVC; %Systemroot%\System32\SDRSVC.dll [X]</p><p>S2 seclogon; %windir%\system32\seclogon.dll [X]</p><p>S2 SENS; %SystemRoot%\system32\sens.dll [X]</p><p>S3 SessionEnv; %SystemRoot%\system32\sessenv.dll [X]</p><p>S2 SharedAccess; %SystemRoot%\System32\ipnathlp.dll [X]</p><p>S2 ShellHWDetection; %SystemRoot%\System32\shsvcs.dll [X]</p><p>S4 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [X]</p><p>S2 slsvc; %SystemRoot%\system32\SLsvc.exe [X]</p><p>S3 SLUINotify; %SystemRoot%\system32\SLUINotify.dll [X]</p><p>S2 Spooler; %SystemRoot%\System32\spoolsv.exe [X]</p><p>S4 SSDPSRV; %SystemRoot%\System32\ssdpsrv.dll [X]</p><p>S3 SstpSvc; %SystemRoot%\system32\sstpsvc.dll [X]</p><p>S2 stisvc; %SystemRoot%\System32\wiaservc.dll [X]</p><p>S3 swprv; %Systemroot%\System32\swprv.dll [X]</p><p>S2 SysMain; %systemroot%\system32\sysmain.dll [X]</p><p>S3 TapiSrv; %SystemRoot%\System32\tapisrv.dll [X]</p><p>S2 TBS; %SystemRoot%\System32\tbssvc.dll [X]</p><p>S4 TermService; %SystemRoot%\System32\termsrv.dll [X]</p><p>S4 Themes; %SystemRoot%\system32\shsvcs.dll [X]</p><p>S3 THREADORDER; %SystemRoot%\system32\mmcss.dll [X]</p><p>S4 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [X]</p><p>S2 TrkWks; %SystemRoot%\System32\trkwks.dll [X]</p><p>S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X]</p><p>S2 TVersityMediaServer; "C:\ProgramData\TVersity\Media Server\MediaServer.exe" [X]</p><p>S3 UI0Detect; %SystemRoot%\system32\UI0Detect.exe [X]</p><p>S3 UmRdpService; %SystemRoot%\System32\umrdp.dll [X]</p><p>S2 upnphost; %SystemRoot%\System32\upnphost.dll [X]</p><p>S4 UxSms; %SystemRoot%\System32\uxsms.dll [X]</p><p>S3 vds; %SystemRoot%\System32\vds.exe [X]</p><p>S3 VSS; %systemroot%\system32\vssvc.exe [X]</p><p>S2 W32Time; %systemroot%\system32\w32time.dll [X]</p><p>S3 wbengine; "%systemroot%\system32\wbengine.exe" [X]</p><p>S3 wcncsvc; %SystemRoot%\System32\wcncsvc.dll [X]</p><p>S3 WdiServiceHost; %SystemRoot%\system32\wdi.dll [X]</p><p>S3 WdiSystemHost; %SystemRoot%\system32\wdi.dll [X]</p><p>S2 WebClient; %SystemRoot%\System32\webclnt.dll [X]</p><p>S2 WebrootSpySweeperService; "C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe" [X]</p><p>S3 Wecsvc; %SystemRoot%\system32\wecsvc.dll [X]</p><p>S3 wercplsupport; %SystemRoot%\System32\wercplsupport.dll [X]</p><p>S4 WerSvc; %SystemRoot%\System32\WerSvc.dll [X]</p><p>S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X]</p><p>S2 Winmgmt; %SystemRoot%\system32\wbem\WMIsvc.dll [X]</p><p>S3 WinRM; %SystemRoot%\system32\WsmSvc.dll [X]</p><p>S2 Wlansvc; %SystemRoot%\System32\wlansvc.dll [X]</p><p>S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [X]</p><p>S3 wmiApSrv; %systemroot%\system32\wbem\WmiApSrv.exe [X]</p><p>S4 WMPNetworkSvc; "%ProgramFiles%\Windows Media Player\wmpnetwk.exe" [X]</p><p>S2 WPDBusEnum; %SystemRoot%\system32\wpdbusenum.dll [X]</p><p>S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X]</p><p>S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [X]</p><p>S2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X]</p><p>S2 wuauserv; %systemroot%\system32\wuaueng.dll [X]</p><p>S2 wudfsvc; %SystemRoot%\System32\WUDFSvc.dll [X]</p><p></p><p>==================== Drivers (Whitelisted) ====================</p><p></p><p>S4 adpahci; C:\Windows\system32\drivers\adpahci.sys [0 2006-11-02] ()</p><p>S4 adpu320; C:\Windows\system32\drivers\adpu320.sys [0 2006-11-02] ()</p><p>S3 agp440; C:\Windows\system32\drivers\agp440.sys [0 2006-11-02] ()</p><p>S4 aic78xx; C:\Windows\system32\drivers\djsvs.sys [0 2006-11-02] ()</p><p>S3 amdagp; C:\Windows\system32\drivers\amdagp.sys [0 2006-11-02] ()</p><p>S4 AmdK7; C:\Windows\system32\drivers\amdk7.sys [0 2006-11-02] ()</p><p>S4 AmdK8; C:\Windows\system32\drivers\amdk8.sys [0 2006-11-02] ()</p><p>S4 arc; C:\Windows\system32\drivers\arc.sys [0 2006-11-02] ()</p><p>S4 arcsas; C:\Windows\system32\drivers\arcsas.sys [0 2006-11-02] ()</p><p>S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.)</p><p>S3 BrFiltLo; C:\Windows\system32\drivers\brfiltlo.sys [0 2006-11-02] ()</p><p>S4 Brserid; C:\Windows\system32\drivers\brserid.sys [0 2006-11-02] ()</p><p>S4 BrSerWdm; C:\Windows\system32\drivers\brserwdm.sys [0 2006-11-02] ()</p><p>S4 elxstor; C:\Windows\system32\drivers\elxstor.sys [0 2006-11-02] ()</p><p>S4 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [0 2006-11-02] ()</p><p>S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [0 2006-11-02] ()</p><p>S0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] ()</p><p>S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [0 2009-04-10] ()</p><p>S4 iaStorV; C:\Windows\system32\drivers\iastorv.sys [0 2006-11-02] ()</p><p>S4 IPMIDRV; C:\Windows\system32\drivers\ipmidrv.sys [0 2006-11-02] ()</p><p>S4 isapnp; C:\Windows\system32\drivers\isapnp.sys [0 2006-11-02] ()</p><p>S4 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [0 2006-11-02] ()</p><p>S4 iteraid; C:\Windows\system32\drivers\iteraid.sys [0 2006-11-02] ()</p><p>S4 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [0 2006-11-02] ()</p><p>S0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-11-09] (COMPAL ELECTRONIC INC.)</p><p>S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [0 2014-04-03] ()</p><p>S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [0 2014-04-03] ()</p><p>S4 megasas; C:\Windows\system32\drivers\megasas.sys [0 2006-11-02] ()</p><p>S4 msdsm; C:\Windows\system32\drivers\msdsm.sys [0 2006-11-02] ()</p><p>S3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation)</p><p>S4 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [0 2006-11-02] ()</p><p>S4 nvraid; C:\Windows\system32\drivers\nvraid.sys [0 2006-11-02] ()</p><p>S4 nvstor; C:\Windows\system32\drivers\nvstor.sys [0 2006-11-02] ()</p><p>S2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited)</p><p>S4 ql2300; C:\Windows\system32\drivers\ql2300.sys [0 2006-11-02] ()</p><p>S4 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [0 2006-11-02] ()</p><p>S4 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [0 2006-11-02] ()</p><p>S3 Serial; C:\Windows\System32\DRIVERS\serial.sys [0 2006-11-02] ()</p><p>S4 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [0 2006-11-02] ()</p><p>S0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider)</p><p>S4 Symc8xx; C:\Windows\system32\drivers\symc8xx.sys [0 2006-11-02] ()</p><p>S4 