Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7 home premium infinite restart loop


  • This topic is locked This topic is locked
2 replies to this topic

#1 bguenther

bguenther

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:05:46 PM

Posted 15 March 2014 - 01:42 PM

HI Everyone,
 
I am working on a Toshiba laptop with Windows 7 home premium.
Problem: windows starts loading then restarts. (forever) I get windows 7 logo screen then black screen with mouse then restart.
 
I have tried
chdsk/f several times, first time it fixed some errors after that it was good.
I change bios setting AHCI mode and back again made no difference.
I scanned with kaspersky came up clean.
Can't boot into safe mode.
tried to disable auto restart on system failure, it did not work it still just kept restarting instead of show bsod
 
Please help if you can. thanks
 
Here is frst64 log file:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-02-2014 (ATTENTION: ====> FRST version is 37 days old and could be outdated)
Ran by SYSTEM on MININT-SBKP2UC on 15-03-2014 13:26:30
Running from F:\Software\Ketarin-1.6.0.434\{downloads}\Security\Farbar x64
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
 
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [X]
HKLM\...\Run: [SmartAudio] - C:\Program Files\CONEXANT\SAII\SAIICpl.exe [307768 2009-11-19] ()
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [505696 2009-11-05] (TOSHIBA Corporation)
HKLM\...\Run: [SmoothView] - C:\Program Files\Toshiba\SmoothView\SmoothView.exe [508216 2009-07-28] (TOSHIBA Corporation)
HKLM\...\Run: [00TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [913720 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2052392 2010-03-10] (Synaptics Incorporated)
HKLM\...\Run: [SmartFaceVWatcher] - C:\Program Files\Toshiba\SmartFaceV\SmartFaceVWatcher.exe [238080 2009-10-19] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [709976 2010-02-05] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] - C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [35672 2010-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] - C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-03-19] (TOSHIBA Corporation)
HKLM\...\Run: [IntelliPoint] - c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2327952 2010-07-21] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2010-03-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [TWebCamera] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2454840 2010-02-24] (TOSHIBA CORPORATION.)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1294136 2009-10-06] (TOSHIBA Corporation)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-01-24] (Ask)
HKLM-x32\...\Run: [ContentTransferWMDetector.exe] - C:\Program Files (x86)\Sony\Content Transfer\ContentTransferWMDetector.exe [583016 2009-11-19] (Sony Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [38872 2012-07-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [919008 2012-07-11] (Adobe Systems Incorporated)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
==================== Services (Whitelisted) =================
S4 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [240736 2013-09-05] (WildTangent)
S4 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1859376 2014-02-04] ()
S4 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S4 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)
S4 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.)
S4 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S4 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-11-26] (McAfee, Inc.)
S4 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-11-04] (McAfee, Inc.)
S4 mfevtp; C:\windows\system32\mfevtps.exe [182752 2013-11-04] (McAfee, Inc.)
S4 MOBKbackup; C:\Program Files (x86)\McAfee Online Backup\MOBKbackup.exe [231224 2010-04-13] (McAfee, Inc.)
S4 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S4 MyWebSearchService; C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE [34320 2011-04-29] (MyWebSearch.com)
S4 WebCakeUpdater; C:\Program Files (x86)\Tepfel\WebCakeDesktop.Updater.exe [51992 2013-08-14] (cake bake)
S4 CltMngSvc; C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S4 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-11-04] (McAfee, Inc.)
S4 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
S4 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
S4 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-11-04] (McAfee, Inc.)
S4 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-11-04] (McAfee, Inc.)
S4 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-11-04] (McAfee, Inc.)
S4 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782360 2013-11-04] (McAfee, Inc.)
S4 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
S4 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
S4 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-11-04] (McAfee, Inc.)
S1 MOBKFilter; C:\Windows\System32\DRIVERS\MOBK.sys [66040 2010-04-13] (Mozy, Inc.)
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 79059559E89D06E8B80CE2944BE20228
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atipmdag.sys AEFAF27F1B7E52C705DF4FB6C96732F6
C:\Windows\System32\DRIVERS\atikmpag.sys 8149DB73BE27950EC72767A1193153A6
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\athrx.sys D6CAD7E5B05055BB8226BDCB1644DA27
C:\Windows\System32\DRIVERS\AtiPcie.sys 7C5D273E29DCC5505469B299C6F29163
C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit
C:\Windows\System32\drivers\cfwids.sys C3EF5F5F169165C01DF8DB9F884D3F1C
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\System32\drivers\CHDRT64.sys 25C58EE97BE0416A373E3E4F855206B5
C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys 6C06701BF1DB05405804D7EB610991CE
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\System32\DRIVERS\FwLnk.sys 60ACB128E64C35C2B4E4AAB1B0A5C293
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\System32\drivers\HipShieldK.sys 29F981739E50305128022CBE10B3659C
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 8F489706472F7E9A06BAAA198703FA64
C:\Windows\System32\Drivers\ksecpkg.sys 868A2CAAB12EFC7A021682BCA0EEC54C
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 48686C29856F46443952A831424F8D6F
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\drivers\McPvDrv.sys F4BE81C919FC0A012F5357E3911D4B67
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\mfeapfk.sys 895040402C88062B6E1F722AF01A1667
C:\Windows\System32\drivers\mfeavfk.sys B796F6230CF956FC95C6766BF845B3F3
C:\Windows\System32\drivers\mfefirek.sys 017664D9DC24B62C368E568011BD2D0A
C:\Windows\System32\drivers\mfehidk.sys 238CBB4E02CD1B20A12A683F7AB5AF05
C:\Windows\System32\DRIVERS\mfencbdc.sys FDB02B0C2865DBDE9571D57D3ABC6A6B
C:\Windows\System32\DRIVERS\mfencrk.sys C3EE053D6A0CCD75C07FADC73D7BA4E4
C:\Windows\System32\drivers\mfewfpk.sys 1477459C6A9BDE33474B45A32B92D59B
C:\Windows\System32\DRIVERS\MOBK.sys 3800C23D0D90C59AAFCDEFDC82B5C4AF
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pgeffect.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\point64.sys B8D8EC78B0F9ED8E220506181274F3D3
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 907C4464381B5EBDFDC60F6C7D0DEDFC
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\SynTP.sys 470C47DABA9CA3966F0AB3F835D7D135
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\DRIVERS\tdcmdpst.sys FD542B661BD22FA69CA789AD0AC58C29
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\TVALZ_O.SYS ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
==================== NetSvcs (Whitelisted) ===================
 
