Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot Loop, no safe mode - Malware or something


  • This topic is locked This topic is locked
45 replies to this topic

#1 jhogan

jhogan

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 03 January 2014 - 07:09 PM

I have been dealing with what i think is a Malware issue.  I have not been allowed to get into the Windows 7 most of the time.  It has taken me through Startup Repair and i had no luck with it.  Once on the windows, i try to click on anything, it just spins. 

 

Can someone help?

 

I have run Farbar Recovery Scan software and got the following:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2014
Ran by SYSTEM on MININT-JG79J06 on 03-01-2014 18:44:12
Running from G:\
WIN_7 (X64) OS Language: English(US)
Boot Mode: Recovery
Attention: Could not load system hive.
Attention: System hive is missing.


==================== Registry (Whitelisted) ==================

ATTENTION: Software hive is missing.
ATTENTION: Software hive is not loaded.
HKLM\...\Winlogon: [Userinit]
HKLM-x32\...\Winlogon: [Userinit]  [x]
HKLM\...\Winlogon: [Shell]  [ ] () <=== ATTENTION
HKLM-x32\...\Winlogon: [Shell]  [ ] () <=== ATTENTION
HKLM\...\InprocServer32: [Default-wbemess]  ATTENTION! ====> ZeroAccess?
HKLM\...D6A79037F57F\InprocServer32: [Default-fastprox]  ATTENTION! ====> ZeroAccess?

==================== Services (Whitelisted) =================


==================== Drivers (Whitelisted) ====================


========================== Drivers MD5 =======================


==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========


==================== One Month Modified Files and Folders =======


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\wininit.exe IS MISSING <==== ATTENTION!.
C:\Windows\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\explorer.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\svchost.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\services.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\User32.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\SysWOW64\userinit.exe IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys IS MISSING <==== ATTENTION!.
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.
C:\Windows\System32\winsrv.dll IS MISSING <==== ATTENTION!.

==================== Restore Points  =========================


==================== Memory info ===========================

Percentage of memory in use: 12%
Total physical RAM: 3935.02 MB
Available physical RAM: 3447.72 MB
Total Pagefile: 3933.17 MB
Available Pagefile: 3438.82 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive d: () (Fixed) (Total:290.37 GB) (Free:147.07 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:7.62 GB) (Free:0.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.45 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 85EFE600)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 953 MB) (Disk ID: 20AC7DDA)
No partition Table on disk 1.

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 jhogan

jhogan
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 04 January 2014 - 10:17 AM

Did i not do this correctly?



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,697 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:35 PM

Posted 08 January 2014 - 07:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/519553 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 jhogan

jhogan
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 09 January 2014 - 02:29 PM

I have tried running DDS on my PC, but everything i open seems to stop or clog the PC.  As i opened DDS, it went to a black screen and never came back.  It has now started a chkdsk session (which seems to be better than the Startup Repair, which seemed to go no where).  Can i run DDS in a command line mode or before startup?



#5 jhogan

jhogan
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 09 January 2014 - 02:53 PM

Running Chkdsk and i am getting

Deleting corrupt attribute record (128, "") from file record segment.

 

Yesterday Chkdsk was adding file ids to records.

 

I am trying to not have to do a re-install of the harddrive.  I see the harddrive in Kaspersky but cannot get the PC to boot legitimately yet.

 

thank you



#6 jhogan

jhogan
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 10 January 2014 - 08:43 AM

I was unable to run DDS on my PC, since i could only run things on a command line.  I have been having issues over the last week with a very slow PC, that will get me to the boot occasionally to the Desktop.  Once on the desktop, i have not been able to run any windows or applications.  It will error out or give me BSOD.  I have run Startup Repair and have been getting an occasional finish of that test, but no real progress.

 

I can see my c: drive, files and folders.  I cannot get into Safe Mode at all.

 

I seem to be having similar issues as http://www.bleepingcomputer.com/forums/t/448339/windows-failed-to-start-system-repair-cant-discover-problem/

 

I ran Farbar with these results:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-01-2014
Ran by SYSTEM on MININT-B8RCC04 on 10-01-2014 05:01:46
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2486296 2014-01-09] ()
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-12-16] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Adobe Test\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [109784 2013-10-17] (Siber Systems)
HKU\Adobe Test\...\Run: [AdobeBridge] - [x]
HKU\Adobe Test\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\hmbgroup\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\hmbgroup\...\Run: [cdloader] - C:\Users\hmbgroup\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\hmbgroup\...\Run: [Amazon Cloud Player] - C:\Users\hmbgroup\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3139072 2013-11-24] ()
HKU\hmbgroup\...\Run: [Google Update] - C:\Users\hmbgroup\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2009-12-19] (Google Inc.)
HKU\hmbgroup\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe [109784 2013-10-17] (Siber Systems)
Startup: C:\Users\hmbgroup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [947528 2011-03-18] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-23] (AVG Technologies CZ, s.r.o.)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-09] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-09] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
S2 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-29] (Microsoft Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)
S4 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-23] (Realtek Semiconductor)
S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-16] (Intel Corporation)
S2 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation)
S2 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation)
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-29] (Microsoft Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation)
S3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation)
S2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2013-12-09] (AVG Secure Search)
S2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation)
S2 wgsslvpnsrc; C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [101888 2013-07-23] ()
S2 XMail; C:\Program Files (x86)\acquia-drupal\xmail\XMail.exe [397824 2012-05-03] ()
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [x]

