Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Increase in Black Screen w/ Cursor issues- Virus?


  • Please log in to reply
6 replies to this topic

#1 Netghost56

Netghost56

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:51 AM

Posted 11 June 2014 - 09:48 AM

In the past two weeks I've seen this issue skyrocket among Win7 (even Vista!) systems. I've tried AV scans of every affected system; System Restore (when restore points are available) seems to fix the issue.

 

To summarize, the systems boot to a black screen with a moveable cursor. CTRL+ALT+DELETE does nothing. Same goes for Safe Mode. Virus scans of the hard drive (when the drive is mounted onto a working system) come back clean (for the most part). Malware is generally the same. I've tried many possible solutions online, but none have worked.

 

I have noticed that some of the Restore points show an Windows Update was done shortly before the issue happens.

 

So far I have had to do either a System Restore or Factory Image reset. The System Restore, however, showed problems in the registry (Windows Update failures [after restore], AV update failure, services not running, etc) which led to a Factory Image reset in the end. I was unable to resolve registry issues.

 

I've managed to backup client data each time with no loss, but I feel like I'm using dynamite to take out the trash. Is there something I'm missing?



BC AdBot (Login to Remove)

 


m

#2 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:07:51 AM

Posted 11 June 2014 - 10:11 AM

 Have you by chance run a registry cleaner?


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#3 Netghost56

Netghost56
  • Topic Starter

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:51 AM

Posted 11 June 2014 - 10:32 AM

No, I don't use them, and only one system had CCleaner installed, but another was terribly infected with malware, included PC Optimizer and Registry Booster. I don't think it's correlated.



#4 wpgwpg

wpgwpg

  • Members
  • 1,149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US of A
  • Local time:07:51 AM

Posted 11 June 2014 - 11:12 AM

No, I don't use them, and only one system had CCleaner installed, but another was terribly infected with malware, included PC Optimizer and Registry Booster. I don't think it's correlated.

 I hope you're right.  I just point out that registry cleaners do no good and can cause problems that're difficult to diagnose and extremely hard to correct.  When they run, they delete entries that appear to be unused, but MS has put them there for future use.  Then when updates come along and try to use them, whamo, problems hit.  I'd be very suspicious of any computer where one had run.

 

Good luck.


Everyone with a computer should back his system up to an external hard drive regularly.  :thumbsup:

#5 Netghost56

Netghost56
  • Topic Starter

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:51 AM

Posted 11 June 2014 - 11:39 AM

Yeah I caution my clients not to use them, but CCleaner does seem to be popular.
 
I currently have yet another system on the bench that has the same issue. System Restore had checkpoints but would not complete. I pulled the HDD and ran MBAM on a different system, only popped with 2 trojans, one was located in C:\Windows\System32\sysprep.exe\cryptbase.dll and it was a BNOGenerator? I'll have to dig the MBAM logfile out for exact names.
 
I'm going to post a scan of Farbar and see if anything pops. If not, I'll try loading the default registry hives and see what that does.
 
Just not liking having to do Factory Resets on my client's systems- seems like there should be a less invasive way of fixing this.



#6 Netghost56

Netghost56
  • Topic Starter

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:51 AM

Posted 11 June 2014 - 11:57 AM

Here's the FRST scan....Looks like a RPCSS virus...Am I missing anything? What's the best fix?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01 (ATTENTION: ====> FRST version is 90 days old and could be outdated)
Ran by SYSTEM on MININT-U9C228R on 11-06-2014 11:51:38
Running from F:\
Windows 7 Home Premium (X86) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2014\avgui.exe [5180432 2014-04-06] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [] - [X]
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7739936 2009-09-11] (Realtek Semiconductor)
HKLM\...\Run: [vProt] - C:\Program Files\AVG Secure Search\vprot.exe [2557976 2014-04-28] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\RunOnce: [*Restore] - C:\Windows\system32\rstrui.exe /RUNONCE [262656 2010-11-20] (Microsoft Corporation)
HKU\Paul\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_77_ActiveX.exe -update activex
Startup: C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk ->  (No File)

========================== Services (Whitelisted) =================

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-10] (SUPERAntiSpyware.com)
S2 AdvancedSystemCareService5; C:\Program Files\utilities\IObit\Advanced SystemCare 5\ASCService.exe [490840 2011-11-10] (IObit)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3645456 2014-04-18] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [291912 2014-03-27] (AVG Technologies CZ, s.r.o.)
S2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.1.5152.0\AdAwareService.exe [494136 2013-12-11] ()
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [235216 2013-09-06] (McAfee, Inc.)
S2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S2 vToolbarUpdater18.1.0; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.0\ToolbarUpdater.exe [1801240 2014-04-28] (AVG Secure Search)
S2 DcomLaunch; %SystemRoot%\system32\rpcss.dll [X]
S2 RpcSs; %SystemRoot%\system32\rpcss.dll [X]

==================== Drivers (Whitelisted) ====================

S1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [123160 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [199960 2014-04-18] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [150296 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22296 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [193304 2014-03-27] (AVG Technologies CZ, s.r.o.)
S0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [238872 2014-03-27] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [108312 2014-03-31] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [28440 2014-03-27] (AVG Technologies CZ, s.r.o.)
S1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [211224 2014-03-31] (AVG Technologies CZ, s.r.o.)
S1 avgtp; C:\Windows\system32\drivers\avgtpx86.sys [42272 2014-04-28] (AVG Technologies)
S0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [14528 2014-01-05] (Glarysoft Ltd)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [340624 2013-07-17] (BitDefender S.R.L.)