==================== One Month Created Files and Folders ========
 
2014-03-15 13:26 - 2014-03-15 13:26 - 00000000 ____D () C:\FRST
2014-03-15 12:17 - 2014-03-15 12:17 - 00000000 ____D () C:\Windows\Standalone System Sweeper
2014-03-15 12:17 - 2014-03-15 12:17 - 00000000 ____D () C:\symbols
2014-03-15 02:59 - 2014-03-15 02:59 - 00000073 _____ () C:\Windows\{1cd4bed1-b975-4c6a-9a7b-b5c4a6239a09}
2014-03-14 23:57 - 2014-03-14 23:57 - 00000073 _____ () C:\Windows\{d30863ba-9f51-4b31-a3d2-181a89eb250d}
2014-03-13 07:54 - 2014-03-13 07:54 - 00008677 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2014-03-13 07:31 - 2014-02-23 00:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-03-13 07:31 - 2014-02-23 00:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-03-13 07:31 - 2014-02-23 00:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-03-13 07:31 - 2014-02-23 00:12 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-03-13 07:31 - 2014-02-23 00:11 - 03960320 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-03-13 07:31 - 2014-02-23 00:11 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-03-13 07:31 - 2014-02-23 00:11 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-03-13 07:31 - 2014-02-23 00:11 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-03-13 07:31 - 2014-02-23 00:11 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2014-03-13 07:31 - 2014-02-23 00:11 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-03-13 07:31 - 2014-02-23 00:11 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-03-13 07:31 - 2014-02-23 00:11 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-03-13 07:31 - 2014-02-22 22:54 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-13 07:31 - 2014-02-22 22:53 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-13 07:31 - 2014-02-22 22:53 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-13 07:31 - 2014-02-22 22:53 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-13 07:31 - 2014-02-22 22:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-13 07:31 - 2014-02-22 22:53 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-13 07:31 - 2014-02-22 22:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-13 07:31 - 2014-02-22 22:53 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-03-13 07:31 - 2014-02-22 22:53 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-13 07:31 - 2014-02-22 22:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-13 07:31 - 2014-02-22 22:53 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-13 07:31 - 2014-02-22 22:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-03-13 07:31 - 2014-02-22 22:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-13 07:31 - 2014-02-22 21:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2014-03-13 07:31 - 2014-02-22 21:35 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-03-13 07:30 - 2014-02-23 00:13 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-03-13 07:30 - 2014-02-23 00:12 - 19273216 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-03-13 07:30 - 2014-02-23 00:11 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-03-13 07:30 - 2014-02-22 22:54 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-13 07:30 - 2014-02-22 22:53 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-13 07:30 - 2014-02-22 22:53 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-13 06:13 - 2014-03-13 06:13 - 00152274 _____ () C:\Users\User\Documents\mlp harmony.xcf
2014-03-13 06:02 - 2014-03-13 06:02 - 00135519 _____ () C:\Users\User\Documents\mlp alicorn 2.xcf
2014-03-13 06:01 - 2014-03-13 07:51 - 00365622 _____ () C:\Users\User\Documents\mlp elements of harmony.xcf
2014-03-13 05:58 - 2014-03-13 06:07 - 00508991 _____ () C:\Users\User\Documents\mlp alicorn.xcf