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-09-30] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-09] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-06-06] (LeapFrog)
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-06-01] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [89304 2014-01-03] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [117464 2014-01-03] (Malwarebytes Corporation)
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
S2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-11-02] (Duplex Secure Ltd.)
S2 SSPORT; C:\Windows\SysWow64\Drivers\SSPORT.sys [11576 2009-08-27] (Samsung Electronics)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 veebeampol; C:\Windows\System32\DRIVERS\veebeampol.sys [14952 2012-10-02] (Veebeam Corporation)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\DRIVERS\Apfiltr.sys 56BD886820C4AEDF493CFCDF1CCFB004
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys C130BC4A51B1382B2BE8E44579EC4C0A
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys 5D4529AC4156E16BEDB01441AE0CF984
C:\Windows\System32\DRIVERS\atikmdag.sys DE0EDE41BC530F1759C6FFFCB8C7A0CF
C:\Windows\System32\DRIVERS\avgdiska.sys 27CA53E91543B800E16129BCEC3247AD
C:\Windows\System32\DRIVERS\avgidsdrivera.sys 57250DDDE2523115D0927DBBA745F9FA
C:\Windows\System32\DRIVERS\avgidsha.sys 19AD820FC44AA71EDD1BC70B6E3F36B0
C:\Windows\System32\DRIVERS\avgldx64.sys 4BE8BB177B4C2BC3564845EF6D1073F1
C:\Windows\System32\DRIVERS\avgloga.sys D3772CC086FB81F76B5A82C85E1C7C8E
C:\Windows\System32\DRIVERS\avgmfx64.sys A0BCE5DC2C1F1EE5C1CA19A33375AC23
C:\Windows\System32\DRIVERS\avgrkx64.sys 12FAAF366975B2BF2E93F1866C0E480D
C:\Windows\System32\DRIVERS\avgtdia.sys 4E364FABBD147F59E5D524C9EA86D772
C:\Windows\system32\drivers\avgtpx64.sys A1F53D2A00E64679A1D81B61D2333D06
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BthAudioHF.sys 07DCB3C254D584E3949FE2C0EE3963F2
C:\Windows\System32\DRIVERS\BthAvrcp.sys 832B121E4532919CC49F2438F1DCAA21
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\bthav.sys DF07C6D98BA7F81D0571E366B1CD6672
C:\Windows\System32\DRIVERS\CVirtA64.sys 44BDDEB03C84A1C993C992FFB5700357
C:\Windows\System32\DRIVERS\dc3d.sys C6E1C081C0849E08FECEC18DF73B10C4
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ssudbus.sys 41AC348DBD378F618CB4FDEE54270692
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\dne64x.sys 05CB5910B3CA6019FC3CCA815EE06FFB
C:\Windows\System32\DRIVERS\Dot4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Dot4Prt.sys E9F5969233C5D89F3C35E3A66A52A361
C:\Windows\System32\DRIVERS\dot4usb.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\FlyUsb.sys 6CD6BB45BD3E0EEF6CE496BF52854FF1
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 07DA62C960DDCCC2D35836AEAB4FC578
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\System32\drivers\hppdbulkio.sys E325F85012E793CEE74B73C4F22AE311
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\System32\DRIVERS\igdkmd64.sys DFEAF0A1D98D397035012C8E28D1520F
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys B16FC828CE7A76A8F1CE682E6EAD2627
C:\Windows\System32\drivers\IntcHdmi.sys 88A20FA54C73DED4E8DAC764E9130AE9
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys 0F28935ECF1FBDEC22BAF720A5A94564
C:\Windows\System32\DRIVERS\lmimirr.sys 413ECDCFAD9A82804D3674C8D7EEC24E
C:\Windows\system32\drivers\LMIRfsDriver.sys C57D3FAA50E6F395759FFB7C709BD944
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mbamchameleon.sys 90AA9E273410AD7A41D2D06E0FB46022
C:\Windows\system32\drivers\MBAMSwissArmy.sys 0C6125E43F42C4DA6E74D9AF2B75E40C
C:\Windows\System32\DRIVERS\mdmxsdk.sys E4F44EC214B3E381E1FC844A02926666
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netw5v64.sys 64428DFDAF6E88366CB51F45A79C5F69
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\DRIVERS\NuidFltr.sys 189B73C24B70641C0E7ECBB866E0B1E5
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\point64.sys 520D48ECB54A33821C95EE496A4235AF
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 07D57B890DD5693A6AB660CBAE8F91B4
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\system32\DRIVERS\rimssn64.sys 258AADB43E3F3468B5CF8CB0F84872C2
C:\Windows\system32\DRIVERS\risdsn64.sys 71E182A0DE1CECB3F912960716345405
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\drivers\RtHDMIVX.sys 34F05C417F038FFA3BEF69B798D7D7DD
C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS 3289766038DB2CB14D07DC84392138D5
C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS 58A38E75F3316A83C23DF6173D41F2B5
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SFEP.sys 70F9C476B62DE4F2823E918A6C181ADE
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys A15860E920B02C9A7CE8F3A6C2FF1E3A
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8
C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04
C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\SysWow64\Drivers\SSPORT.sys 0211AB46B73A2623B86C1CFCB30579AB
C:\Windows\System32\DRIVERS\ssudmdm.sys B4C983DA20E2970E21893BF0E4EE2AD8
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tap0901.sys D5462D5C8F4AF904D109C5B41B8CD43A
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbaapl64.sys AF1B9474D67897D0C2CFF58E0ACEACCC
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys ACCEA6BC68D0C9A78EB97EE159028B4E
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 311C1DD1088E55BEAE15954D17F50646
C:\Windows\System32\DRIVERS\usbhub.sys 280E90CBF4B2DDD169F0728CB44D726F
C:\Windows\system32\drivers\usbohci.sys 9406D801042FAF859CF81B2C886413DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usb80236.sys 2C42E595E7E381596B9A14F88F5AE027
C:\Windows\system32\drivers\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\System32\DRIVERS\usbuhci.sys A83D0EC9AE4C31704442099D40BA2471
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\veebeampol.sys 7DC05F6BDA2A0895C976D8A1B94F3FFB
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\XAudio64.sys E8F3FA126A06F8E7088F63757112A186
C:\Windows\System32\DRIVERS\yk62x64.sys 6AFFD75C6807B3DD3AB018E27B88EF95