Sym_hi; C:\Windows\system32\drivers\sym_hi.sys [0 2006-11-02] ()</p><p>S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [0 2006-11-02] ()</p><p>S4 UlSata; C:\Windows\system32\drivers\ulsata.sys [0 2006-11-02] ()</p><p>S4 usbccgp; C:\Windows\system32\drivers\usbccgp.sys [0 2006-11-02] ()</p><p>S4 usbprint; C:\Windows\system32\drivers\usbprint.sys [0 2006-11-02] ()</p><p>S4 viaide; C:\Windows\system32\drivers\viaide.sys [0 2006-11-02] ()</p><p>S4 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [0 2006-11-02] ()</p><p>S4 WacomPen; C:\Windows\system32\drivers\wacompen.sys [0 2006-11-02] ()</p><p>S0 ACPI; system32\drivers\acpi.sys [X]</p><p>S1 AFD; \SystemRoot\system32\drivers\afd.sys [X]</p><p>S3 AsyncMac; system32\DRIVERS\asyncmac.sys [X]</p><p>S0 atapi; system32\drivers\atapi.sys [X]</p><p>S1 Avgdiskx; system32\DRIVERS\avgdiskx.sys [X]</p><p>S1 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X]</p><p>S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X]</p><p>S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X]</p><p>S1 Avgldx86; system32\DRIVERS\avgldx86.sys [X]</p><p>S0 Avglogx; system32\DRIVERS\avglogx.sys [X]</p><p>S0 Avgmfx86; system32\DRIVERS\avgmfx86.sys [X]</p><p>S0 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X]</p><p>S1 Avgtdix; system32\DRIVERS\avgtdix.sys [X]</p><p>S1 Beep; No ImagePath</p><p>S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]</p><p>S3 bowser; system32\DRIVERS\bowser.sys [X]</p><p>S4 cdfs; system32\DRIVERS\cdfs.sys [X]</p><p>S1 cdrom; system32\DRIVERS\cdrom.sys [X]</p><p>S0 CLFS; System32\CLFS.sys [X]</p><p>S3 CmBatt; system32\DRIVERS\CmBatt.sys [X]</p><p>S0 Compbatt; system32\DRIVERS\compbatt.sys [X]</p><p>S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [X]</p><p>S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X]</p><p>S1 CSC; system32\drivers\csc.sys [X]</p><p>S1 DfsC; System32\Drivers\dfsc.sys [X]</p><p>S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]</p><p>S0 disk; system32\drivers\disk.sys [X]</p><p>S3 drmkaud; system32\drivers\drmkaud.sys [X]</p><p>S3 DXGKrnl; \SystemRoot\System32\drivers\dxgkrnl.sys [X]</p><p>S0 Ecache; System32\drivers\ecache.sys [X]</p><p>S2 EGATHDRV; \??\C:\Windows\system32\EGATHDRV.SYS [X]</p><p>S3 ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [X]</p><p>S3 exfat; No ImagePath</p><p>S3 fastfat; No ImagePath</p><p>S0 FileInfo; system32\drivers\fileinfo.sys [X]</p><p>S3 Filetrace; system32\drivers\filetrace.sys [X]</p><p>S0 FltMgr; system32\drivers\fltmgr.sys [X]</p><p>S1 Fs_Rec; No ImagePath</p><p>S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X]</p><p>S3 HDAudBus; system32\DRIVERS\HDAudBus.sys [X]</p><p>S3 HidUsb; system32\DRIVERS\hidusb.sys [X]</p><p>S4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X]</p><p>S3 HTTP; system32\drivers\HTTP.sys [X]</p><p>S1 i8042prt; system32\DRIVERS\i8042prt.sys [X]</p><p>S3 ialm; system32\DRIVERS\igdkmd32.sys [X]</p><p>S3 igfx; system32\DRIVERS\igdkmd32.sys [X]</p><p>S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]</p><p>S0 intelide; system32\drivers\intelide.sys [X]</p><p>S3 intelppm; system32\DRIVERS\intelppm.sys [X]</p><p>S3 IpFilterDriver; system32\DRIVERS\ipfltdrv.sys [X]</p><p>S3 IpInIp; system32\DRIVERS\ipinip.sys [X]</p><p>S3 IPNAT; system32\DRIVERS\ipnat.sys [X]</p><p>S3 IRENUM; system32\drivers\irenum.sys [X]</p><p>S3 iScsiPrt; system32\DRIVERS\msiscsi.sys [X]</p><p>S1 kbdclass; system32\DRIVERS\kbdclass.sys [X]</p><p>S0 KSecDD; System32\Drivers\ksecdd.sys [X]</p><p>S2 lltdio; system32\DRIVERS\lltdio.sys [X]</p><p>S2 luafv; \SystemRoot\system32\drivers\luafv.sys [X]</p><p>S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]</p><p>S3 Modem; system32\drivers\modem.sys [X]</p><p>S3 monitor; system32\DRIVERS\monitor.sys [X]</p><p>S1 mouclass; system32\DRIVERS\mouclass.sys [X]</p><p>S3 mouhid; system32\DRIVERS\mouhid.sys [X]</p><p>S0 MountMgr; System32\drivers\mountmgr.sys [X]</p><p>S3 mpsdrv; System32\drivers\mpsdrv.sys [X]</p><p>S3 MRxDAV; \SystemRoot\system32\drivers\mrxdav.sys [X]</p><p>S3 mrxsmb; system32\DRIVERS\mrxsmb.sys [X]</p><p>S3 mrxsmb10; system32\DRIVERS\mrxsmb10.sys [X]</p><p>S3 mrxsmb20; system32\DRIVERS\mrxsmb20.sys [X]</p><p>S1 Msfs; No ImagePath</p><p>S0 msisadrv; system32\drivers\msisadrv.sys [X]</p><p>S3 MSKSSRV; system32\drivers\MSKSSRV.sys [X]</p><p>S3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [X]</p><p>S3 MSPQM; system32\drivers\MSPQM.sys [X]</p><p>S3 MsRPC; No ImagePath</p><p>S3 mssmbios; system32\DRIVERS\mssmbios.sys [X]</p><p>S3 MSTEE; system32\drivers\MSTEE.sys [X]</p><p>S0 Mup; System32\Drivers\mup.sys [X]</p><p>S3 NativeWifiP; system32\DRIVERS\nwifi.sys [X]</p><p>S0 NDIS; system32\drivers\ndis.sys [X]</p><p>S3 NdisTapi; system32\DRIVERS\ndistapi.sys [X]</p><p>S3 Ndisuio; system32\DRIVERS\ndisuio.sys [X]</p><p>S3 NdisWan; system32\DRIVERS\ndiswan.sys [X]</p><p>S3 NDProxy; No ImagePath</p><p>S1 NetBIOS; system32\DRIVERS\netbios.sys [X]</p><p>S1 netbt; System32\DRIVERS\netbt.sys [X]</p><p>S3 NETw4v32; system32\DRIVERS\NETw4v32.sys [X]</p><p>S1 Npfs; No ImagePath</p><p>S1 nsiproxy; system32\drivers\nsiproxy.sys [X]</p><p>S3 Ntfs; No ImagePath</p><p>S1 Null; No ImagePath</p><p>S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]</p><p>S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]</p><p>S3 ohci1394; system32\DRIVERS\ohci1394.sys [X]</p><p>S3 P1130VID; system32\DRIVERS\P1130Vid.sys [X]</p><p>S0 partmgr; System32\drivers\partmgr.sys [X]</p><p>S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]</p><p>S0 pci; system32\drivers\pci.sys [X]</p><p>S3 PptpMiniport; system32\DRIVERS\raspptp.sys [X]</p><p>S1 PSched; system32\DRIVERS\pacer.sys [X]</p><p>S3 QWAVEdrv; \SystemRoot\system32\drivers\qwavedrv.sys [X]</p><p>S1 RasAcd; System32\DRIVERS\rasacd.sys [X]</p><p>S3 Rasl2tp; system32\DRIVERS\rasl2tp.sys [X]</p><p>S3 RasPppoe; system32\DRIVERS\raspppoe.sys [X]</p><p>S3 RasSstp; system32\DRIVERS\rassstp.sys [X]</p><p>S1 rdbss; system32\DRIVERS\rdbss.sys [X]</p><p>S1 RDPCDD; System32\DRIVERS\RDPCDD.sys [X]</p><p>S3 rdpdr; system32\DRIVERS\rdpdr.sys [X]</p><p>S1 RDPENCDD; system32\drivers\rdpencdd.sys [X]</p><p>S3 RDPWD; No ImagePath</p><p>S2 rimsptsk; system32\DRIVERS\rimsptsk.sys [X]</p><p>S2 rspndr; system32\DRIVERS\rspndr.sys [X]</p><p>S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [X]</p><p>S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X]</p><p>S3 