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys F81BB7E487EDCEAB630A7EE66CF23913
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\avgdiskx.sys 4F5490453284A641F159FF7AE6E0D736
C:\Windows\System32\DRIVERS\avgidsdriverx.sys FCA016A74EDAA915F903F2E802CCDDF7
C:\Windows\System32\DRIVERS\avgidshx.sys FF4297EC210BC9A6BCFEF929694EA88D
C:\Windows\System32\DRIVERS\avgidsshimx.sys F3643535D7598B950BC774D8E3D4626D
C:\Windows\System32\DRIVERS\avgldx86.sys D0F06211AE2BDD5F2F82279550EED31B
C:\Windows\System32\DRIVERS\avglogx.sys 9D663E6EBFAF4E74A61B492A79AAB5A1
C:\Windows\System32\DRIVERS\avgmfx86.sys 5E26854C4FF7368A79C48F01D4388E28
C:\Windows\System32\DRIVERS\avgrkx86.sys DAC682B3F40824E1E1011A899ED2AF36
C:\Windows\System32\DRIVERS\avgtdix.sys CFA067ADD4D1A8D081FF816E817CAF39
C:\Windows\system32\drivers\avgtpx86.sys E03A1466A8A7B869EBC90B179D777EA4
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\drivers\BootDefragDriver.sys 9D3719BCB5E78CCAFF5A2B192C0F5B81
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys 85449EEBE8F8EBD6481EFBF0F352B4EB
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 71BC35067CABC02C9453AEAA42B2E43E
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
C:\Windows\System32\DRIVERS\igdkmd32.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHDA.sys 94B1FF5D243D34B31380A2F79FC48959
C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\k57nd60x.sys 7EA81534E80570BDF6EE4A4248BBA4D6
C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys F286830298323272260332D6ABC905C1
C:\Windows\System32\Drivers\ksecpkg.sys D7C760D57B1656DD748B9E4AB6CB5A51
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\system32\drivers\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 21F4B24ACFC79A483515BD986DD9043F
C:\Windows\System32\DRIVERS\mrxsmb.sys 5D16C921E3671636C0EBA3BBAAC5FD25
C:\Windows\System32\DRIVERS\mrxsmb10.sys 6D17A4791ACA19328C685D256349FEFC
C:\Windows\System32\DRIVERS\mrxsmb20.sys B81F204D146000BE76651A50670A5E9E
C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 5E43D2B0EE64123D4880DFA6626DEFDE
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 65375DF758CA1872AB7EBBBA457FD5E6
C:\Windows\System32\Drivers\RDPWD.sys F031683E6D1FEA157ABB2FF260B51E61
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS 39763504067962108505BFF25F024345
C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS 77B9FC20084B48408AD3E87570EB4A85
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys E4C2764065D66EA1D2D3EBC28FE99C46
C:\Windows\System32\DRIVERS\srv2.sys 03F0545BD8D4C77FA0AE1CEEDFCC71AB
C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\DRIVERS\tcpip.sys CA59F7C570AF70BC174F477CFE2D9EE3
C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\Trufos.sys B7C681175E3F8DE967CEFE90E46440B5
C:\Windows\System32\DRIVERS\tssecsrv.sys B37B08F2E5EEB1A37E448E09BACE1101
C:\Windows\System32\drivers\tsusbflt.sys C6A5FBD4977305E1FA23E02C042DB463
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys A1977C315BF5691DA99235AA4A6907AF
C:\Windows\system32\drivers\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
C:\Windows\system32\drivers\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
C:\Windows\system32\drivers\usbohci.sys 9828C8D14CC2676421778F0DE638CF97
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS F991AB9CC6B908DB552166768176896A
C:\Windows\system32\drivers\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 25944D2CC49E0A6C581D02A74B7D6645