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-09 21:18 - 2014-01-09 21:18 - 00000000 __SHD C:\found.003
2014-01-09 10:55 - 2014-01-09 10:57 - 00000134 _____ C:\Windows\System32\PerfStringBackup.TMP
2014-01-09 03:16 - 2014-01-09 03:17 - 00003222 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-944032917-3336008693-488706110-1001
2014-01-09 03:07 - 2014-01-09 03:07 - 00003350 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-944032917-3336008693-488706110-1001
2014-01-08 17:48 - 2014-01-08 17:48 - 00003344 ____N C:\bootsqm.dat
2014-01-08 02:23 - 2014-01-08 02:23 - 00000000 __SHD C:\found.002
2014-01-04 12:35 - 2014-01-04 12:35 - 00000000 ____D C:\FRST
2014-01-03 17:35 - 2014-01-03 17:35 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2013-12-20 07:45 - 2013-12-20 07:46 - 00000000 ____D C:\Users\hmbgroup\AppData\Local\{F3F9A4D3-B342-408D-BB54-685F11F5228A}
2013-12-20 05:56 - 2013-12-20 05:56 - 00347816 _____ (Microsoft Corporation) C:\Users\hmbgroup\Downloads\MicrosoftFixit.wu.LB.150310974994214828.1.1.Run.exe
2013-12-19 19:41 - 2013-12-19 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 10:59 - 2013-12-19 10:59 - 00000000 ____D C:\Users\hmbgroup\AppData\Local\{ECFA1A93-D71A-4A14-9F20-CB9F52C63B69}
2013-12-19 08:50 - 2013-12-19 08:51 - 00000000 ____D C:\Users\hmbgroup\Desktop\New folder
2013-12-18 13:43 - 2013-12-18 13:44 - 41404760 _____ (Apple Inc.) C:\Users\hmbgroup\Downloads\QuickTimeInstaller.exe
2013-12-18 07:46 - 2013-12-18 07:46 - 00378368 _____ C:\Users\hmbgroup\Desktop\VDI Boot Camp w VMWARE Cisco Nimble Storage AND CTC Technologies-Feb12.msg
2013-12-18 04:52 - 2014-01-03 17:32 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2013-12-18 04:52 - 2013-12-23 16:05 - 00000000 ____D C:\Users\hmbgroup\Desktop\mbar
2013-12-16 07:17 - 2013-12-16 07:17 - 30724041 _____ C:\Users\hmbgroup\Documents\CoreControl Testimonial_ Andor Gyulai & Casey Patterson.mp4
2013-12-16 07:16 - 2013-12-16 07:16 - 07814536 _____ C:\Users\hmbgroup\Documents\Game changer_ Glove gives steroid-like boost.mp4
2013-12-16 07:15 - 2013-12-16 07:15 - 23842732 _____ C:\Users\hmbgroup\Documents\NFL Network_ Footballogy - CoreControl.mp4
2013-12-16 07:10 - 2013-12-16 07:10 - 46537310 _____ C:\Users\hmbgroup\Documents\CNET_ Future Tech - CoreControl.mp4
2013-12-16 07:07 - 2013-12-16 07:07 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-12-16 07:06 - 2013-12-16 07:06 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2013-12-16 05:37 - 2013-12-16 05:37 - 00000000 ____D C:\Users\hmbgroup\AppData\Roaming\RealNetworks
2013-12-16 05:36 - 2013-12-16 05:36 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-12-16 05:36 - 2013-12-16 05:36 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-12-16 05:36 - 2013-12-16 05:36 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-12-16 05:36 - 2013-12-16 05:36 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-12-16 05:36 - 2013-12-16 05:36 - 00001264 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-12-16 05:36 - 2013-12-16 05:36 - 00000000 ____D C:\ProgramData\RealNetworks
2013-12-16 05:36 - 2013-12-16 05:36 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-12-16 05:36 - 2013-12-16 05:36 - 00000000 ____D C:\Program Files (x86)\Real
2013-12-16 05:35 - 2013-12-16 05:37 - 00000000 ____D C:\Users\hmbgroup\AppData\Roaming\Real
2013-12-16 05:34 - 2013-12-16 05:37 - 00000000 ____D C:\ProgramData\Real
2013-12-16 05:34 - 2013-12-16 05:35 - 00000000 ____D C:\Users\hmbgroup\Documents\Freemake
2013-12-16 05:34 - 2013-12-16 05:35 - 00000000 ____D C:\ProgramData\Freemake
2013-12-16 05:34 - 2013-12-16 05:34 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-12-16 05:24 - 2013-12-16 05:24 - 00000000 ____D C:\Program Files (x86)\LiveUpload
2013-12-12 11:54 - 2013-12-12 11:55 - 05928584 _____ (SibCode) C:\Users\hmbgroup\Downloads\junior-icon-editor.exe
2013-12-11 00:10 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\System32\wmp.dll
2013-12-11 00:10 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\System32\wmploc.DLL
2013-12-11 00:10 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-11 00:10 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-11 00:07 - 2013-12-30 14:03 - 00130924 _____ C:\Windows\IE11_main.log
2013-12-11 00:06 - 2013-10-24 22:19 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-11 00:06 - 2013-10-24 22:19 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-11 00:06 - 2013-10-24 22:19 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-11 00:06 - 2013-10-24 22:18 - 19271168 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-11 00:06 - 2013-10-24 22:18 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-12-11 00:06 - 2013-10-24 22:17 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-11 00:06 - 2013-10-24 22:17 - 03959808 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-11 00:06 - 2013-10-24 22:17 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-11 00:06 - 2013-10-24 22:17 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-12-11 00:06 - 2013-10-24 22:17 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-11 00:06 - 2013-10-24 22:17 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-12-11 00:06 - 2013-10-24 22:17 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-12-11 00:06 - 2013-10-24 22:17 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-11 00:06 - 2013-10-24 22:17 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-12-11 00:06 - 2013-10-24 20:45 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-11 00:06 - 2013-10-24 20:44 - 14356992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-11 00:06 - 2013-10-24 20:44 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-11 00:06 - 2013-10-24 20:43 - 13761536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-11 00:06 - 2013-10-24 20:43 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-11 00:06 - 2013-10-24 20:43 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-11 00:06 - 2013-10-24 20:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-11 00:06 - 2013-10-24 20:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-11 00:06 - 2013-10-24 20:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-11 00:06 - 2013-10-24 20:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-11 00:06 - 2013-10-24 20:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-11 00:06 - 2013-10-24 20:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-11 00:06 - 2013-10-24 20:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-11 00:06 - 2013-10-24 20:07 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-11 00:06 - 2013-10-24 19:41 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-11 00:06 - 2013-10-24 19:17 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-12-11 00:06 - 2013-10-24 18:49 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe

==================== One Month Modified Files and Folders =======

2014-01-09 21:18 - 2014-01-09 21:18 - 00000000 __SHD C:\found.003
2014-01-09 10:57 - 2014-01-09 10:55 - 00000134 _____ C:\Windows\System32\PerfStringBackup.TMP
2014-01-09 10:52 - 2013-06-26 06:34 - 00003728 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-01-09 10:52 - 2012-12-24 06:28 - 00000000 ____D C:\Users\hmbgroup\AppData\Roaming\Dropbox
2014-01-09 10:52 - 2012-06-05 14:59 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2014-01-09 10:52 - 2010-10-19 15:11 - 00000000 ____D C:\ProgramData\MFAData
2014-01-09 10:49 - 2012-12-24 06:30 - 00000000 ___RD C:\Users\hmbgroup\Dropbox
2014-01-09 10:48 - 2013-10-09 03:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec4e5c1572745.job
2014-01-09 10:46 - 2013-12-03 18:53 - 00007606 _____ C:\Windows\setupact.log
2014-01-09 10:46 - 2012-11-12 07:45 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2014-01-09 10:46 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-09 06:01 - 2009-09-02 22:08 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-09 05:57 - 2013-09-16 13:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-09 05:43 - 2009-10-29 22:38 - 01620443 _____ C:\Windows\WindowsUpdate.log
2014-01-09 05:41 - 2009-12-21 15:26 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-944032917-3336008693-488706110-1001UA.job
2014-01-09 05:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2014-01-09 04:25 - 2010-03-12 05:38 - 00000000 ____D C:\Users\hmbgroup\AppData\Roaming\Skype
2014-01-09 03:17 - 2014-01-09 03:16 - 00003222 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-944032917-3336008693-488706110-1001
2014-01-09 03:07 - 2014-01-09 03:07 - 00003350 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-944032917-3336008693-488706110-1001
2014-01-08 23:34 - 2009-07-13 20:45 - 00014480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-08 23:33 - 2009-07-13 20:45 - 00014480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-08 17:48 - 2014-01-08 17:48 - 00003344 ____N C:\bootsqm.dat
2014-01-08 02:23 - 2014-01-08 02:23 - 00000000 __SHD C:\found.002
2014-01-07 05:11 - 2012-10-31 04:19 - 00000000 ____D C:\users\Adobe Test
2014-01-06 23:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2014-01-06 23:18 - 2009-12-19 04:59 - 00000000 ____D C:\users\hmbgroup
2014-01-04 12:35 - 2014-01-04 12:35 - 00000000 ____D C:\FRST
2014-01-04 04:11 - 2013-09-02 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-03 23:00 - 2009-12-31 14:49 - 00000000 ____D C:\Users\hmbgroup\AppData\Local\Adobe
2014-01-03 17:35 - 2014-01-03 17:35 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-01-03 17:32 - 2013-12-18 04:52 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-01-02 09:39 - 2012-11-02 09:15 - 00000000 ____D C:\Users\hmbgroup\Documents\Outlook Files
2013-12-31 10:49 - 2013-10-09 03:50 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-944032917-3336008693-488706110-1001Core1cec4e5c16187ac.job
2013-12-31 05:08 - 2013-05-17 05:07 - 00000000 ____D C:\Users\hmbgroup\Desktop\new
2013-12-30 14:03 - 2013-12-11 00:07 - 00130924 _____ C:\Windows\IE11_main.log
2013-12-28 20:31 - 2012-11-02 09:18 - 00000000 ____D C:\Users\hmbgroup\Desktop\Tax
2013-12-27 08:07 - 2009-12-31 14:47 - 00000000 ____D C:\Users\hmbgroup\AppData\Roaming\FileZilla
2013-12-24 09:42 - 2012-06-22 08:09 - 00000000 ____D C:\Users\hmbgroup\AppData\Local\Citrix
2013-12-23 16:06 - 2013-12-03 18:53 - 00020634 _____ C:\Windows\PFRO.log
2013-12-23 16:05 - 2013-12-18 04:52 - 00000000 ____D C:\Users\hmbgroup\Desktop\mbar
2013-12-23 15:00 - 2013-08-27 20:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-23 14:58 - 2013-10-17 07:41 - 00055808 ___SH C:\Users\hmbgroup\Desktop\Thumbs.db
2013-12-23 11:27 - 2013-12-03 18:53 - 08087120 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-23 11:26 - 2012-01-10 10:42 - 00000000 ____D C:\Users\hmbgroup\AppData\Roaming\TeamViewer
2013-12-23 08:10 - 2013-01-05 04:36 - 00001456 _____ C:\Users\hmbgroup\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-12-23 07:51 - 2013-12-03 19:00 - 00123600 _____ C:\Users\hmbgroup\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-23 05:08 - 2012-12-18 08:15 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-12-20 17:30 - 2012-07-04 08:32 - 00000000 ____D C:\Users\hmbgroup\Desktop\Drupal
2013-12-20 10:21 - 2012-04-24 11:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 07:46 - 2013-12-20 07:45 - 00000000 ____D C:\Users\hmbgroup\AppData\Local\{F3F9A4D3-B342-408D-BB54-685F11F5228A}
2013-12-20 05:56 - 2013-12-20 05:56 - 00347816 _____ (Microsoft Corporation) C:\Users\hmbgroup\Downloads\MicrosoftFixit.wu.LB.150310974994214828.1.1.Run.exe
2013-12-19 19:41 - 2013-12-19 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 10:59 - 2013-12-19 10:59 - 00000000 ____D C:\Users\hmbgroup\AppData\Local\{ECFA1A93-D71A-4A14-9F20-CB9F52C63B69}
2013-12-19 08:51 - 2013-12-19 08:50 - 00000000 ____D C:\Users\hmbgroup\Desktop\New folder
2013-12-18 13:44 - 2013-12-18 13:43 - 41404760 _____ (Apple Inc.) C:\Users\hmbgroup\Downloads\QuickTimeInstaller.exe
2013-12-18 07:46 - 2013-12-18 07:46 - 00378368 _____ C:\Users\hmbgroup\Desktop\VDI Boot Camp w VMWARE Cisco Nimble Storage AND CTC Technologies-Feb12.msg
2013-12-16 07:17 - 2013-12-16 07:17 - 30724041 _____ C:\Users\hmbgroup\Documents\CoreControl Testimonial_ Andor Gyulai & Casey Patterson.mp4
2013-12-16 07:16 - 2013-12-16 07:16 - 07814536 _____ C:\Users\hmbgroup\Documents\Game changer_ Glove gives steroid-like boost.mp4
2013-12-16 07:15 - 2013-12-16 07:15 - 23842732 _____ C:\Users\hmbgroup\Documents\NFL Network_ Footballogy - CoreControl.mp4
2013-12-16 07:10 - 2013-12-16 07:10 - 46537310 _____ C:\Users\hmbgroup\Documents\CNET_ Future Tech - CoreControl.mp4
2013-12-16 07:07 - 2013-12-16 07:07 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-12-16 07:06 - 2013-12-16 07:06 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2013-12-16 05:37 - 2013-12-16 05:37 - 00000000 ____D C:\Users\hmbgroup\AppData\Roaming\RealNetworks
2013-12-16 05:37 - 2013-12-16 05:35 - 00000000 ____D C:\Users\hmbgroup\AppData\Roaming\Real
2013-12-16 05:37 - 2013-12-16 05:34 - 00000000 ____D C:\ProgramData\Real
2013-12-16 05:36 - 2013-12-16 05:36 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-12-16 05:36 - 2013-12-16 05:36 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-12-16 05:36 - 2013-12-16 05:36 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-12-16 05:36 - 2013-12-16 05:36 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-12-16 05:36 - 2013-12-16 05:36 - 00001264 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-12-16 05:36 - 2013-12-16 05:36 - 00000000 ____D C:\ProgramData\RealNetworks
2013-12-16 05:36 - 2013-12-16 05:36 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-12-16 05:36 - 2013-12-16 05:36 - 00000000 ____D C:\Program Files (x86)\Real
2013-12-16 05:36 - 2003-03-18 19:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-12-16 05:35 - 2013-12-16 05:34 - 00000000 ____D C:\Users\hmbgroup\Documents\Freemake
2013-12-16 05:35 - 2013-12-16 05:34 - 00000000 ____D C:\ProgramData\Freemake
2013-12-16 05:34 - 2013-12-16 05:34 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-12-16 05:24 - 2013-12-16 05:24 - 00000000 ____D C:\Program Files (x86)\LiveUpload
2013-12-16 04:28 - 2013-08-21 04:24 - 00000000 ____D C:\Users\hmbgroup\Desktop\TD-Aug2013
2013-12-14 14:51 - 2009-07-13 21:13 - 00824000 _____ C:\Windows\System32\PerfStringBackup.INI
2013-12-14 13:35 - 2013-07-26 04:09 - 00000000 ____D C:\Windows\System32\MRT
2013-12-14 13:31 - 2009-12-20 00:04 - 90708896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-12-12 11:55 - 2013-12-12 11:54 - 05928584 _____ (SibCode) C:\Users\hmbgroup\Downloads\junior-icon-editor.exe
2013-12-12 09:59 - 2012-07-04 08:31 - 00000000 ____D C:\Users\hmbgroup\Desktop\GH Pod
2013-12-11 05:45 - 2012-07-04 08:31 - 00000000 ____D C:\Users\hmbgroup\Desktop\CTC Tech
2013-12-11 04:31 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-11 01:10 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-12-11 00:35 - 2009-08-18 15:44 - 00000000 ____D C:\Windows\Panther
2013-12-11 00:05 - 2009-09-02 22:16 - 00000000 ____D C:\ProgramData\Microsoft Help