sdbus; system32\DRIVERS\sdbus.sys [X]</p><p>S4 sermouse; \SystemRoot\system32\drivers\sermouse.sys [X]</p><p>S1 Smb; system32\DRIVERS\smb.sys [X]</p><p>S0 spldr; No ImagePath</p><p>S0 sptd; System32\Drivers\sptd.sys [X]</p><p>S3 srv; System32\DRIVERS\srv.sys [X]</p><p>S3 srv2; System32\DRIVERS\srv2.sys [X]</p><p>S3 srvnet; System32\DRIVERS\srvnet.sys [X]</p><p>S0 ssfs0bbc; system32\DRIVERS\ssfs0bbc.sys [X]</p><p>S0 sshrmd; system32\DRIVERS\sshrmd.sys [X]</p><p>S0 ssidrv; system32\DRIVERS\ssidrv.sys [X]</p><p>S1 ssmdrv; system32\DRIVERS\ssmdrv.sys [X]</p><p>S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]</p><p>S1 StarOpen; No ImagePath</p><p>S3 swenum; system32\DRIVERS\swenum.sys [X]</p><p>S3 taphss; system32\DRIVERS\taphss.sys [X]</p><p>S0 Tcpip; System32\drivers\tcpip.sys [X]</p><p>S3 Tcpip6; system32\DRIVERS\tcpip.sys [X]</p><p>S2 tcpipreg; System32\drivers\tcpipreg.sys [X]</p><p>S3 TDPIPE; system32\drivers\tdpipe.sys [X]</p><p>S3 TDTCP; system32\drivers\tdtcp.sys [X]</p><p>S1 tdx; system32\DRIVERS\tdx.sys [X]</p><p>S1 TermDD; system32\DRIVERS\termdd.sys [X]</p><p>S0 TfFsMon; system32\drivers\TfFsMon.sys [X]</p><p>S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X]</p><p>S0 TfSysMon; system32\drivers\TfSysMon.sys [X]</p><p>S3 tssecsrv; System32\DRIVERS\tssecsrv.sys [X]</p><p>S3 tunmp; system32\DRIVERS\tunmp.sys [X]</p><p>S3 tunnel; system32\DRIVERS\tunnel.sys [X]</p><p>S4 udfs; system32\DRIVERS\udfs.sys [X]</p><p>S3 umbus; system32\DRIVERS\umbus.sys [X]</p><p>S3 USBAAPL; System32\Drivers\usbaapl.sys [X]</p><p>S3 usbhub; system32\DRIVERS\usbhub.sys [X]</p><p>S3 usbser; system32\drivers\usbser.sys [X]</p><p>S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X]</p><p>S1 VgaSave; \SystemRoot\System32\drivers\vga.sys [X]</p><p>S0 volmgr; system32\drivers\volmgr.sys [X]</p><p>S0 volmgrx; System32\drivers\volmgrx.sys [X]</p><p>S0 volsnap; system32\drivers\volsnap.sys [X]</p><p>S3 vsbus; system32\DRIVERS\vsb.sys [X]</p><p>S3 vserial; System32\DRIVERS\vserial.sys [X]</p><p>S3 Wanarp; system32\DRIVERS\wanarp.sys [X]</p><p>S1 Wanarpv6; system32\DRIVERS\wanarp.sys [X]</p><p>S0 Wdf01000; system32\drivers\Wdf01000.sys [X]</p><p>S3 WmiAcpi; system32\DRIVERS\wmiacpi.sys [X]</p><p>S3 WpdUsb; system32\DRIVERS\wpdusb.sys [X]</p><p>S4 ws2ifsl; \SystemRoot\system32\drivers\ws2ifsl.sys [X]</p><p>S3 WudfPf; system32\drivers\WudfPf.sys [X]</p><p>S3 WUDFRd; system32\DRIVERS\WUDFRd.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p></p><p>==================== One Month Created Files and Folders ========</p><p></p><p>2014-04-24 12:18 - 2014-04-24 12:18 - 00000000 ____D () C:\FRST</p><p>2014-04-24 07:02 - 2014-04-24 07:02 - 00000000 __SHD () C:\found.001</p><p>2014-04-21 22:28 - 2014-04-21 22:28 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe</p><p>2014-04-21 22:28 - 2014-04-21 22:28 - 00000326 _____ () C:\Windows\System32\bootdelete.lst</p><p>2014-04-21 22:28 - 2014-04-21 22:28 - 00000000 _____ () C:\Windows\System32\.crusader</p><p>2014-04-21 22:26 - 2014-04-21 22:26 - 00027060 _____ () C:\Users\Jason\Desktop\HitmanPro_20140422_0226.log</p><p>2014-04-21 22:03 - 2014-04-21 22:03 - 00000000 ____D () C:\Program Files\HitmanPro</p><p>2014-04-21 21:58 - 2014-04-21 22:28 - 00000000 ____D () C:\ProgramData\HitmanPro</p><p>2014-04-21 21:18 - 2014-04-21 21:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware</p><p>2014-04-21 21:18 - 2014-04-03 05:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys</p><p>2014-04-21 21:18 - 2014-04-03 05:51 - 00000000 _____ () C:\Windows\System32\Drivers\mwac.sys</p><p></p><p>==================== One Month Modified Files and Folders =======</p><p></p><p>2014-04-24 12:18 - 2014-04-24 12:18 - 00000000 ____D () C:\FRST</p><p>2014-04-24 07:02 - 2014-04-24 07:02 - 00000000 __SHD () C:\found.001</p><p>2014-04-21 22:30 - 2010-04-30 11:28 - 00002128 _____ () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0</p><p>2014-04-21 22:30 - 2010-04-30 11:28 - 00002128 _____ () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0</p><p>2014-04-21 22:30 - 2007-05-26 15:46 - 00000000 _____ () C:\Windows\WindowsUpdate.log</p><p>2014-04-21 22:28 - 2014-04-21 22:28 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe</p><p>2014-04-21 22:28 - 2014-04-21 22:28 - 00000326 _____ () C:\Windows\System32\bootdelete.lst</p><p>2014-04-21 22:28 - 2014-04-21 22:28 - 00000000 _____ () C:\Windows\System32\.crusader</p><p>2014-04-21 22:28 - 2014-04-21 21:58 - 00000000 ____D () C:\ProgramData\HitmanPro</p><p>2014-04-21 22:26 - 2014-04-21 22:26 - 00027060 _____ () C:\Users\Jason\Desktop\HitmanPro_20140422_0226.log</p><p>2014-04-21 22:03 - 2014-04-21 22:03 - 00000000 ____D () C:\Program Files\HitmanPro</p><p>2014-04-21 21:18 - 2014-04-21 21:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware</p><p>2014-04-21 21:18 - 2010-11-21 16:48 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Malwarebytes</p><p>2014-04-21 21:18 - 2010-11-21 16:48 - 00000000 ____D () C:\ProgramData\Malwarebytes</p><p>2014-04-21 18:53 - 2006-11-02 03:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared</p><p>2014-04-21 18:01 - 2014-03-22 08:28 - 00000000 ____D () C:\Program Files\iPod</p><p>2014-04-21 17:27 - 2012-07-28 07:43 - 00000000 ____D () C:\ProgramData\MFAData</p><p>2014-04-21 17:19 - 2007-05-27 19:48 - 00000000 ____D () C:\Users\Jason\Local Settings\Application Data\Adobe</p><p>2014-04-21 17:19 - 2007-05-27 19:48 - 00000000 ____D () C:\Users\Jason\AppData\Local\Adobe</p><p>2014-04-21 16:57 - 2006-11-02 05:00 - 00489160 _____ () C:\Windows\PFRO.log</p><p>2014-04-16 18:12 - 2007-05-26 16:10 - 00000000 ____D () C:\Program Files\Java</p><p>2014-04-14 18:59 - 2010-11-22 14:40 - 00183808 _____ () C:\Users\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>2014-04-14 18:59 - 2010-11-22 14:40 - 00183808 _____ () C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini</p><p>2014-04-09 08:56 - 2006-11-02 02:24 - 00000000 _____ () C:\Windows\System32\mrt.exe</p><p>2014-04-08 16:46 - 2006-11-02 02:33 - 00763586 _____ () C:\Windows\System32\PerfStringBackup.INI</p><p>2014-04-03 05:51 - 2014-04-21 21:18 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys</p><p>2014-04-03 05:51 - 2014-04-21 21:18 - 00000000 _____ () C:\Windows\System32\Drivers\mwac.sys</p><p>2014-04-03 05:50 - 2010-11-21 16:48 - 00000000 _____ () C:\Windows\System32\Drivers\mbam.sys</p><p></p><p>==================== Known DLLs (Whitelisted) ============</p><p></p><p>C:\Windows\System32\clbcatq.