2014-03-11 16:01 - 2014-03-12 11:25 - 01694799 _____ () C:\Users\User\Documents\equestria girls sketches part 1.xcf
2014-02-15 12:40 - 2014-02-15 12:40 - 00000000 ____D () C:\Windows\SysWOW64\jmdp
2014-02-15 12:40 - 2014-02-15 12:40 - 00000000 ____D () C:\Windows\System32\ljkb
2014-02-15 12:34 - 2014-02-15 12:39 - 00000000 ____D () C:\Users\User\Documents\My Smilebox Creations
2014-02-15 12:34 - 2014-02-15 12:39 - 00000000 ____D () C:\Users\User\AppData\Local\Smilebox
2014-02-15 12:34 - 2014-02-15 12:36 - 00000000 ____D () C:\Windows\SysWOW64\WNLT
2014-02-15 12:34 - 2014-02-15 12:36 - 00000000 ____D () C:\Windows\SysWOW64\ARFC
2014-02-15 12:34 - 2014-02-04 01:28 - 01859376 _____ () C:\Windows\System32\dmwu.exe
2014-02-15 12:34 - 2014-02-04 01:23 - 00034304 _____ (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll
2014-02-15 12:33 - 2014-03-13 07:22 - 00000000 ____D () C:\Users\User\AppData\Roaming\Smilebox
2014-02-15 12:33 - 2014-02-15 12:33 - 13990795 _____ () C:\Users\User\Downloads\iMovie9.0.7Update.dmg.crdownload
2014-02-15 12:32 - 2013-12-21 01:39 - 00600064 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2014-02-15 12:32 - 2013-12-20 23:56 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-02-15 12:21 - 2014-02-15 12:21 - 00663504 _____ (Conduit) C:\Users\User\Downloads\Smilebox_TSV141C43.exe
2014-02-15 12:21 - 2014-02-15 12:21 - 00663504 _____ (Conduit) C:\Users\User\Downloads\Smilebox_TSV141C2W.exe
2014-02-15 12:19 - 2014-02-15 12:20 - 00000000 ____D () C:\Users\User\AppData\Local\{9C73E551-8C5A-4476-A2DA-DEB81EA7B48A}
2014-02-14 14:58 - 2013-12-31 15:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-02-14 14:58 - 2013-12-31 15:04 - 00420008 _____ () C:\Windows\System32\locale.nls
2014-02-14 14:58 - 2013-12-05 18:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2014-02-14 14:58 - 2013-12-05 18:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2014-02-14 14:58 - 2013-12-05 18:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-02-14 14:58 - 2013-12-05 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-02-14 14:58 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\System32\secproc.dll
2014-02-14 14:58 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\System32\secproc_isv.dll
2014-02-14 14:58 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp_isv.dll
2014-02-14 14:58 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\System32\secproc_ssp.dll
2014-02-14 14:58 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\System32\msdrm.dll
2014-02-14 14:58 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_isv.exe
2014-02-14 14:58 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate.exe
2014-02-14 14:58 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp.exe
2014-02-14 14:58 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\System32\RMActivate_ssp_isv.exe
2014-02-14 14:58 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-02-14 14:58 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-02-14 14:58 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-02-14 14:58 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-02-14 14:58 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-02-14 14:58 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-02-14 14:58 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-02-14 14:58 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-02-14 14:58 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-02-14 14:57 - 2013-12-24 15:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-02-14 14:57 - 2013-12-24 14:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2014-02-14 14:57 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-02-14 14:57 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
 