Files to move or delete:
====================
C:\ProgramData\Uninst.exe


Some content of TEMP:
====================
C:\Users\hmbgroup\AppData\Local\Temp\lowproc.exe
C:\Users\hmbgroup\AppData\Local\Temp\stubhelper.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-01-03 19:25:03
Restore point made on: 2014-01-04 00:00:32

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3935.02 MB
Available physical RAM: 3283.31 MB
Total Pagefile: 3933.17 MB
Available Pagefile: 3288.51 MB
Total Virtual: 8192 MB
Available Virtual: 8191.88 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:290.37 GB) (Free:142.59 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:7.62 GB) (Free:0.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (KINGSTON) (Removable) (Total:0.93 GB) (Free:0.01 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 85EFE600)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 953 MB) (Disk ID: 20AC7DDA)
No partition Table on disk 1.


LastRegBack: 2013-12-29 21:36

==================== End Of Log ============================



#7 jhogan

jhogan
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 11 January 2014 - 09:44 AM

Are there more details to provide?



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,007 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:35 AM

Posted 14 January 2014 - 09:32 AM

Greetings jhogan and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me some time to review the information you have provided and I will reply as soon as possible.

Can you tell me when these symptoms first started?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 jhogan

jhogan
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 14 January 2014 - 10:29 AM

Thanks Oh My! / Gary.  By all means, please call me John.

 

I can be as patient as you need me to be :)

 

I started experiencing this around Dec 31st. 


Edited by jhogan, 14 January 2014 - 11:54 AM.


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,007 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:35 AM

Posted 14 January 2014 - 10:41 PM

Hi John,

I really apologize for the delay. I should have been automatically subscribed to your topic but I wasn't :( . I am starting to work on your information as we "speak".
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,007 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:35 AM

Posted 14 January 2014 - 10:48 PM

Hi John,

Please run this for me. I am giving you the full instructions although you may not need them.

===================================================

Farbar's Recovery Scan Tool

--------------------

For this step you will need a USB flash drive.
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
LastRegBack: 2013-12-29 21:36
  • Please download Farbar Recovery Scan Tool and save it to a flash drive. You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Plug the flashdrive into the infected PC and follow the 2 step process below to enter the System Recovery Options using one of the three options listed, then running Farbar's Recover Scan Tool
----------

Entering into the System Recovery Options

Option #1

To enter System Recovery Options in Windows 8:Option #2

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
Option #3

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select English as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next
----------

Running Farbar's Recovery Scan Tool in System Recovery
  • Once you are in the System Recovery Options menu you will get the following options:

Startup Repair
System Restore
Windows Complete PC Restore
Windows Memory Diagnostic Tool
Command Prompt

  • Select Command Prompt
  • In the command window type in Notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select Computer and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    • Note: Replace letter e with the drive letter of your flash drive.
  • When the tool opens click Yes to disclaimer.
  • Press Fix button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.
  • Attempt to Reboot your computer into Normal Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST.txt
  • Does your computer boot successfully?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 jhogan

jhogan
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 15 January 2014 - 06:24 AM

Gary -

 

It created a log under Fixlist, but not FRST.txt file.   S.hould i need to run startup repair, instead of just trying to boot?  It did not boot successfully

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-01-2014
Ran by SYSTEM at 2014-01-14 23:29:01 Run:1
Running from G:\
Boot Mode: Recovery
==============================================

Content of fixlist:
*****************
LastRegBack: 2013-12-29 21:36
*****************

DEFAULT hive was successfully copied to System32\config\HiveBackup
DEFAULT hive was successfully restored from registry back up.
SAM hive was successfully copied to System32\config\HiveBackup
SAM hive was successfully restored from registry back up.
SECURITY hive was successfully copied to System32\config\HiveBackup
SECURITY hive was successfully restored from registry back up.
SOFTWARE hive was successfully copied to System32\config\HiveBackup
SOFTWARE hive was successfully restored from registry back up.
SYSTEM hive was successfully copied to System32\config\HiveBackup
SYSTEM hive was successfully restored from registry back up.