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-11 11:51 - 2014-06-11 11:51 - 00000000 ____D () C:\FRST
2014-06-05 11:09 - 2014-06-05 11:09 - 00003304 ____N () C:\bootsqm.dat
2014-06-05 11:08 - 2014-06-05 11:08 - 00000000 __SHD () C:\found.000
2014-06-03 06:32 - 2014-06-03 06:32 - 00000000 ____D () C:\Users\Paul\AppData\Local\{8A00ECF6-D276-459F-973B-5C8BB1A55FA0}
2014-06-03 05:14 - 2014-06-03 05:14 - 00000000 ____D () C:\Users\Paul\AppData\Local\{CD330B0D-0611-4EF7-9759-7AC370E7B330}
2014-06-02 05:21 - 2014-06-02 05:21 - 00000000 ____D () C:\Users\Paul\AppData\Local\{B1F1840F-21FF-4B63-AF91-3588D6210CDF}
2014-06-01 10:59 - 2014-06-01 11:00 - 00000000 ____D () C:\Users\Paul\AppData\Local\{0EA96700-6547-4B71-8859-64479A40D545}
2014-06-01 10:19 - 2014-06-01 10:19 - 00003463 _____ () C:\Users\Paul\Documents\I Can Only Imagine Program.wpd
2014-05-31 13:14 - 2014-05-31 13:14 - 00003831 _____ () C:\Users\Paul\Documents\2014 THS graduation part 2.wpd
2014-05-31 12:59 - 2014-05-31 12:59 - 00008602 _____ () C:\Users\Paul\Documents\2014 graduation 1.wpd
2014-05-31 11:56 - 2014-05-31 11:56 - 00000000 ____D () C:\Users\Paul\AppData\Local\{D456FCE4-B654-4579-AA08-B73876DD71A9}
2014-05-30 06:16 - 2014-05-30 06:17 - 00000000 ____D () C:\Users\Paul\AppData\Local\{065EC788-4025-4281-B397-7FE0B5955EEF}
2014-05-29 06:06 - 2014-05-29 06:07 - 00000000 ____D () C:\Users\Paul\AppData\Local\{63F7DEAF-3DB2-4C13-8D8A-A8E0757FB169}
2014-05-28 08:17 - 2014-05-28 08:17 - 00000000 ____D () C:\Users\Paul\AppData\Local\{5C1BBDDC-D918-4189-BD40-1B1ABB6F5ED6}
2014-05-27 18:27 - 2014-05-27 18:28 - 00000000 ____D () C:\Users\Paul\AppData\Local\{2F43A68F-3D87-43EC-833A-BD2CAB330A9D}
2014-05-27 06:26 - 2014-05-27 06:26 - 00000000 ____D () C:\Users\Paul\AppData\Local\{2717214C-8ECD-4E5E-93EF-5A9419B0F194}
2014-05-26 10:22 - 2014-05-26 10:23 - 00000000 ____D () C:\Users\Paul\AppData\Local\{F6ADDBEE-10AD-4BA7-AA3C-D3EAF11EA3B2}
2014-05-24 10:50 - 2014-05-24 10:50 - 00000000 ____D () C:\Users\Paul\AppData\Local\{E0AA2E02-EBE8-4F2B-AC7C-C3C1F12DD687}
2014-05-23 06:11 - 2014-05-23 06:11 - 00000000 ____D () C:\Users\Paul\AppData\Local\{AC5ED91C-770C-460B-A475-E879FC3AB46B}
2014-05-22 06:36 - 2014-05-22 06:36 - 00000000 ____D () C:\Users\Paul\AppData\Local\{E43DF485-F6E3-4F23-B1F4-9FD7BEB00B73}
2014-05-21 06:06 - 2014-05-21 06:06 - 00000000 ____D () C:\A9R8611.tmp
2014-05-21 06:06 - 2014-05-21 06:06 - 00000000 ____D () C:\A9R8610.tmp
2014-05-21 06:06 - 2014-05-21 06:06 - 00000000 ____D () C:\A9R860F.tmp
2014-05-21 05:59 - 2014-05-21 05:59 - 00000000 ____D () C:\Users\Paul\AppData\Local\{2BBCDEC1-85A3-45ED-8866-CF40BCF6DC93}
2014-05-20 06:06 - 2014-05-20 06:06 - 00000000 ____D () C:\A9RF9F1.tmp
2014-05-20 06:06 - 2014-05-20 06:06 - 00000000 ____D () C:\A9RF9F0.tmp
2014-05-20 06:06 - 2014-05-20 06:06 - 00000000 ____D () C:\A9RF9EF.tmp
2014-05-20 06:06 - 2014-05-20 06:06 - 00000000 ____D () C:\A9RF9EE.tmp
2014-05-20 06:05 - 2014-05-20 06:05 - 00000000 ____D () C:\A9RF9ED.tmp
2014-05-20 06:05 - 2014-05-20 06:05 - 00000000 ____D () C:\A9RF9EC.tmp
2014-05-20 05:26 - 2014-05-20 05:26 - 00000000 ____D () C:\Users\Paul\AppData\Local\{6D8B3030-2BDE-4ADD-AAC0-E05E0348FEFB}
2014-05-19 06:22 - 2014-05-19 06:22 - 00000000 ____D () C:\Users\Paul\AppData\Local\{3D1EFEB7-33AE-4F71-BC3B-965B71757009}
2014-05-19 06:04 - 2014-05-19 06:04 - 00000000 ____D () C:\A9R8209.tmp
2014-05-19 06:04 - 2014-05-19 06:04 - 00000000 ____D () C:\A9R8208.tmp