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\ole32.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\advapi32.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\COMDLG32.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\gdi32.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\IERTUTIL.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\IMAGEHLP.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\IMM32.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\MSCTF.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\MSVCRT.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\NSI.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\OLEAUT32.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\rpcrt4.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\Setupapi.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\SHELL32.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\SHLWAPI.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\URLMON.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\user32.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\USP10.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\WININET.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\WLDAP32.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\WS2_32.dll IS MISSING <==== ATTENTION!.</p><p></p><p>==================== Bamital & volsnap Check =================</p><p></p><p>C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.</p><p>C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.</p><p></p><p>==================== EXE ASSOCIATION =====================</p><p></p><p>HKLM\...\.exe: <===== ATTENTION!</p><p>HKLM\...\exefile\DefaultIcon: <===== ATTENTION!</p><p>HKLM\...\exefile\open\command: <===== ATTENTION!</p><p></p><p>==================== Restore Points =========================</p><p></p><p></p><p>==================== Memory info ===========================</p><p></p><p>Percentage of memory in use: 13%</p><p>Total physical RAM: 2549.81 MB</p><p>Available physical RAM: 2194.38 MB</p><p>Total Pagefile: 2349.67 MB</p><p>Available Pagefile: 2218.09 MB</p><p>Total Virtual: 2047.88 MB</p><p>Available Virtual: 1981.66 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: (SW_Preload) (Fixed) (Total:6.92 GB) (Free:4.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]</p><p>Drive d: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF</p><p>Drive e: (ServiceV002) (Fixed) (Total:6.92 GB) (Free:2.66 GB) NTFS ==>[System with boot components (obtained from reading drive)]</p><p>Drive f: () (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT32</p><p>Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (Size: 149 GB) (Disk ID: 95F3457A)</p><p>Partition 1: (Not Active) - (Size=7 GB) - (Type=27)</p><p>Partition 2: (Active) - (Size=142 GB) - (Type=07 NTFS)</p><p></p><p>========================================================</p><p>Disk: 1 (Size: 960 MB) (Disk ID: 73696D20)</p><p>No partition Table on disk 1.</p><p></p><p></p><p>LastRegBack: 2014-04-21 17:04</p><p></p><p>==================== End Of Log ============================</p></blockquote><p></p>
[QUOTE="Agent_J, post: 187560, member: 21475"] Thanks THE! Burned Vista Recovery Disc from link in my OP. PC can now recognize hard drive after chkdsk. Ran FRST again as it still could not boot. More useful info this time: Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-04-2014 Ran by SYSTEM on MINWINPC on 24-04-2014 12:18:30 Running from F:\ WIN_VISTA (X86) OS Language: English(US) Boot Mode: Recovery The current controlset is ControlSet001 [B]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/B] The only official download link for FRST: Download link for 32-Bit version: [url]http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/[/url] Download link for 64-Bit Version: [url]http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/[/url] Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: [url]http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/[/url] ==================== Registry (Whitelisted) ================== HKLM\...\Winlogon: [Userinit] HKLM\...\Winlogon: [Shell] [x ] () <=== ATTENTION HKLM\...\InprocServer32: [Default-wbemess] ATTENTION! ====> ZeroAccess? HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox] ATTENTION! ====> ZeroAccess? HKU\Jason\...\Run: [AVG-Secure-Search-Update_0913b] => C:\Users\Jason\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe /PROMPT --mid 5e587e3fced947d09663d146f63004b7-d23a41fc13550866ec920055e2647950aa1d55df --CMPID 0913b HKU\Jason\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Jason\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=5e587e3fced947d09663d146f63004b7-d23a41fc13550866ec920055e2647950aa1d55df /CMPID=1213b HKU\Jason\...\Policies\Explorer: [HideSCAVolume] 0 HKU\Jason\...\Policies\Explorer: [HideSCANetwork] 0 ========================== Services (Whitelisted) ================= S2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [660576 2011-02-12] (Acronis) S4 AdobeFlashPlayerUpdateSvc; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [0 2014-04-21] () S4 AgereModemAudio; C:\Windows\system32\agrsmsvc.exe [0 2006-10-04] () S2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [634988 2006-11-15] (Diskeeper Corporation) S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [0 2014-04-21] () S3 IPSSVC; C:\Windows\system32\IPSSVC.EXE [0 2007-01-29] () S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [0 2014-04-03] () S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [0 2014-04-03] () S4 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [0 2006-12-15] () S3 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [0 2007-01-08] () S2 TSSCoreService; C:\Program Files\Lenovo\Client Security Solution\tvttcsd.exe [722496 2006-12-21] (IBM) S2 TVT Backup Protection Service; C:\Program Files\Lenovo\Rescue and Recovery\rrpservice.exe [569344 2007-01-08] () S4 TVT Scheduler; c:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe [0 2007-01-08] () S4 AcPrfMgrSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe [X] S4 AcSvc; C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe [X] S3 