==== End of Fixlog ====

 

John



#13 jhogan

jhogan
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 15 January 2014 - 09:27 AM

Here is the log for FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014
Ran by SYSTEM on MININT-A2IQB6S on 15-01-2014 06:37:27
Running from G:\
Windows 7 Home Premium (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet002
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official downoad link fo FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4956176 2013-11-07] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [vProt] - C:\Program Files (x86)\AVG Secure Search\vprot.exe [2486296 2014-01-09] ()
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840568 2013-09-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2013-12-16] (RealNetworks, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\Adobe Test\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-10-17] (Siber Systems)
HKU\Adobe Test\...\Run: [AdobeBridge] - [x]
HKU\Adobe Test\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\hmbgroup\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\hmbgroup\...\Run: [cdloader] - C:\Users\hmbgroup\AppData\Roaming\mjusbsp\cdloader2.exe [50592 2012-02-01] (magicJack L.P.)
HKU\hmbgroup\...\Run: [Amazon Cloud Player] - C:\Users\hmbgroup\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [3139072 2013-11-24] ()
HKU\hmbgroup\...\Run: [Google Update] - C:\Users\hmbgroup\AppData\Local\Google\Update\GoogleUpdate.exe [135664 2009-12-19] (Google Inc.)
HKU\hmbgroup\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [109784 2013-10-17] (Siber Systems)
Startup: C:\Users\hmbgroup\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

==================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [143120 2013-05-23] (SUPERAntiSpyware.com)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [947528 2011-03-18] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3478544 2013-11-11] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-23] (AVG Technologies CZ, s.r.o.)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2013-06-09] (LogMeIn, Inc.)
S4 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2013-06-09] (LogMeIn, Inc.)
S4 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2010-11-08] (LogMeIn, Inc.)
S2 MSSQL$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\sqlservr.exe [43010392 2009-03-29] (Microsoft Corporation)
S2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
S4 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-06-26] (Sonic Solutions)
S4 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-06-26] (Sonic Solutions)
S2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [189984 2009-07-23] (Realtek Semiconductor)
S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-16] (Intel Corporation)
S2 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-07-27] (Sony Corporation)
S2 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-07-27] (Sony Corporation)
S4 SQLAgent$MSSMLBIZ; C:\Program Files (x86)\Microsoft SQL Server\MSSQL10.MSSMLBIZ\MSSQL\Binn\SQLAGENT.EXE [366936 2009-03-29] (Microsoft Corporation)
S2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-07-23] (Sony Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642920 2009-07-22] (Sony Corporation)
S3 Vcsw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe [313264 2009-07-23] (Sony Corporation)
S2 vToolbarUpdater17.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.2.0\ToolbarUpdater.exe [1771544 2013-12-09] (AVG Secure Search)
S2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-07-23] (Sony Corporation)
S2 wgsslvpnsrc; C:\Program Files (x86)\WatchGuard\WatchGuard Mobile VPN with SSL\wgsslvpnsrc.exe [101888 2013-07-23] ()
S2 XMail; C:\Program Files (x86)\acquia-drupal\xmail\XMail.exe [397824 2012-05-03] ()
S3 getPlusHelper; C:\Program Files (x86)\NOS\bin\getPlus_Helper.dll [x]

==================== Drivers (Whitelisted) ====================

S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-05] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [240920 2013-11-04] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [194872 2013-10-24] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-09-30] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-09] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [29184 2009-08-13] (CSR, plc)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2011-06-06] (LeapFrog)
S2 LMIInfo; C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [16056 2013-06-01] (LogMeIn, Inc.)
S4 LMIRfsClientNP; No ImagePath
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
S2 risdptsk; C:\Windows\system32\DRIVERS\risdsn64.sys [76288 2009-07-31] (REDC)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [560184 2012-11-02] (Duplex Secure Ltd.)
S2 SSPORT; C:\Windows\SysWOW64\Drivers\SSPORT.sys [11576 2009-08-27] (Samsung Electronics)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-11] (Microsoft Corporation)
S3 veebeampol; C:\Windows\System32\DRIVERS\veebeampol.sys [14952 2012-10-02] (Veebeam Corporation)
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-14 23:30 - 2014-01-14 23:32 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2014-01-13 13:51 - 2014-01-13 13:51 - 00000039 _____ C:\Users\hmbgroup\AppData\Local\.directory
2014-01-09 21:18 - 2014-01-09 21:18 - 00000000 __SHD C:\found.003
2014-01-09 10:55 - 2014-01-09 10:57 - 00000134 _____ C:\Windows\System32\PerfStringBackup.TMP
2014-01-09 03:16 - 2014-01-09 03:17 - 00003222 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-944032917-3336008693-488706110-1001
2014-01-09 03:07 - 2014-01-09 03:07 - 00003350 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-944032917-3336008693-488706110-1001
2014-01-08 17:48 - 2014-01-08 17:48 - 00003344 ____N C:\bootsqm.dat
2014-01-08 02:23 - 2014-01-08 02:23 - 00000000 __SHD C:\found.002
2014-01-04 12:35 - 2014-01-04 12:35 - 00000000 ____D C:\FRST
2014-01-03 17:35 - 2014-01-03 17:35 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2013-12-20 07:45 - 2013-12-20 07:46 - 00000000 ____D C:\Users\hmbgroup\AppData\Local\{F3F9A4D3-B342-408D-BB54-685F11F5228A}
2013-12-20 05:56 - 2013-12-20 05:56 - 00347816 _____ (Microsoft Corporation) C:\Users\hmbgroup\Downloads\MicrosoftFixit.wu.LB.150310974994214828.1.1.Run.exe
2013-12-19 19:41 - 2013-12-19 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 10:59 - 2013-12-19 10:59 - 00000000 ____D C:\Users\hmbgroup\AppData\Local\{ECFA1A93-D71A-4A14-9F20-CB9F52C63B69}
2013-12-19 08:50 - 2013-12-19 08:51 - 00000000 ____D C:\Users\hmbgroup\Desktop\New folder
2013-12-18 13:43 - 2013-12-18 13:44 - 41404760 _____ (Apple Inc.) C:\Users\hmbgroup\Downloads\QuickTimeInstaller.exe
2013-12-18 07:46 - 2013-12-18 07:46 - 00378368 _____ C:\Users\hmbgroup\Desktop\VDI Boot Camp w VMWARE Cisco Nimble Storage AND CTC Technologies-Feb12.msg
2013-12-18 04:52 - 2014-01-03 17:32 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2013-12-18 04:52 - 2013-12-23 16:05 - 00000000 ____D C:\Users\hmbgroup\Desktop\mbar
2013-12-16 07:17 - 2013-12-16 07:17 - 30724041 _____ C:\Users\hmbgroup\Documents\CoreControl Testimonial_ Andor Gyulai & Casey Patterson.mp4
2013-12-16 07:16 - 2013-12-16 07:16 - 07814536 _____ C:\Users\hmbgroup\Documents\Game changer_ Glove gives steroid-like boost.mp4
2013-12-16 07:15 - 2013-12-16 07:15 - 23842732 _____ C:\Users\hmbgroup\Documents\NFL Network_ Footballogy - CoreControl.mp4
2013-12-16 07:10 - 2013-12-16 07:10 - 46537310 _____ C:\Users\hmbgroup\Documents\CNET_ Future Tech - CoreControl.mp4
2013-12-16 07:07 - 2013-12-16 07:07 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-12-16 07:06 - 2013-12-16 07:06 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2013-12-16 05:37 - 2013-12-16 05:37 - 00000000 ____D C:\Users\hmbgroup\AppData\Roaming\RealNetworks
2013-12-16 05:36 - 2013-12-16 05:36 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-12-16 05:36 - 2013-12-16 05:36 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-12-16 05:36 - 2013-12-16 05:36 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-12-16 05:36 - 2013-12-16 05:36 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-12-16 05:36 - 2013-12-16 05:36 - 00001264 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-12-16 05:36 - 2013-12-16 05:36 - 00000000 ____D C:\ProgramData\RealNetworks
2013-12-16 05:36 - 2013-12-16 05:36 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-12-16 05:36 - 2013-12-16 05:36 - 00000000 ____D C:\Program Files (x86)\Real
2013-12-16 05:35 - 2013-12-16 05:37 - 00000000 ____D C:\Users\hmbgroup\AppData\Roaming\Real
2013-12-16 05:34 - 2013-12-16 05:37 - 00000000 ____D C:\ProgramData\Real
2013-12-16 05:34 - 2013-12-16 05:35 - 00000000 ____D C:\Users\hmbgroup\Documents\Freemake
2013-12-16 05:34 - 2013-12-16 05:35 - 00000000 ____D C:\ProgramData\Freemake
2013-12-16 05:34 - 2013-12-16 05:34 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-12-16 05:24 - 2013-12-16 05:24 - 00000000 ____D C:\Program Files (x86)\LiveUpload