2014-05-19 06:04 - 2014-05-19 06:04 - 00000000 ____D () C:\A9R8207.tmp
2014-05-19 06:04 - 2014-05-19 06:04 - 00000000 ____D () C:\A9R8206.tmp
2014-05-19 06:04 - 2014-05-19 06:04 - 00000000 ____D () C:\A9R8205.tmp
2014-05-19 06:04 - 2014-05-19 06:04 - 00000000 ____D () C:\A9R8204.tmp
2014-05-19 06:04 - 2014-05-19 06:04 - 00000000 ____D () C:\A9R5614.tmp
2014-05-17 11:27 - 2014-05-17 11:27 - 00000000 ____D () C:\A9R1770.tmp
2014-05-17 11:27 - 2014-05-17 11:27 - 00000000 ____D () C:\A9R176F.tmp
2014-05-17 10:56 - 2014-05-17 10:56 - 00000000 ____D () C:\Users\Paul\AppData\Local\{F74E4B4C-189C-4413-AA7B-D6B22996E563}
2014-05-17 10:44 - 2014-05-17 10:44 - 00000000 ____D () C:\A9R9160.tmp
2014-05-17 10:44 - 2014-05-17 10:44 - 00000000 ____D () C:\A9R915F.tmp
2014-05-17 10:44 - 2014-05-17 10:44 - 00000000 ____D () C:\A9R915E.tmp
2014-05-17 10:43 - 2014-05-17 10:43 - 00000000 ____D () C:\A9R432F.tmp
2014-05-16 11:46 - 2014-05-16 11:46 - 00000000 ____D () C:\A9RC12B.tmp
2014-05-16 11:27 - 2014-05-16 11:27 - 00000000 ____D () C:\A9R8A34.tmp
2014-05-16 11:27 - 2014-05-16 11:27 - 00000000 ____D () C:\A9R8A33.tmp
2014-05-16 06:48 - 2014-05-16 06:48 - 00000000 ____D () C:\Users\Paul\AppData\Local\{B10D3E20-2B84-4264-95E7-DDDE049450EC}
2014-05-16 06:47 - 2014-05-16 06:47 - 00000000 ____D () C:\A9RBA58.tmp
2014-05-16 06:47 - 2014-05-16 06:47 - 00000000 ____D () C:\A9RBA57.tmp
2014-05-16 06:47 - 2014-05-16 06:47 - 00000000 ____D () C:\A9RBA56.tmp
2014-05-16 06:47 - 2014-05-16 06:47 - 00000000 ____D () C:\A9RBA55.tmp
2014-05-16 06:47 - 2014-05-16 06:47 - 00000000 ____D () C:\A9RBA54.tmp
2014-05-16 06:47 - 2014-05-16 06:47 - 00000000 ____D () C:\A9RBA53.tmp
2014-05-16 06:47 - 2014-05-16 06:47 - 00000000 ____D () C:\A9RBA52.tmp
2014-05-15 13:33 - 2014-05-15 13:33 - 00000000 ____D () C:\A9R3B12.tmp
2014-05-15 13:16 - 2014-05-15 13:16 - 00000000 ____D () C:\A9RAA47.tmp
2014-05-15 12:33 - 2014-05-15 12:33 - 00000000 ____D () C:\A9RB2.tmp
2014-05-15 12:33 - 2014-05-15 12:33 - 00000000 ____D () C:\A9RB1.tmp
2014-05-15 12:33 - 2014-05-15 12:33 - 00000000 ____D () C:\A9RB0.tmp
2014-05-15 12:17 - 2014-05-15 12:17 - 00000000 ____D () C:\A9R37C7.tmp
2014-05-15 12:17 - 2014-05-15 12:17 - 00000000 ____D () C:\A9R37C6.tmp
2014-05-15 12:14 - 2014-05-15 12:14 - 00000000 ____D () C:\A9RAB26.tmp
2014-05-15 12:14 - 2014-05-15 12:14 - 00000000 ____D () C:\A9RAB25.tmp
2014-05-15 12:13 - 2014-05-15 12:13 - 00000000 ____D () C:\A9RAB24.tmp
2014-05-15 12:13 - 2014-05-15 12:13 - 00000000 ____D () C:\A9RAB23.tmp
2014-05-15 12:13 - 2014-05-15 12:13 - 00000000 ____D () C:\A9RAB22.tmp
2014-05-15 12:13 - 2014-05-15 12:13 - 00000000 ____D () C:\A9RAB21.tmp
2014-05-15 11:15 - 2014-05-15 11:15 - 00000000 ____D () C:\A9R562D.tmp
2014-05-15 11:01 - 2014-05-15 11:01 - 00000000 ____D () C:\A9R3E88.tmp
2014-05-15 10:59 - 2014-05-15 10:59 - 00000000 ____D () C:\A9R909F.tmp
2014-05-15 10:59 - 2014-05-15 10:59 - 00000000 ____D () C:\A9R909E.tmp
2014-05-15 10:59 - 2014-05-15 10:59 - 00000000 ____D () C:\A9R909D.tmp
2014-05-15 10:58 - 2014-05-15 10:58 - 00000000 ____D () C:\A9R609A.tmp
2014-05-15 10:58 - 2014-05-15 10:58 - 00000000 ____D () C:\A9R6099.tmp
2014-05-15 10:58 - 2014-05-15 10:58 - 00000000 ____D () C:\A9R6098.tmp
2014-05-15 10:54 - 2014-05-15 10:54 - 00000000 ____D () C:\A9R1B64.tmp
2014-05-15 10:54 - 2014-05-15 10:54 - 00000000 ____D () C:\A9R1B63.tmp