ALG; %SystemRoot%\System32\alg.exe [X] S3 Appinfo; %SystemRoot%\System32\appinfo.dll [X] S4 Apple Mobile Device; "C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe" [X] S4 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [X] S2 AudioEndpointBuilder; %SystemRoot%\System32\Audiosrv.dll [X] S2 Audiosrv; %SystemRoot%\System32\Audiosrv.dll [X] S2 AVGIDSAgent; "C:\Program Files\AVG\AVG2014\avgidsagent.exe" [X] S2 avgwd; "C:\Program Files\AVG\AVG2014\avgwdsvc.exe" [X] S2 BFE; %SystemRoot%\System32\bfe.dll [X] S3 BITS; %systemroot%\system32\qmgr.dll [X] S3 Browser; %SystemRoot%\System32\browser.dll [X] S3 CertPropSvc; %SystemRoot%\System32\certprop.dll [X] S4 clr_optimization_v2.0.50727_32; %systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [X] S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X] S2 CryptSvc; %SystemRoot%\system32\cryptsvc.dll [X] S2 CscService; %SystemRoot%\System32\cscsvc.dll [X] S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X] S3 DFSR; %SystemRoot%\system32\DFSR.exe [X] S2 Dhcp; %SystemRoot%\System32\dhcpcsvc.dll [X] S2 Dnscache; %SystemRoot%\System32\dnsrslvr.dll [X] S3 dot3svc; %SystemRoot%\System32\dot3svc.dll [X] S2 DPS; %SystemRoot%\system32\dps.dll [X] S3 EapHost; %SystemRoot%\System32\eapsvc.dll [X] S2 EMDMgmt; %systemroot%\system32\emdmgmt.dll [X] S2 Eventlog; %SystemRoot%\System32\wevtsvc.dll [X] S2 EventSystem; %systemroot%\system32\es.dll [X] S4 Fax; %systemroot%\system32\fxssvc.exe [X] S3 fdPHost; %SystemRoot%\system32\fdPHost.dll [X] S2 FNF5SVC; C:\Program Files\LENOVO\HOTKEY\FNF5SVC.exe [X] S2 FontCache; %SystemRoot%\system32\FntCache.dll [X] S3 FontCache3.0.0.0; %systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [X] S2 FoxitCloudUpdateService; C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [X] S2 gpsvc; %SystemRoot%\System32\gpsvc.dll [X] S4 gupdate; "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc [X] S4 gupdatem; "C:\Program Files\Google\Update\GoogleUpdate.exe" /medsvc [X] S2 HitmanPro37CrusaderBoot; "C:\Users\Jason\Desktop\HitmanPro.exe" /crusader:boot [X] S3 hkmsvc; %SystemRoot%\system32\kmsvc.dll [X] S4 IDriverT; "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" [X] S3 idsvc; "%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" [X] S3 IKEEXT; %SystemRoot%\System32\ikeext.dll [X] S3 IPBusEnum; %SystemRoot%\system32\ipbusenum.dll [X] S4 iphlpsvc; %SystemRoot%\System32\iphlpsvc.dll [X] S2 KtmRm; %systemroot%\system32\msdtckrm.dll [X] S2 LanmanServer; %SystemRoot%\System32\srvsvc.dll [X] S2 LanmanWorkstation; %SystemRoot%\System32\wkssvc.dll [X] S3 lltdsvc; %SystemRoot%\System32\lltdsvc.dll [X] S3 Microsoft Office Groove Audit Service; "C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe" [X] S2 MMCSS; %SystemRoot%\system32\mmcss.dll [X] S4 MozillaMaintenance; "C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe" [X] S2 MpsSvc; %SystemRoot%\system32\mpssvc.dll [X] S3 MSDTC; %SystemRoot%\System32\msdtc.exe [X] S3 MSiSCSI; %systemroot%\system32\iscsiexe.dll [X] S3 MSIServer; %systemroot%\system32\msiexec.exe /V [X] S3 napagent; %SystemRoot%\system32\qagentRT.dll [X] S3 Netman; %SystemRoot%\System32\netman.dll [X] S4 NetMsmqActivator; "C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X] S4 NetPipeActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X] S2 netprofm; %SystemRoot%\System32\netprofm.dll [X] S4 NetTcpActivator; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X] S4 NetTcpPortSharing; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [X] S2 NlaSvc; %SystemRoot%\System32\nlasvc.dll [X] S4 NMIndexingService; "C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" [X] S2 nsi; %systemroot%\system32\nsisvc.dll [X] S3 odserv; "C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [X] S3 ose; "C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X] S3 p2pimsvc; %SystemRoot%\system32\p2psvc.dll [X] S3 p2psvc; %SystemRoot%\system32\p2psvc.dll [X] S2 PcaSvc; %SystemRoot%\System32\pcasvc.dll [X] S3 pla; %systemroot%\system32\pla.dll [X] S2 PlugPlay; %SystemRoot%\system32\umpnpmgr.dll [X] S3 PMSveH; C:\Program Files\Lenovo\PM Driver\PMSveH.exe [X] S4 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [X] S4 PnkBstrB; C:\Windows\system32\PnkBstrB.exe [X] S3 PNRPAutoReg; %SystemRoot%\system32\p2psvc.dll [X] S3 PNRPsvc; %SystemRoot%\system32\p2psvc.dll [X] S2 PolicyAgent; %SystemRoot%\System32\ipsecsvc.dll [X] S2 ProfSvc; %systemroot%\system32\profsvc.dll [X] S3 QWAVE; %windir%\system32\qwave.dll [X] S3 RasAuto; %SystemRoot%\System32\rasauto.dll [X] S4 RasMan; %SystemRoot%\System32\rasmans.dll [X] S4 RemoteAccess; %SystemRoot%\System32\mprdim.dll [X] S3 RemoteRegistry; %SystemRoot%\system32\regsvc.dll [X] S2 rpcnet; C:\Windows\system32\rpcnet.exe [X] S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X] S4 SandraDataSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\Win32\RpcDataSrv.exe [X] S4 SandraTheSrv; C:\Program Files\SiSoftware\SiSoftware Sandra Lite XII\RpcSandraSrv.exe [X] S3 SCardSvr; %SystemRoot%\System32\SCardSvr.dll [X] S2 Schedule; %systemroot%\system32\schedsvc.dll [X] S3 SCPolicySvc; %SystemRoot%\System32\certprop.dll [X] S3 SDRSVC; %Systemroot%\System32\SDRSVC.dll [X] S2 seclogon; %windir%\system32\seclogon.dll [X] S2 SENS; %SystemRoot%\system32\sens.dll [X] S3 SessionEnv; %SystemRoot%\system32\sessenv.dll [X] S2 SharedAccess; %SystemRoot%\System32\ipnathlp.dll [X] S2 ShellHWDetection; %SystemRoot%\System32\shsvcs.dll [X] S4 SkypeUpdate; "C:\Program Files\Skype\Updater\Updater.exe" [X] S2 slsvc; %SystemRoot%\system32\SLsvc.exe [X] S3 SLUINotify; %SystemRoot%\system32\SLUINotify.dll [X] S2 Spooler; %SystemRoot%\System32\spoolsv.exe [X] S4 SSDPSRV; %SystemRoot%\System32\ssdpsrv.dll [X] S3 SstpSvc; %SystemRoot%\system32\sstpsvc.dll [X] S2 stisvc; %SystemRoot%\System32\wiaservc.dll [X] S3 swprv; %Systemroot%\System32\swprv.dll [X] S2 SysMain; %systemroot%\system32\sysmain.dll [X] S3 TapiSrv; %SystemRoot%\System32\tapisrv.dll [X] S2 TBS; %SystemRoot%\System32\tbssvc.dll [X] S4 TermService; %SystemRoot%\System32\termsrv.dll [X] S4 Themes; %SystemRoot%\system32\shsvcs.dll [X] S3 THREADORDER; %SystemRoot%\system32\mmcss.dll [X] S4 TPHKSVC; C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe [X] S2 TrkWks; %SystemRoot%\System32\trkwks.dll [X] S3 TrustedInstaller; %SystemRoot%\servicing\TrustedInstaller.exe [X] S2 TVersityMediaServer; "C:\ProgramData\TVersity\Media Server\MediaServer.exe" [X] S3 UI0Detect; %SystemRoot%\system32\UI0Detect.exe [X] S3 UmRdpService; %SystemRoot%\System32\umrdp.dll [X] S2 upnphost; %SystemRoot%\System32\upnphost.dll [X] S4 UxSms; %SystemRoot%\System32\uxsms.dll [X] S3 vds; %SystemRoot%\System32\vds.exe [X] S3 VSS; %systemroot%\system32\vssvc.exe [X] S2 W32Time; %systemroot%\system32\w32time.dll [X] S3 wbengine; "%systemroot%\system32\wbengine.exe" [X] S3 wcncsvc; %SystemRoot%\System32\wcncsvc.dll [X] S3 WdiServiceHost; %SystemRoot%\system32\wdi.dll [X] S3 WdiSystemHost; %SystemRoot%\system32\wdi.dll [X] S2 WebClient; %SystemRoot%\System32\webclnt.dll [X] S2 WebrootSpySweeperService; "C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe" [X] S3 Wecsvc; %SystemRoot%\system32\wecsvc.dll [X] S3 wercplsupport; %SystemRoot%\System32\wercplsupport.dll [X] S4 WerSvc; %SystemRoot%\System32\WerSvc.dll [X] S2 WinDefend; %ProgramFiles%\Windows Defender\mpsvc.dll [X] S2 Winmgmt; %SystemRoot%\system32\wbem\WMIsvc.dll [X] S3 WinRM; %SystemRoot%\system32\WsmSvc.dll [X] S2 Wlansvc; %SystemRoot%\System32\wlansvc.dll [X] S2 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [X] S3 wmiApSrv; %systemroot%\system32\wbem\WmiApSrv.exe [X] S4 WMPNetworkSvc; "%ProgramFiles%\Windows Media Player\wmpnetwk.exe" [X] S2 WPDBusEnum; %SystemRoot%\system32\wpdbusenum.dll [X] S3 WPFFontCache_v0400; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [X] S2 wscsvc; %SYSTEMROOT%\system32\wscsvc.dll [X] S2 WSearch; %systemroot%\system32\SearchIndexer.exe /Embedding [X] S2 wuauserv; %systemroot%\system32\wuaueng.dll [X] S2 wudfsvc; %SystemRoot%\System32\WUDFSvc.dll [X] ==================== Drivers (Whitelisted) ==================== S4 adpahci; C:\Windows\system32\drivers\adpahci.sys [0 2006-11-02] () S4 adpu320; C:\Windows\system32\drivers\adpu320.sys [0 2006-11-02] () S3 agp440; C:\Windows\system32\drivers\agp440.sys [0 2006-11-02] () S4 aic78xx; C:\Windows\system32\drivers\djsvs.sys [0 2006-11-02] () S3 amdagp; C:\Windows\system32\drivers\amdagp.sys [0 2006-11-02] () S4 AmdK7; C:\Windows\system32\drivers\amdk7.sys [0 2006-11-02] () S4 AmdK8; C:\Windows\system32\drivers\amdk8.sys [0 2006-11-02] () S4 arc; C:\Windows\system32\drivers\arc.sys [0 2006-11-02] () S4 arcsas; C:\Windows\system32\drivers\arcsas.sys [0 2006-11-02] () S3 ATSWPDRV; C:\Windows\System32\DRIVERS\ATSwpDrv.sys [140808 2007-04-10] (AuthenTec, Inc.) S3 BrFiltLo; C:\Windows\system32\drivers\brfiltlo.sys [0 2006-11-02] () S4 Brserid; C:\Windows\system32\drivers\brserid.sys [0 2006-11-02] () S4 BrSerWdm; C:\Windows\system32\drivers\brserwdm.sys [0 2006-11-02] () S4 elxstor; C:\Windows\system32\drivers\elxstor.sys [0 2006-11-02] () S4 flpydisk; C:\Windows\System32\DRIVERS\flpydisk.sys [0 2006-11-02] () S3 gagp30kx; C:\Windows\system32\drivers\gagp30kx.sys [0 2006-11-02] () S0 giveio; C:\Windows\System32\giveio.sys [5248 1996-04-03] () S3 HdAudAddService; C:\Windows\System32\drivers\HdAudio.sys [0 2009-04-10] () S4 iaStorV; C:\Windows\system32\drivers\iastorv.sys [0 2006-11-02] () S4 IPMIDRV; C:\Windows\system32\drivers\ipmidrv.sys [0 2006-11-02] () S4 isapnp; C:\Windows\system32\drivers\isapnp.sys [0 2006-11-02] () S4 iteatapi; C:\Windows\system32\drivers\iteatapi.sys [0 2006-11-02] () S4 iteraid; C:\Windows\system32\drivers\iteraid.sys [0 2006-11-02] () S4 kbdhid; C:\Windows\system32\drivers\kbdhid.sys [0 2006-11-02] () S0 LPCFilter; C:\Windows\System32\DRIVERS\LPCFilter.sys [19456 2006-11-09] (COMPAL ELECTRONIC INC.) S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [0 2014-04-03] () S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [0 2014-04-03] () S4 megasas; C:\Windows\system32\drivers\megasas.sys [0 2006-11-02] () S4 msdsm; C:\Windows\system32\drivers\msdsm.sys [0 2006-11-02] () S3 NETwLv32; C:\Windows\System32\DRIVERS\NETwLv32.sys [6639616 2010-10-07] (Intel Corporation) S4 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [0 2006-11-02] () S4 nvraid; C:\Windows\system32\drivers\nvraid.sys [0 2006-11-02] () S4 nvstor; C:\Windows\system32\drivers\nvstor.sys [0 2006-11-02] () S2 PROCDD; C:\Windows\System32\DRIVERS\PROCDD.SYS [12080 2006-11-06] (Lenovo Group Limited) S4 ql2300; C:\Windows\system32\drivers\ql2300.sys [0 2006-11-02] () S4 ql40xx; C:\Windows\system32\drivers\ql40xx.sys [0 2006-11-02] () S4 sbp2port; C:\Windows\system32\drivers\sbp2port.sys [0 2006-11-02] () S3 Serial; C:\Windows\System32\DRIVERS\serial.sys [0 2006-11-02] () S4 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [0 2006-11-02] () S0 speedfan; C:\Windows\System32\speedfan.sys [5248 2006-09-24] (Windows (R) 2000 DDK provider) S4 Symc8xx; C:\Windows\system32\drivers\symc8xx.sys [0 2006-11-02] () S4 Sym_hi; C:\Windows\system32\drivers\sym_hi.sys [0 2006-11-02] () S3 uagp35; C:\Windows\system32\drivers\uagp35.sys [0 2006-11-02] () S4 UlSata; C:\Windows\system32\drivers\ulsata.sys [0 2006-11-02] () S4 usbccgp; C:\Windows\system32\drivers\usbccgp.sys [0 2006-11-02] () S4 usbprint; C:\Windows\system32\drivers\usbprint.sys [0 2006-11-02] () S4 viaide; C:\Windows\system32\drivers\viaide.sys [0 2006-11-02] () S4 vsmraid; C:\Windows\system32\drivers\vsmraid.sys [0 2006-11-02] () S4 WacomPen; C:\Windows\system32\drivers\wacompen.sys [0 2006-11-02] () S0 ACPI; system32\drivers\acpi.sys [X] S1 AFD; \SystemRoot\system32\drivers\afd.sys [X] S3 AsyncMac; system32\DRIVERS\asyncmac.sys [X] S0 atapi; system32\drivers\atapi.sys [X] S1 Avgdiskx; system32\DRIVERS\avgdiskx.sys [X] S1 AVGIDSDriver; system32\DRIVERS\avgidsdriverx.sys [X] S0 AVGIDSHX; system32\DRIVERS\avgidshx.sys [X] S1 AVGIDSShim; system32\DRIVERS\avgidsshimx.sys [X] S1 Avgldx86; system32\DRIVERS\avgldx86.sys [X] S0 Avglogx; system32\DRIVERS\avglogx.sys [X] S0 Avgmfx86; system32\DRIVERS\avgmfx86.sys [X] S0 Avgrkx86; system32\DRIVERS\avgrkx86.sys [X] S1 Avgtdix; system32\DRIVERS\avgtdix.sys [X] S1 Beep; No ImagePath S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 bowser; system32\DRIVERS\bowser.sys [X] S4 cdfs; system32\DRIVERS\cdfs.sys [X] S1 cdrom; system32\DRIVERS\cdrom.sys [X] S0 CLFS; System32\CLFS.sys [X] S3 CmBatt; system32\DRIVERS\CmBatt.sys [X] S0 Compbatt; system32\DRIVERS\compbatt.sys [X] S3 cpudrv; \??