==================== One Month Modified Files and Folders =======

2014-01-14 23:32 - 2014-01-14 23:30 - 00000000 ____D C:\Windows\System32\config\HiveBackup
2014-01-13 13:51 - 2014-01-13 13:51 - 00000039 _____ C:\Users\hmbgroup\AppData\Local\.directory
2014-01-09 21:18 - 2014-01-09 21:18 - 00000000 __SHD C:\found.003
2014-01-09 10:57 - 2014-01-09 10:55 - 00000134 _____ C:\Windows\System32\PerfStringBackup.TMP
2014-01-09 10:52 - 2013-06-26 06:34 - 00003728 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2014-01-09 10:52 - 2012-12-24 06:28 - 00000000 ____D C:\Users\hmbgroup\AppData\Roaming\Dropbox
2014-01-09 10:52 - 2012-06-05 14:59 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2014-01-09 10:52 - 2010-10-19 15:11 - 00000000 ____D C:\ProgramData\MFAData
2014-01-09 10:49 - 2012-12-24 06:30 - 00000000 ___RD C:\Users\hmbgroup\Dropbox
2014-01-09 10:48 - 2013-10-09 03:50 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cec4e5c1572745.job
2014-01-09 10:46 - 2013-12-03 18:53 - 00007606 _____ C:\Windows\setupact.log
2014-01-09 10:46 - 2012-11-12 07:45 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2014-01-09 10:46 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-09 06:01 - 2009-09-02 22:08 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-09 05:57 - 2013-09-16 13:06 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-09 05:43 - 2009-10-29 22:38 - 01620443 _____ C:\Windows\WindowsUpdate.log
2014-01-09 05:41 - 2009-12-21 15:26 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-944032917-3336008693-488706110-1001UA.job
2014-01-09 05:29 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\tracing
2014-01-09 04:25 - 2010-03-12 05:38 - 00000000 ____D C:\Users\hmbgroup\AppData\Roaming\Skype
2014-01-09 03:17 - 2014-01-09 03:16 - 00003222 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-944032917-3336008693-488706110-1001
2014-01-09 03:07 - 2014-01-09 03:07 - 00003350 _____ C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-944032917-3336008693-488706110-1001
2014-01-08 23:34 - 2009-07-13 20:45 - 00014480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-08 23:33 - 2009-07-13 20:45 - 00014480 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-08 17:48 - 2014-01-08 17:48 - 00003344 ____N C:\bootsqm.dat
2014-01-08 02:23 - 2014-01-08 02:23 - 00000000 __SHD C:\found.002
2014-01-07 05:11 - 2012-10-31 04:19 - 00000000 ____D C:\users\Adobe Test
2014-01-06 23:25 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\registration
2014-01-06 23:18 - 2009-12-19 04:59 - 00000000 ____D C:\users\hmbgroup
2014-01-04 12:35 - 2014-01-04 12:35 - 00000000 ____D C:\FRST
2014-01-04 04:11 - 2013-09-02 17:31 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-01-03 23:00 - 2009-12-31 14:49 - 00000000 ____D C:\Users\hmbgroup\AppData\Local\Adobe
2014-01-03 17:35 - 2014-01-03 17:35 - 00117464 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys
2014-01-03 17:32 - 2013-12-18 04:52 - 00089304 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbamchameleon.sys
2014-01-02 09:39 - 2012-11-02 09:15 - 00000000 ____D C:\Users\hmbgroup\Documents\Outlook Files
2013-12-31 10:49 - 2013-10-09 03:50 - 00000868 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-944032917-3336008693-488706110-1001Core1cec4e5c16187ac.job
2013-12-31 05:08 - 2013-05-17 05:07 - 00000000 ____D C:\Users\hmbgroup\Desktop\new
2013-12-30 14:03 - 2013-12-11 00:07 - 00130924 _____ C:\Windows\IE11_main.log
2013-12-28 20:31 - 2012-11-02 09:18 - 00000000 ____D C:\Users\hmbgroup\Desktop\Tax
2013-12-27 08:07 - 2009-12-31 14:47 - 00000000 ____D C:\Users\hmbgroup\AppData\Roaming\FileZilla
2013-12-24 09:42 - 2012-06-22 08:09 - 00000000 ____D C:\Users\hmbgroup\AppData\Local\Citrix
2013-12-23 16:06 - 2013-12-03 18:53 - 00020634 _____ C:\Windows\PFRO.log
2013-12-23 16:05 - 2013-12-18 04:52 - 00000000 ____D C:\Users\hmbgroup\Desktop\mbar
2013-12-23 15:00 - 2013-08-27 20:05 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2013-12-23 14:58 - 2013-10-17 07:41 - 00055808 ___SH C:\Users\hmbgroup\Desktop\Thumbs.db
2013-12-23 11:27 - 2013-12-03 18:53 - 08087120 _____ C:\Windows\System32\FNTCACHE.DAT
2013-12-23 11:26 - 2012-01-10 10:42 - 00000000 ____D C:\Users\hmbgroup\AppData\Roaming\TeamViewer
2013-12-23 08:10 - 2013-01-05 04:36 - 00001456 _____ C:\Users\hmbgroup\AppData\Local\Adobe Save for Web 13.0 Prefs
2013-12-23 07:51 - 2013-12-03 19:00 - 00123600 _____ C:\Users\hmbgroup\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-23 05:08 - 2012-12-18 08:15 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2013-12-20 17:30 - 2012-07-04 08:32 - 00000000 ____D C:\Users\hmbgroup\Desktop\Drupal
2013-12-20 10:21 - 2012-04-24 11:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 07:46 - 2013-12-20 07:45 - 00000000 ____D C:\Users\hmbgroup\AppData\Local\{F3F9A4D3-B342-408D-BB54-685F11F5228A}
2013-12-20 05:56 - 2013-12-20 05:56 - 00347816 _____ (Microsoft Corporation) C:\Users\hmbgroup\Downloads\MicrosoftFixit.wu.LB.150310974994214828.1.1.Run.exe
2013-12-19 19:41 - 2013-12-19 19:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-19 10:59 - 2013-12-19 10:59 - 00000000 ____D C:\Users\hmbgroup\AppData\Local\{ECFA1A93-D71A-4A14-9F20-CB9F52C63B69}
2013-12-19 08:51 - 2013-12-19 08:50 - 00000000 ____D C:\Users\hmbgroup\Desktop\New folder
2013-12-18 13:44 - 2013-12-18 13:43 - 41404760 _____ (Apple Inc.) C:\Users\hmbgroup\Downloads\QuickTimeInstaller.exe
2013-12-18 07:46 - 2013-12-18 07:46 - 00378368 _____ C:\Users\hmbgroup\Desktop\VDI Boot Camp w VMWARE Cisco Nimble Storage AND CTC Technologies-Feb12.msg
2013-12-16 07:17 - 2013-12-16 07:17 - 30724041 _____ C:\Users\hmbgroup\Documents\CoreControl Testimonial_ Andor Gyulai & Casey Patterson.mp4
2013-12-16 07:16 - 2013-12-16 07:16 - 07814536 _____ C:\Users\hmbgroup\Documents\Game changer_ Glove gives steroid-like boost.mp4
2013-12-16 07:15 - 2013-12-16 07:15 - 23842732 _____ C:\Users\hmbgroup\Documents\NFL Network_ Footballogy - CoreControl.mp4
2013-12-16 07:10 - 2013-12-16 07:10 - 46537310 _____ C:\Users\hmbgroup\Documents\CNET_ Future Tech - CoreControl.mp4
2013-12-16 07:07 - 2013-12-16 07:07 - 00000000 ____D C:\ProgramData\YTD Video Downloader
2013-12-16 07:06 - 2013-12-16 07:06 - 00000000 ____D C:\Program Files (x86)\GreenTree Applications
2013-12-16 05:37 - 2013-12-16 05:37 - 00000000 ____D C:\Users\hmbgroup\AppData\Roaming\RealNetworks
2013-12-16 05:37 - 2013-12-16 05:35 - 00000000 ____D C:\Users\hmbgroup\AppData\Roaming\Real
2013-12-16 05:37 - 2013-12-16 05:34 - 00000000 ____D C:\ProgramData\Real
2013-12-16 05:36 - 2013-12-16 05:36 - 00272896 _____ (Progressive Networks) C:\Windows\SysWOW64\pncrt.dll
2013-12-16 05:36 - 2013-12-16 05:36 - 00201872 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\rmoc3260.dll
2013-12-16 05:36 - 2013-12-16 05:36 - 00006656 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5016.dll
2013-12-16 05:36 - 2013-12-16 05:36 - 00005632 _____ (RealNetworks, Inc.) C:\Windows\SysWOW64\pndx5032.dll
2013-12-16 05:36 - 2013-12-16 05:36 - 00001264 _____ C:\Users\Public\Desktop\RealPlayer.lnk
2013-12-16 05:36 - 2013-12-16 05:36 - 00000000 ____D C:\ProgramData\RealNetworks
2013-12-16 05:36 - 2013-12-16 05:36 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2013-12-16 05:36 - 2013-12-16 05:36 - 00000000 ____D C:\Program Files (x86)\Real
2013-12-16 05:36 - 2003-03-18 19:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2013-12-16 05:35 - 2013-12-16 05:34 - 00000000 ____D C:\Users\hmbgroup\Documents\Freemake
2013-12-16 05:35 - 2013-12-16 05:34 - 00000000 ____D C:\ProgramData\Freemake
2013-12-16 05:34 - 2013-12-16 05:34 - 00000000 ____D C:\Program Files (x86)\Freemake
2013-12-16 05:24 - 2013-12-16 05:24 - 00000000 ____D C:\Program Files (x86)\LiveUpload
2013-12-16 04:28 - 2013-08-21 04:24 - 00000000 ____D C:\Users\hmbgroup\Desktop\TD-Aug2013