2014-05-15 10:54 - 2014-05-15 10:54 - 00000000 ____D () C:\A9R1B62.tmp
2014-05-15 10:54 - 2014-05-15 10:54 - 00000000 ____D () C:\A9R1B61.tmp
2014-05-15 10:54 - 2014-05-15 10:54 - 00000000 ____D () C:\A9R1B60.tmp
2014-05-15 10:54 - 2014-05-15 10:54 - 00000000 ____D () C:\A9R1B5F.tmp
2014-05-15 08:37 - 2014-05-15 08:37 - 00000000 ____D () C:\A9RA37F.tmp
2014-05-15 08:15 - 2014-05-15 08:15 - 00000000 ____D () C:\A9R841C.tmp
2014-05-15 07:15 - 2014-05-15 07:15 - 00000000 ____D () C:\A9R889E.tmp
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\A9RF557.tmp
2014-05-15 07:12 - 2014-05-15 07:12 - 00000000 ____D () C:\A9RF556.tmp
2014-05-15 07:12 - 2014-05-15 07:12 - 00000000 ____D () C:\A9RF555.tmp
2014-05-15 07:12 - 2014-05-15 07:12 - 00000000 ____D () C:\A9RF554.tmp
2014-05-15 06:58 - 2014-05-15 06:58 - 00000000 ____D () C:\A9R9B04.tmp
2014-05-15 06:22 - 2014-05-15 06:22 - 00000000 ____D () C:\Users\Paul\AppData\Local\{476151A6-90F2-4458-95DC-8B5174EFEC73}
2014-05-15 06:22 - 2014-05-15 06:22 - 00000000 ____D () C:\A9R4D15.tmp
2014-05-15 06:22 - 2014-05-15 06:22 - 00000000 ____D () C:\A9R4D14.tmp
2014-05-15 06:22 - 2014-05-15 06:22 - 00000000 ____D () C:\A9R4D13.tmp
2014-05-14 13:47 - 2014-05-14 13:47 - 00000000 ____D () C:\A9RC415.tmp
2014-05-14 13:47 - 2014-05-14 13:47 - 00000000 ____D () C:\A9RC414.tmp
2014-05-14 13:35 - 2014-05-14 13:35 - 00000000 ____D () C:\A9RA79E.tmp
2014-05-14 13:33 - 2014-05-14 13:33 - 00000000 ____D () C:\A9R9AF.tmp
2014-05-14 13:33 - 2014-05-14 13:33 - 00000000 ____D () C:\A9R9AE.tmp
2014-05-14 13:32 - 2014-05-14 13:32 - 00000000 ____D () C:\A9R9AD.tmp
2014-05-14 13:32 - 2014-05-14 13:32 - 00000000 ____D () C:\A9R9AC.tmp
2014-05-14 13:32 - 2014-05-14 13:32 - 00000000 ____D () C:\A9R9AB.tmp
2014-05-14 13:21 - 2014-05-14 13:21 - 00000000 ____D () C:\A9RBDAD.tmp
2014-05-14 13:14 - 2014-05-14 13:14 - 00000000 ____D () C:\A9R71B1.tmp
2014-05-14 13:14 - 2014-05-14 13:14 - 00000000 ____D () C:\A9R71B0.tmp
2014-05-14 12:14 - 2014-05-14 12:14 - 00000000 ____D () C:\A9R3F9A.tmp
2014-05-14 12:14 - 2014-05-14 12:14 - 00000000 ____D () C:\A9R3F99.tmp
2014-05-14 12:14 - 2014-05-14 12:14 - 00000000 ____D () C:\A9R3F98.tmp
2014-05-14 12:14 - 2014-05-14 12:14 - 00000000 ____D () C:\A9R3F97.tmp
2014-05-14 06:04 - 2014-05-14 06:04 - 00000000 ____D () C:\Users\Paul\AppData\Local\{C4DA0125-9754-4A7C-ABEF-BB7749E94A9C}
2014-05-13 13:47 - 2014-05-13 13:47 - 00000000 ____D () C:\A9R6104.tmp
2014-05-13 13:47 - 2014-05-13 13:47 - 00000000 ____D () C:\A9R6103.tmp
2014-05-13 11:04 - 2014-05-13 11:04 - 00000000 ____D () C:\A9RD102.tmp
2014-05-13 11:04 - 2014-05-13 11:04 - 00000000 ____D () C:\A9RD101.tmp
2014-05-13 06:15 - 2014-05-13 06:15 - 00000000 ____D () C:\Users\Paul\AppData\Local\{F15033EE-359D-425B-B646-5B48325FAE1D}
2014-05-13 06:03 - 2014-05-13 06:03 - 00000000 ____D () C:\A9R5316.tmp
2014-05-13 06:03 - 2014-05-13 06:03 - 00000000 ____D () C:\A9R5315.tmp
2014-05-12 13:47 - 2014-05-12 13:47 - 00000000 ____D () C:\A9RFA5A.tmp
2014-05-12 13:47 - 2014-05-12 13:47 - 00000000 ____D () C:\A9RFA59.tmp
2014-05-12 06:05 - 2014-05-12 06:05 - 00000000 ____D () C:\Users\Paul\AppData\Local\{B8EDE861-BD34-4C88-88FB-968D734C11CA}
2014-05-12 06:03 - 2014-05-12 06:03 - 00000000 ____D () C:\A9REA2D.tmp
2014-05-12 06:03 - 2014-05-12 06:03 - 00000000 ____D () C:\A9REA2C.tmp
2014-05-12 06:03 - 2014-05-12 06:03 - 00000000 ____D () C:\A9REA2B.tmp
2014-05-12 06:03 - 2014-05-12 06:03 - 00000000 ____D () C:\A9RC5AA.tmp