\C:\Program Files\SystemRequirementsLab\cpudrv.sys [X] S3 CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [X] S1 CSC; system32\drivers\csc.sys [X] S1 DfsC; System32\Drivers\dfsc.sys [X] S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X] S0 disk; system32\drivers\disk.sys [X] S3 drmkaud; system32\drivers\drmkaud.sys [X] S3 DXGKrnl; \SystemRoot\System32\drivers\dxgkrnl.sys [X] S0 Ecache; System32\drivers\ecache.sys [X] S2 EGATHDRV; \??\C:\Windows\system32\EGATHDRV.SYS [X] S3 ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [X] S3 exfat; No ImagePath S3 fastfat; No ImagePath S0 FileInfo; system32\drivers\fileinfo.sys [X] S3 Filetrace; system32\drivers\filetrace.sys [X] S0 FltMgr; system32\drivers\fltmgr.sys [X] S1 Fs_Rec; No ImagePath S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X] S3 HDAudBus; system32\DRIVERS\HDAudBus.sys [X] S3 HidUsb; system32\DRIVERS\hidusb.sys [X] S4 hitmanpro37; \??\C:\Windows\system32\drivers\hitmanpro37.sys [X] S3 HTTP; system32\drivers\HTTP.sys [X] S1 i8042prt; system32\DRIVERS\i8042prt.sys [X] S3 ialm; system32\DRIVERS\igdkmd32.sys [X] S3 igfx; system32\DRIVERS\igdkmd32.sys [X] S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] S0 intelide; system32\drivers\intelide.sys [X] S3 intelppm; system32\DRIVERS\intelppm.sys [X] S3 IpFilterDriver; system32\DRIVERS\ipfltdrv.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 IPNAT; system32\DRIVERS\ipnat.sys [X] S3 IRENUM; system32\drivers\irenum.sys [X] S3 iScsiPrt; system32\DRIVERS\msiscsi.sys [X] S1 kbdclass; system32\DRIVERS\kbdclass.sys [X] S0 KSecDD; System32\Drivers\ksecdd.sys [X] S2 lltdio; system32\DRIVERS\lltdio.sys [X] S2 luafv; \SystemRoot\system32\drivers\luafv.sys [X] S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X] S3 Modem; system32\drivers\modem.sys [X] S3 monitor; system32\DRIVERS\monitor.sys [X] S1 mouclass; system32\DRIVERS\mouclass.sys [X] S3 mouhid; system32\DRIVERS\mouhid.sys [X] S0 MountMgr; System32\drivers\mountmgr.sys [X] S3 mpsdrv; System32\drivers\mpsdrv.sys [X] S3 MRxDAV; \SystemRoot\system32\drivers\mrxdav.sys [X] S3 mrxsmb; system32\DRIVERS\mrxsmb.sys [X] S3 mrxsmb10; system32\DRIVERS\mrxsmb10.sys [X] S3 mrxsmb20; system32\DRIVERS\mrxsmb20.sys [X] S1 Msfs; No ImagePath S0 msisadrv; system32\drivers\msisadrv.sys [X] S3 MSKSSRV; system32\drivers\MSKSSRV.sys [X] S3 MSPCLOCK; system32\drivers\MSPCLOCK.sys [X] S3 MSPQM; system32\drivers\MSPQM.sys [X] S3 MsRPC; No ImagePath S3 mssmbios; system32\DRIVERS\mssmbios.sys [X] S3 MSTEE; system32\drivers\MSTEE.sys [X] S0 Mup; System32\Drivers\mup.sys [X] S3 NativeWifiP; system32\DRIVERS\nwifi.sys [X] S0 NDIS; system32\drivers\ndis.sys [X] S3 NdisTapi; system32\DRIVERS\ndistapi.sys [X] S3 Ndisuio; system32\DRIVERS\ndisuio.sys [X] S3 NdisWan; system32\DRIVERS\ndiswan.sys [X] S3 NDProxy; No ImagePath S1 NetBIOS; system32\DRIVERS\netbios.sys [X] S1 netbt; System32\DRIVERS\netbt.sys [X] S3 NETw4v32; system32\DRIVERS\NETw4v32.sys [X] S1 Npfs; No ImagePath S1 nsiproxy; system32\drivers\nsiproxy.sys [X] S3 Ntfs; No ImagePath S1 Null; No ImagePath S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 ohci1394; system32\DRIVERS\ohci1394.sys [X] S3 P1130VID; system32\DRIVERS\P1130Vid.sys [X] S0 partmgr; System32\drivers\partmgr.sys [X] S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X] S0 pci; system32\drivers\pci.sys [X] S3 PptpMiniport; system32\DRIVERS\raspptp.sys [X] S1 PSched; system32\DRIVERS\pacer.sys [X] S3 QWAVEdrv; \SystemRoot\system32\drivers\qwavedrv.sys [X] S1 RasAcd; System32\DRIVERS\rasacd.sys [X] S3 Rasl2tp; system32\DRIVERS\rasl2tp.sys [X] S3 RasPppoe; system32\DRIVERS\raspppoe.sys [X] S3 RasSstp; system32\DRIVERS\rassstp.sys [X] S1 rdbss; system32\DRIVERS\rdbss.sys [X] S1 RDPCDD; System32\DRIVERS\RDPCDD.sys [X] S3 rdpdr; system32\DRIVERS\rdpdr.sys [X] S1 RDPENCDD; system32\drivers\rdpencdd.sys [X] S3 RDPWD; No ImagePath S2 rimsptsk; system32\DRIVERS\rimsptsk.sys [X] S2 rspndr; system32\DRIVERS\rspndr.sys [X] S1 SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [X] S1 SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [X] S3 sdbus; system32\DRIVERS\sdbus.sys [X] S4 sermouse; \SystemRoot\system32\drivers\sermouse.sys [X] S1 Smb; system32\DRIVERS\smb.sys [X] S0 spldr; No ImagePath S0 sptd; System32\Drivers\sptd.sys [X] S3 srv; System32\DRIVERS\srv.sys [X] S3 srv2; System32\DRIVERS\srv2.sys [X] S3 srvnet; System32\DRIVERS\srvnet.sys [X] S0 ssfs0bbc; system32\DRIVERS\ssfs0bbc.sys [X] S0 sshrmd; system32\DRIVERS\sshrmd.sys [X] S0 ssidrv; system32\DRIVERS\ssidrv.sys [X] S1 ssmdrv; system32\DRIVERS\ssmdrv.sys [X] S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X] S1 StarOpen; No ImagePath S3 swenum; system32\DRIVERS\swenum.sys [X] S3 taphss; system32\DRIVERS\taphss.sys [X] S0 Tcpip; System32\drivers\tcpip.sys [X] S3 Tcpip6; system32\DRIVERS\tcpip.sys [X] S2 tcpipreg; System32\drivers\tcpipreg.sys [X] S3 TDPIPE; system32\drivers\tdpipe.sys [X] S3 TDTCP; system32\drivers\tdtcp.sys [X] S1 tdx; system32\DRIVERS\tdx.sys [X] S1 TermDD; system32\DRIVERS\termdd.sys [X] S0 TfFsMon; system32\drivers\TfFsMon.sys [X] S3 TfNetMon; \??\C:\Windows\system32\drivers\TfNetMon.sys [X] S0 TfSysMon; system32\drivers\TfSysMon.sys [X] S3 tssecsrv; System32\DRIVERS\tssecsrv.sys [X] S3 tunmp; system32\DRIVERS\tunmp.sys [X] S3 tunnel; system32\DRIVERS\tunnel.sys [X] S4 udfs; system32\DRIVERS\udfs.sys [X] S3 umbus; system32\DRIVERS\umbus.sys [X] S3 USBAAPL; System32\Drivers\usbaapl.sys [X] S3 usbhub; system32\DRIVERS\usbhub.sys [X] S3 usbser; system32\drivers\usbser.sys [X] S3 USBSTOR; system32\DRIVERS\USBSTOR.SYS [X] S1 VgaSave; \SystemRoot\System32\drivers\vga.sys [X] S0 volmgr; system32\drivers\volmgr.sys [X] S0 volmgrx; System32\drivers\volmgrx.sys [X] S0 volsnap; system32\drivers\volsnap.sys [X] S3 vsbus; system32\DRIVERS\vsb.sys [X] S3 vserial; System32\DRIVERS\vserial.sys [X] S3 Wanarp; system32\DRIVERS\wanarp.sys [X] S1 Wanarpv6; system32\DRIVERS\wanarp.sys [X] S0 Wdf01000; system32\drivers\Wdf01000.sys [X] S3 WmiAcpi; system32\DRIVERS\wmiacpi.sys [X] S3 WpdUsb; system32\DRIVERS\wpdusb.sys [X] S4 ws2ifsl; \SystemRoot\system32\drivers\ws2ifsl.sys [X] S3 WudfPf; system32\drivers\WudfPf.sys [X] S3 WUDFRd; system32\DRIVERS\WUDFRd.