==================== One Month Modified Files and Folders =======
 
2014-03-15 13:26 - 2014-03-15 13:26 - 00000000 ____D () C:\FRST
2014-03-15 12:17 - 2014-03-15 12:17 - 00000000 ____D () C:\Windows\Standalone System Sweeper
2014-03-15 12:17 - 2014-03-15 12:17 - 00000000 ____D () C:\symbols
2014-03-15 02:59 - 2014-03-15 02:59 - 00000073 _____ () C:\Windows\{1cd4bed1-b975-4c6a-9a7b-b5c4a6239a09}
2014-03-14 23:57 - 2014-03-14 23:57 - 00000073 _____ () C:\Windows\{d30863ba-9f51-4b31-a3d2-181a89eb250d}
2014-03-13 11:18 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\L2Schemas
2014-03-13 11:17 - 2013-08-25 13:32 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-03-13 11:17 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-03-13 10:26 - 2013-12-14 14:14 - 00272322 _____ () C:\Windows\PFRO.log
2014-03-13 08:21 - 2010-09-01 08:54 - 01807253 _____ () C:\Windows\WindowsUpdate.log
2014-03-13 07:54 - 2014-03-13 07:54 - 00008677 _____ () C:\Users\User\AppData\Local\recently-used.xbel
2014-03-13 07:54 - 2013-09-21 12:23 - 00000000 ____D () C:\Users\User\AppData\Local\gtk-2.0
2014-03-13 07:54 - 2013-08-25 14:26 - 00000000 ____D () C:\Users\User\.gimp-2.8
2014-03-13 07:51 - 2014-03-13 06:01 - 00365622 _____ () C:\Users\User\Documents\mlp elements of harmony.xcf
2014-03-13 07:32 - 2010-12-22 17:01 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-13 07:29 - 2009-07-13 20:45 - 00016304 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-13 07:29 - 2009-07-13 20:45 - 00016304 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-13 07:28 - 2013-03-14 07:34 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 07:28 - 2013-03-14 07:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 07:28 - 2009-07-13 21:13 - 00726444 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-03-13 07:25 - 2013-07-20 09:50 - 00001855 _____ () C:\Users\Public\Desktop\McAfee Total Protection.lnk
2014-03-13 07:24 - 2012-08-03 10:38 - 00000000 __RSD () C:\Users\User\Documents\McAfee Vaults
2014-03-13 07:22 - 2014-02-15 12:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\Smilebox
2014-03-13 07:21 - 2014-01-20 13:09 - 00003430 _____ () C:\Windows\System32\Tasks\BackgroundContainer Startup Task
2014-03-13 07:21 - 2010-12-22 17:01 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-13 07:20 - 2013-12-14 14:15 - 00001568 _____ () C:\Windows\setupact.log
2014-03-13 07:20 - 2010-12-22 16:50 - 00000000 ____D () C:\users\User
2014-03-13 07:20 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-13 06:32 - 2014-01-26 14:52 - 00579653 _____ () C:\Users\User\Documents\precure group.xcf
2014-03-13 06:13 - 2014-03-13 06:13 - 00152274 _____ () C:\Users\User\Documents\mlp harmony.xcf
2014-03-13 06:07 - 2014-03-13 05:58 - 00508991 _____ () C:\Users\User\Documents\mlp alicorn.xcf
2014-03-13 06:02 - 2014-03-13 06:02 - 00135519 _____ () C:\Users\User\Documents\mlp alicorn 2.xcf
2014-03-12 11:25 - 2014-03-11 16:01 - 01694799 _____ () C:\Users\User\Documents\equestria girls sketches part 1.xcf
2014-03-11 15:46 - 2013-08-25 13:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\Tepfel
2014-02-23 00:13 - 2014-03-13 07:31 - 01365504 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-02-23 00:13 - 2014-03-13 07:31 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-02-23 00:13 - 2014-03-13 07:30 - 02241536 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-02-23 00:12 - 2014-03-13 07:31 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-02-23 00:12 - 2014-03-13 07:31 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-02-23 00:12 - 2014-03-13 07:30 - 19273216 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-02-23 00:11 - 2014-03-13 07:31 - 03960320 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-02-23 00:11 - 2014-03-13 07:31 - 02648576 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-02-23 00:11 - 2014-03-13 07:31 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-02-23 00:11 - 2014-03-13 07:31 