==================== One Month Modified Files and Folders =======

2014-06-11 11:51 - 2014-06-11 11:51 - 00000000 ____D () C:\FRST
2014-06-11 08:02 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\NDF
2014-06-11 08:02 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-11 08:02 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\AppCompat
2014-06-11 08:01 - 2014-01-31 12:03 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-11 08:01 - 2014-01-08 11:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-11 08:01 - 2014-01-08 09:15 - 00000000 ____D () C:\Program Files\Common Files\AVG Secure Search
2014-06-11 08:01 - 2012-09-06 00:01 - 00000000 ___RD () C:\Program Files\Skype
2014-06-11 08:01 - 2012-09-06 00:01 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-11 08:01 - 2011-09-30 07:17 - 00000000 ____D () C:\ProgramData\MFAData
2014-06-11 08:01 - 2010-07-28 07:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-11 08:01 - 2010-07-28 07:11 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-06-11 08:01 - 2010-07-22 16:42 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-06-11 08:01 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\registration
2014-06-11 08:01 - 2009-07-13 18:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-11 07:58 - 2011-12-30 14:53 - 00000000 ____D () C:\ProgramData\Skype
2014-06-11 05:29 - 2010-07-27 07:21 - 00000000 ____D () C:\users\Paul
2014-06-09 12:28 - 2009-07-13 18:37 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-06-05 11:09 - 2014-06-05 11:09 - 00003304 ____N () C:\bootsqm.dat
2014-06-05 11:08 - 2014-06-05 11:08 - 00000000 __SHD () C:\found.000
2014-06-04 07:11 - 2014-01-08 12:19 - 00000000 ____D () C:\Windows\System32\MRT
2014-06-03 06:32 - 2014-06-03 06:32 - 00000000 ____D () C:\Users\Paul\AppData\Local\{8A00ECF6-D276-459F-973B-5C8BB1A55FA0}
2014-06-03 05:14 - 2014-06-03 05:14 - 00000000 ____D () C:\Users\Paul\AppData\Local\{CD330B0D-0611-4EF7-9759-7AC370E7B330}
2014-06-02 05:21 - 2014-06-02 05:21 - 00000000 ____D () C:\Users\Paul\AppData\Local\{B1F1840F-21FF-4B63-AF91-3588D6210CDF}
2014-06-01 11:00 - 2014-06-01 10:59 - 00000000 ____D () C:\Users\Paul\AppData\Local\{0EA96700-6547-4B71-8859-64479A40D545}
2014-06-01 10:19 - 2014-06-01 10:19 - 00003463 _____ () C:\Users\Paul\Documents\I Can Only Imagine Program.wpd
2014-05-31 13:14 - 2014-05-31 13:14 - 00003831 _____ () C:\Users\Paul\Documents\2014 THS graduation part 2.wpd
2014-05-31 12:59 - 2014-05-31 12:59 - 00008602 _____ () C:\Users\Paul\Documents\2014 graduation 1.wpd
2014-05-31 11:56 - 2014-05-31 11:56 - 00000000 ____D () C:\Users\Paul\AppData\Local\{D456FCE4-B654-4579-AA08-B73876DD71A9}
2014-05-30 06:17 - 2014-05-30 06:16 - 00000000 ____D () C:\Users\Paul\AppData\Local\{065EC788-4025-4281-B397-7FE0B5955EEF}
2014-05-29 06:07 - 2014-05-29 06:06 - 00000000 ____D () C:\Users\Paul\AppData\Local\{63F7DEAF-3DB2-4C13-8D8A-A8E0757FB169}
2014-05-28 08:17 - 2014-05-28 08:17 - 00000000 ____D () C:\Users\Paul\AppData\Local\{5C1BBDDC-D918-4189-BD40-1B1ABB6F5ED6}
2014-05-27 18:28 - 2014-05-27 18:27 - 00000000 ____D () C:\Users\Paul\AppData\Local\{2F43A68F-3D87-43EC-833A-BD2CAB330A9D}
2014-05-27 06:26 - 2014-05-27 06:26 - 00000000 ____D () C:\Users\Paul\AppData\Local\{2717214C-8ECD-4E5E-93EF-5A9419B0F194}
2014-05-26 10:23 - 2014-05-26 10:22 - 00000000 ____D () C:\Users\Paul\AppData\Local\{F6ADDBEE-10AD-4BA7-AA3C-D3EAF11EA3B2}
2014-05-24 10:50 - 2014-05-24 10:50 - 00000000 ____D () C:\Users\Paul\AppData\Local\{E0AA2E02-EBE8-4F2B-AC7C-C3C1F12DD687}
2014-05-23 12:23 - 2009-07-13 20:55 - 01086838 _____ () C:\Windows\WindowsUpdate.log
2014-05-23 06:11 - 2014-05-23 06:11 - 00000000 ____D () C:\Users\Paul\AppData\Local\{AC5ED91C-770C-460B-A475-E879FC3AB46B}
2014-05-22 06:36 - 2014-05-22 06:36 - 00000000 ____D () C:\Users\Paul\AppData\Local\{E43DF485-F6E3-4F23-B1F4-9FD7BEB00B73}
2014-05-21 12:45 - 2014-02-27 13:52 - 00000000 ___RD () C:\Users\Paul\Dropbox
2014-05-21 12:45 - 2014-02-27 13:50 - 00000000 ____D () C:\Users\Paul\AppData\Roaming\Dropbox
2014-05-21 06:06 - 2014-05-21 06:06 - 00000000 ____D () C:\A9R8611.tmp