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-24 12:18 - 2014-04-24 12:18 - 00000000 ____D () C:\FRST 2014-04-24 07:02 - 2014-04-24 07:02 - 00000000 __SHD () C:\found.001 2014-04-21 22:28 - 2014-04-21 22:28 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2014-04-21 22:28 - 2014-04-21 22:28 - 00000326 _____ () C:\Windows\System32\bootdelete.lst 2014-04-21 22:28 - 2014-04-21 22:28 - 00000000 _____ () C:\Windows\System32\.crusader 2014-04-21 22:26 - 2014-04-21 22:26 - 00027060 _____ () C:\Users\Jason\Desktop\HitmanPro_20140422_0226.log 2014-04-21 22:03 - 2014-04-21 22:03 - 00000000 ____D () C:\Program Files\HitmanPro 2014-04-21 21:58 - 2014-04-21 22:28 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-04-21 21:18 - 2014-04-21 21:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-04-21 21:18 - 2014-04-03 05:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2014-04-21 21:18 - 2014-04-03 05:51 - 00000000 _____ () C:\Windows\System32\Drivers\mwac.sys ==================== One Month Modified Files and Folders ======= 2014-04-24 12:18 - 2014-04-24 12:18 - 00000000 ____D () C:\FRST 2014-04-24 07:02 - 2014-04-24 07:02 - 00000000 __SHD () C:\found.001 2014-04-21 22:30 - 2010-04-30 11:28 - 00002128 _____ () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-21 22:30 - 2010-04-30 11:28 - 00002128 _____ () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-21 22:30 - 2007-05-26 15:46 - 00000000 _____ () C:\Windows\WindowsUpdate.log 2014-04-21 22:28 - 2014-04-21 22:28 - 00012872 _____ (SurfRight B.V.) C:\Windows\System32\bootdelete.exe 2014-04-21 22:28 - 2014-04-21 22:28 - 00000326 _____ () C:\Windows\System32\bootdelete.lst 2014-04-21 22:28 - 2014-04-21 22:28 - 00000000 _____ () C:\Windows\System32\.crusader 2014-04-21 22:28 - 2014-04-21 21:58 - 00000000 ____D () C:\ProgramData\HitmanPro 2014-04-21 22:26 - 2014-04-21 22:26 - 00027060 _____ () C:\Users\Jason\Desktop\HitmanPro_20140422_0226.log 2014-04-21 22:03 - 2014-04-21 22:03 - 00000000 ____D () C:\Program Files\HitmanPro 2014-04-21 21:18 - 2014-04-21 21:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware 2014-04-21 21:18 - 2010-11-21 16:48 - 00000000 ____D () C:\Users\Jason\AppData\Roaming\Malwarebytes 2014-04-21 21:18 - 2010-11-21 16:48 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-21 18:53 - 2006-11-02 03:18 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared 2014-04-21 18:01 - 2014-03-22 08:28 - 00000000 ____D () C:\Program Files\iPod 2014-04-21 17:27 - 2012-07-28 07:43 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-21 17:19 - 2007-05-27 19:48 - 00000000 ____D () C:\Users\Jason\Local Settings\Application Data\Adobe 2014-04-21 17:19 - 2007-05-27 19:48 - 00000000 ____D () C:\Users\Jason\AppData\Local\Adobe 2014-04-21 16:57 - 2006-11-02 05:00 - 00489160 _____ () C:\Windows\PFRO.log 2014-04-16 18:12 - 2007-05-26 16:10 - 00000000 ____D () C:\Program Files\Java 2014-04-14 18:59 - 2010-11-22 14:40 - 00183808 _____ () C:\Users\Jason\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-14 18:59 - 2010-11-22 14:40 - 00183808 _____ () C:\Users\Jason\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-04-09 08:56 - 2006-11-02 02:24 - 00000000 _____ () C:\Windows\System32\mrt.exe 2014-04-08 16:46 - 2006-11-02 02:33 - 00763586 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-04-03 05:51 - 2014-04-21 21:18 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys 2014-04-03 05:51 - 2014-04-21 21:18 - 00000000 _____ () C:\Windows\System32\Drivers\mwac.sys 2014-04-03 05:50 - 2010-11-21 16:48 - 00000000 _____ () C:\Windows\System32\Drivers\mbam.sys ==================== Known DLLs (Whitelisted) ============ C:\Windows\System32\clbcatq.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\ole32.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\advapi32.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\COMDLG32.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\gdi32.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\IERTUTIL.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\IMAGEHLP.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\IMM32.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\kernel32.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\LPK.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\MSCTF.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\MSVCRT.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\NSI.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\OLEAUT32.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\rpcrt4.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\Setupapi.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\SHELL32.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\SHLWAPI.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\URLMON.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\user32.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\USP10.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\WININET.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\WLDAP32.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\WS2_32.dll IS MISSING <==== ATTENTION!. ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!. C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!. C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!. C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!. ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: <===== ATTENTION! HKLM\...\exefile\DefaultIcon: <===== ATTENTION! HKLM\...\exefile\open\command: <===== ATTENTION! ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 13% Total physical RAM: 2549.81 MB Available physical RAM: 2194.38 MB Total Pagefile: 2349.67 MB Available Pagefile: 2218.09 MB Total Virtual: 2047.88 MB Available Virtual: 1981.66 MB ==================== Drives ================================ Drive c: (SW_Preload) (Fixed) (Total:6.92 GB) (Free:4.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (2007.11.03_2329) (CDROM) (Total:0.12 GB) (Free:0 GB) UDF Drive e: (ServiceV002) (Fixed) (Total:6.92 GB) (Free:2.66 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: () (Removable) (Total:0.94 GB) (Free:0.93 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 149 GB) (Disk ID: 95F3457A) Partition 1: (Not Active) - (Size=7 GB) - (Type=27) Partition 2: (Active) - (Size=142 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 960 MB) (Disk ID: 73696D20) No partition Table on disk 1. LastRegBack: 2014-04-21 17:04 ==================== End Of Log ============================ [/QUOTE]
Insert quotes…
Verification
Post reply
Top