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-02-23 00:11 - 2014-03-13 07:31 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2014-02-23 00:11 - 2014-03-13 07:31 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-02-23 00:11 - 2014-03-13 07:31 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-02-23 00:11 - 2014-03-13 07:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-02-23 00:11 - 2014-03-13 07:30 - 15404032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-02-22 22:54 - 2014-03-13 07:31 - 01140736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-22 22:54 - 2014-03-13 07:30 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-22 22:53 - 2014-03-13 07:31 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-22 22:53 - 2014-03-13 07:31 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-22 22:53 - 2014-03-13 07:31 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-02-22 22:53 - 2014-03-13 07:31 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-22 22:53 - 2014-03-13 07:31 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-22 22:53 - 2014-03-13 07:31 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-22 22:53 - 2014-03-13 07:31 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-02-22 22:53 - 2014-03-13 07:31 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-22 22:53 - 2014-03-13 07:31 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-22 22:53 - 2014-03-13 07:31 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-22 22:53 - 2014-03-13 07:30 - 14358016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-22 22:53 - 2014-03-13 07:30 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-22 22:35 - 2014-03-13 07:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-02-22 22:31 - 2014-03-13 07:31 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-22 21:39 - 2014-03-13 07:31 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2014-02-22 21:35 - 2014-03-13 07:31 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-02-16 08:30 - 2011-01-11 15:32 - 88567024 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-02-16 08:29 - 2013-12-23 14:50 - 00083845 _____ () C:\Windows\IE11_main.log
2014-02-15 15:16 - 2011-01-23 06:56 - 00001712 _____ () C:\Users\User\AppData\Roaming\wklnhst.dat
2014-02-15 15:05 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\System32\FxsTmp
2014-02-15 12:40 - 2014-02-15 12:40 - 00000000 ____D () C:\Windows\SysWOW64\jmdp
2014-02-15 12:40 - 2014-02-15 12:40 - 00000000 ____D () C:\Windows\System32\ljkb
2014-02-15 12:39 - 2014-02-15 12:34 - 00000000 ____D () C:\Users\User\Documents\My Smilebox Creations
2014-02-15 12:39 - 2014-02-15 12:34 - 00000000 ____D () C:\Users\User\AppData\Local\Smilebox
2014-02-15 12:36 - 2014-02-15 12:34 - 00000000 ____D () C:\Windows\SysWOW64\WNLT
2014-02-15 12:36 - 2014-02-15 12:34 - 00000000 ____D () C:\Windows\SysWOW64\ARFC
2014-02-15 12:33 - 2014-02-15 12:33 - 13990795 _____ () C:\Users\User\Downloads\iMovie9.0.7Update.dmg.crdownload
2014-02-15 12:27 - 2010-12-22 17:01 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-15 12:27 - 2010-12-22 17:01 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-15 12:21 - 2014-02-15 12:21 - 00663504 _____ (Conduit) C:\Users\User\Downloads\Smilebox_TSV141C43.exe
2014-02-15 12:21 - 2014-02-15 12:21 - 00663504 _____ (Conduit) C:\Users\User\Downloads\Smilebox_TSV141C2W.exe
2014-02-15 12:20 - 2014-02-15 12:19 - 00000000 ____D () C:\Users\User\AppData\Local\{9C73E551-8C5A-4476-A2DA-DEB81EA7B48A}
2014-02-15 12:20 - 2011-01-23 11:03 - 00000000 ____D () C:\Users\User\AppData\Local\Windows Live
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\mgsqlite3.dll
C:\Users\User\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe
C:\Users\User\AppData\Local\Temp\SPSetup.exe
C:\Users\User\AppData\Local\Temp\WSSetup.exe
 
==================== Known DLLs (Whitelisted) ================
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points  =========================
 