2014-05-21 06:06 - 2014-05-21 06:06 - 00000000 ____D () C:\A9R8610.tmp
2014-05-21 06:06 - 2014-05-21 06:06 - 00000000 ____D () C:\A9R860F.tmp
2014-05-21 05:59 - 2014-05-21 05:59 - 00000000 ____D () C:\Users\Paul\AppData\Local\{2BBCDEC1-85A3-45ED-8866-CF40BCF6DC93}
2014-05-20 06:06 - 2014-05-20 06:06 - 00000000 ____D () C:\A9RF9F1.tmp
2014-05-20 06:06 - 2014-05-20 06:06 - 00000000 ____D () C:\A9RF9F0.tmp
2014-05-20 06:06 - 2014-05-20 06:06 - 00000000 ____D () C:\A9RF9EF.tmp
2014-05-20 06:06 - 2014-05-20 06:06 - 00000000 ____D () C:\A9RF9EE.tmp
2014-05-20 06:05 - 2014-05-20 06:05 - 00000000 ____D () C:\A9RF9ED.tmp
2014-05-20 06:05 - 2014-05-20 06:05 - 00000000 ____D () C:\A9RF9EC.tmp
2014-05-20 05:26 - 2014-05-20 05:26 - 00000000 ____D () C:\Users\Paul\AppData\Local\{6D8B3030-2BDE-4ADD-AAC0-E05E0348FEFB}
2014-05-19 10:51 - 2011-12-01 08:18 - 00000000 ____D () C:\Users\Paul\Documents\PM signature w
2014-05-19 10:48 - 2010-07-22 16:38 - 00726444 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-05-19 10:47 - 2014-01-08 11:51 - 00002980 _____ () C:\Windows\setupact.log
2014-05-19 06:22 - 2014-05-19 06:22 - 00000000 ____D () C:\Users\Paul\AppData\Local\{3D1EFEB7-33AE-4F71-BC3B-965B71757009}
2014-05-19 06:04 - 2014-05-19 06:04 - 00000000 ____D () C:\A9R8209.tmp
2014-05-19 06:04 - 2014-05-19 06:04 - 00000000 ____D () C:\A9R8208.tmp
2014-05-19 06:04 - 2014-05-19 06:04 - 00000000 ____D () C:\A9R8207.tmp
2014-05-19 06:04 - 2014-05-19 06:04 - 00000000 ____D () C:\A9R8206.tmp
2014-05-19 06:04 - 2014-05-19 06:04 - 00000000 ____D () C:\A9R8205.tmp
2014-05-19 06:04 - 2014-05-19 06:04 - 00000000 ____D () C:\A9R8204.tmp
2014-05-19 06:04 - 2014-05-19 06:04 - 00000000 ____D () C:\A9R5614.tmp
2014-05-17 11:27 - 2014-05-17 11:27 - 00000000 ____D () C:\A9R1770.tmp
2014-05-17 11:27 - 2014-05-17 11:27 - 00000000 ____D () C:\A9R176F.tmp
2014-05-17 10:56 - 2014-05-17 10:56 - 00000000 ____D () C:\Users\Paul\AppData\Local\{F74E4B4C-189C-4413-AA7B-D6B22996E563}
2014-05-17 10:44 - 2014-05-17 10:44 - 00000000 ____D () C:\A9R9160.tmp
2014-05-17 10:44 - 2014-05-17 10:44 - 00000000 ____D () C:\A9R915F.tmp
2014-05-17 10:44 - 2014-05-17 10:44 - 00000000 ____D () C:\A9R915E.tmp
2014-05-17 10:43 - 2014-05-17 10:43 - 00000000 ____D () C:\A9R432F.tmp
2014-05-16 12:00 - 2014-01-09 06:35 - 00002131 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-05-16 11:46 - 2014-05-16 11:46 - 00000000 ____D () C:\A9RC12B.tmp
2014-05-16 11:27 - 2014-05-16 11:27 - 00000000 ____D () C:\A9R8A34.tmp
2014-05-16 11:27 - 2014-05-16 11:27 - 00000000 ____D () C:\A9R8A33.tmp
2014-05-16 06:48 - 2014-05-16 06:48 - 00000000 ____D () C:\Users\Paul\AppData\Local\{B10D3E20-2B84-4264-95E7-DDDE049450EC}
2014-05-16 06:47 - 2014-05-16 06:47 - 00000000 ____D () C:\A9RBA58.tmp
2014-05-16 06:47 - 2014-05-16 06:47 - 00000000 ____D () C:\A9RBA57.tmp
2014-05-16 06:47 - 2014-05-16 06:47 - 00000000 ____D () C:\A9RBA56.tmp
2014-05-16 06:47 - 2014-05-16 06:47 - 00000000 ____D () C:\A9RBA55.tmp
2014-05-16 06:47 - 2014-05-16 06:47 - 00000000 ____D () C:\A9RBA54.tmp
2014-05-16 06:47 - 2014-05-16 06:47 - 00000000 ____D () C:\A9RBA53.tmp
2014-05-16 06:47 - 2014-05-16 06:47 - 00000000 ____D () C:\A9RBA52.tmp
2014-05-15 13:33 - 2014-05-15 13:33 - 00000000 ____D () C:\A9R3B12.tmp
2014-05-15 13:16 - 2014-05-15 13:16 - 00000000 ____D () C:\A9RAA47.tmp
2014-05-15 12:33 - 2014-05-15 12:33 - 00000000 ____D () C:\A9RB2.tmp
2014-05-15 12:33 - 2014-05-15 12:33 - 00000000 ____D () C:\A9RB1.tmp
2014-05-15 12:33 - 2014-05-15 12:33 - 00000000 ____D () C:\A9RB0.tmp
2014-05-15 12:17 - 2014-05-15 12:17 - 00000000 ____D () C:\A9R37C7.tmp
2014-05-15 12:17 - 2014-05-15 12:17 - 00000000 ____D () C:\A9R37C6.tmp
2014-05-15 12:14 - 2014-05-15 12:14 - 00000000 ____D () C:\A9RAB26.tmp
2014-05-15 12:14 - 2014-05-15 12:14 - 00000000 ____D () C:\A9RAB25.tmp
2014-05-15 12:13 - 2014-05-15 12:13 - 00000000 ____D () C:\A9RAB24.tmp
2014-05-15 12:13 - 2014-05-15 12:13 - 00000000 ____D () C:\A9RAB23.tmp
2014-05-15 12:13 - 2014-05-15 12:13 - 00000000 ____D () C:\A9RAB22.tmp