Files to move or delete:
====================
C:\ProgramData\Uninst.exe


Some content of TEMP:
====================
C:\Users\hmbgroup\AppData\Local\Temp\lowproc.exe
C:\Users\hmbgroup\AppData\Local\Temp\stubhelper.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================

Restore point made on: 2014-01-03 19:25:03
Restore point made on: 2014-01-04 00:00:32

==================== Memory info ===========================

Percentage of memory in use: 16%
Total physical RAM: 3935.02 MB
Available physical RAM: 3284.64 MB
Total Pagefile: 3933.17 MB
Available Pagefile: 3291.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:290.37 GB) (Free:142.27 GB) NTFS
Drive e: (Recovery) (Fixed) (Total:7.62 GB) (Free:0.55 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (KINGSTON) (Removable) (Total:7.45 GB) (Free:7.44 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 85EFE600)
Partition 1: (Not Active) - (Size=8 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=290 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 628A1BE2)
Partition 1: (Active) - (Size=7 GB) - (Type=0B)


LastRegBack: 2013-12-29 21:36

==================== End Of Log ============================



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,007 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:10:35 AM

Posted 15 January 2014 - 09:58 AM

Yes, please try Startup Repair. Even if that fails I would like you to try to boot normally. Describe exactly what you experience with each, including error messages or how far the boot process gets before failing.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 jhogan

jhogan
  • Topic Starter

  • Members
  • 25 posts
  • OFFLINE
  •  
  • Local time:12:35 PM

Posted 15 January 2014 - 10:05 AM

I did try to just startup in Normal Startup and it never moved and/or the screen was black.  I just started the Startup Repair and will let you know how long it takes and what errors I get.  In doing this earlier, it seemed to stall a few times on me and take a few hours.

 

John






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users