==================== BCD ================================
 
Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=\Device\HarddiskVolume1
path                    \bootmgr
description             Windows Boot Manager
locale                  en-us
inherit                 {globalsettings}
default                 {default}
resumeobject            {7a82d5b2-7634-11e1-8e2d-bce9bfac6809}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30
custom:26000025         Yes
Windows Boot Loader
-------------------
identifier              {7a82d5b3-7634-11e1-8e2d-bce9bfac6809}
device                  locate=\Windows\{1cd4bed1-b975-4c6a-9a7b-b5c4a6239a09}
path                    \windows\system32\winload.exe
description             Microsoft Windows
locale                  en-us
inherit                 {bootloadersettings}
custom:17000077         352321653
osdevice                locate=\Windows\{1cd4bed1-b975-4c6a-9a7b-b5c4a6239a09}
systemroot              \windows
custom:22000005         \Windows\{1cd4bed1-b975-4c6a-9a7b-b5c4a6239a09}
resumeobject            {7a82d5b2-7634-11e1-8e2d-bce9bfac6809}
nx                      OptIn
custom:250000c2         1
detecthal               Yes
 
Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7 Home Premium (recovered)
locale                  en-US
recoverysequence        {9f65e313-ac79-11e3-8b35-b6652e018f6e}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {225f0948-ac58-11e3-ab60-806e6f6e6963}
Windows Boot Loader
-------------------
identifier              {9f65e313-ac79-11e3-8b35-b6652e018f6e}
device                  ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{9f65e314-ac79-11e3-8b35-b6652e018f6e}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment (recovered)
locale                 
osdevice                ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{9f65e314-ac79-11e3-8b35-b6652e018f6e}
systemroot              \windows
winpe                   Yes
 
Resume from Hibernate
---------------------
identifier              {225f0948-ac58-11e3-ab60-806e6f6e6963}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows 7 Home Premium (recovered)
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
debugoptionenabled      No
 
Resume from Hibernate
---------------------
identifier              {7a82d5b2-7634-11e1-8e2d-bce9bfac6809}
device                  locate=unknown
path                    \windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-us
inherit                 {resumeloadersettings}
custom:17000077         352321653
filedevice              partition=C:
filepath                \hiberfil.sys
custom:25000008         1
pae                     Yes
debugoptionenabled      No
Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=\Device\HarddiskVolume1
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-us
inherit                 {globalsettings}
badmemoryaccess         Yes
custom:17000077         352321653
 
EMS Settings
------------
identifier              {emssettings}
bootems                 No
Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200
 
RAM Defects
-----------
identifier              {badmemory}
 
Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}
Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}
Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200
 
Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}
Device options
--------------
identifier              {9f65e314-ac79-11e3-8b35-b6652e018f6e}
ramdisksdidevice        partition=\Device\HarddiskVolume1
ramdisksdipath          \Recovery\WindowsRE\boot.sdi
 
==================== Memory info ===========================
 
Percentage of memory in use: 22%
Total physical RAM: 2810.9 MB
Available physical RAM: 2177.02 MB
Total Pagefile: 2809.1 MB
Available Pagefile: 2160.84 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
 
==================== Drives ================================
 
Drive c: (S3A8955D004) (Fixed) (Total:267.8 GB) (Free:221.57 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HBCD152) (Removable) (Total:7.44 GB) (Free:4.67 GB) FAT32
Drive f: (Lexar) (Removable) (Total:58.49 GB) (Free:26.68 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 5BC53D8B)
Partition 1: (Active) - (Size=1 GB) - (Type=27)
Partition 2: (Not Active) - (Size=268 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=18 GB) - (Type=17)
Partition 4: (Not Active) - (Size=11 GB) - (Type=17)
 
========================================================
Disk: 1 (Size: 7 GB) (Disk ID: 1AB41AB6)
Partition 1: (Active) - (Size=7 GB) - (Type=0C)
Partition 2: (Not Active) - (Size=32 KB) - (Type=21)
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 59 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=58 GB) - (Type=0C)
 
LastRegBack: 2013-08-06 15:01
 
==================== End Of Log ============================

Edit: Moved topic from Am I infected? What do I do? to the more appropriate forum, due to the type of malware log.~ Animal

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 20 March 2014 - 01:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/527615 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:46 PM

Posted 25 March 2014 - 01:50 PM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users