2014-05-15 12:13 - 2014-05-15 12:13 - 00000000 ____D () C:\A9RAB21.tmp
2014-05-15 11:15 - 2014-05-15 11:15 - 00000000 ____D () C:\A9R562D.tmp
2014-05-15 11:01 - 2014-05-15 11:01 - 00000000 ____D () C:\A9R3E88.tmp
2014-05-15 10:59 - 2014-05-15 10:59 - 00000000 ____D () C:\A9R909F.tmp
2014-05-15 10:59 - 2014-05-15 10:59 - 00000000 ____D () C:\A9R909E.tmp
2014-05-15 10:59 - 2014-05-15 10:59 - 00000000 ____D () C:\A9R909D.tmp
2014-05-15 10:58 - 2014-05-15 10:58 - 00000000 ____D () C:\A9R609A.tmp
2014-05-15 10:58 - 2014-05-15 10:58 - 00000000 ____D () C:\A9R6099.tmp
2014-05-15 10:58 - 2014-05-15 10:58 - 00000000 ____D () C:\A9R6098.tmp
2014-05-15 10:54 - 2014-05-15 10:54 - 00000000 ____D () C:\A9R1B64.tmp
2014-05-15 10:54 - 2014-05-15 10:54 - 00000000 ____D () C:\A9R1B63.tmp
2014-05-15 10:54 - 2014-05-15 10:54 - 00000000 ____D () C:\A9R1B62.tmp
2014-05-15 10:54 - 2014-05-15 10:54 - 00000000 ____D () C:\A9R1B61.tmp
2014-05-15 10:54 - 2014-05-15 10:54 - 00000000 ____D () C:\A9R1B60.tmp
2014-05-15 10:54 - 2014-05-15 10:54 - 00000000 ____D () C:\A9R1B5F.tmp
2014-05-15 08:37 - 2014-05-15 08:37 - 00000000 ____D () C:\A9RA37F.tmp
2014-05-15 08:15 - 2014-05-15 08:15 - 00000000 ____D () C:\A9R841C.tmp
2014-05-15 07:15 - 2014-05-15 07:15 - 00000000 ____D () C:\A9R889E.tmp
2014-05-15 07:13 - 2014-05-15 07:13 - 00000000 ____D () C:\A9RF557.tmp
2014-05-15 07:12 - 2014-05-15 07:12 - 00000000 ____D () C:\A9RF556.tmp
2014-05-15 07:12 - 2014-05-15 07:12 - 00000000 ____D () C:\A9RF555.tmp
2014-05-15 07:12 - 2014-05-15 07:12 - 00000000 ____D () C:\A9RF554.tmp
2014-05-15 06:58 - 2014-05-15 06:58 - 00000000 ____D () C:\A9R9B04.tmp
2014-05-15 06:22 - 2014-05-15 06:22 - 00000000 ____D () C:\Users\Paul\AppData\Local\{476151A6-90F2-4458-95DC-8B5174EFEC73}
2014-05-15 06:22 - 2014-05-15 06:22 - 00000000 ____D () C:\A9R4D15.tmp
2014-05-15 06:22 - 2014-05-15 06:22 - 00000000 ____D () C:\A9R4D14.tmp
2014-05-15 06:22 - 2014-05-15 06:22 - 00000000 ____D () C:\A9R4D13.tmp
2014-05-14 13:47 - 2014-05-14 13:47 - 00000000 ____D () C:\A9RC415.tmp
2014-05-14 13:47 - 2014-05-14 13:47 - 00000000 ____D () C:\A9RC414.tmp
2014-05-14 13:35 - 2014-05-14 13:35 - 00000000 ____D () C:\A9RA79E.tmp
2014-05-14 13:33 - 2014-05-14 13:33 - 00000000 ____D () C:\A9R9AF.tmp
2014-05-14 13:33 - 2014-05-14 13:33 - 00000000 ____D () C:\A9R9AE.tmp
2014-05-14 13:32 - 2014-05-14 13:32 - 00000000 ____D () C:\A9R9AD.tmp
2014-05-14 13:32 - 2014-05-14 13:32 - 00000000 ____D () C:\A9R9AC.tmp
2014-05-14 13:32 - 2014-05-14 13:32 - 00000000 ____D () C:\A9R9AB.tmp
2014-05-14 13:21 - 2014-05-14 13:21 - 00000000 ____D () C:\A9RBDAD.tmp
2014-05-14 13:14 - 2014-05-14 13:14 - 00000000 ____D () C:\A9R71B1.tmp
2014-05-14 13:14 - 2014-05-14 13:14 - 00000000 ____D () C:\A9R71B0.tmp
2014-05-14 12:14 - 2014-05-14 12:14 - 00000000 ____D () C:\A9R3F9A.tmp
2014-05-14 12:14 - 2014-05-14 12:14 - 00000000 ____D () C:\A9R3F99.tmp
2014-05-14 12:14 - 2014-05-14 12:14 - 00000000 ____D () C:\A9R3F98.tmp
2014-05-14 12:14 - 2014-05-14 12:14 - 00000000 ____D () C:\A9R3F97.tmp
2014-05-14 08:21 - 2012-10-02 13:53 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2014-05-14 08:21 - 2011-09-26 07:57 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2014-05-14 06:04 - 2014-05-14 06:04 - 00000000 ____D () C:\Users\Paul\AppData\Local\{C4DA0125-9754-4A7C-ABEF-BB7749E94A9C}
2014-05-13 13:47 - 2014-05-13 13:47 - 00000000 ____D () C:\A9R6104.tmp
2014-05-13 13:47 - 2014-05-13 13:47 - 00000000 ____D () C:\A9R6103.tmp
2014-05-13 11:04 - 2014-05-13 11:04 - 00000000 ____D () C:\A9RD102.tmp
2014-05-13 11:04 - 2014-05-13 11:04 - 00000000 ____D () C:\A9RD101.tmp
2014-05-13 06:15 - 2014-05-13 06:15 - 00000000 ____D () C:\Users\Paul\AppData\Local\{F15033EE-359D-425B-B646-5B48325FAE1D}
2014-05-13 06:03 - 2014-05-13 06:03 - 00000000 ____D () C:\A9R5316.tmp
2014-05-13 06:03 - 2014-05-13 06:03 - 00000000 ____D () C:\A9R5315.tmp
2014-05-12 13:47 - 2014-05-12 13:47 - 00000000 ____D () C:\A9RFA5A.tmp
2014-05-12 13:47 - 2014-05-12 13:47 - 00000000 ____D () C:\A9RFA59.tmp
2014-05-12 06:05 - 2014-05-12 06:05 - 00000000 ____D () C:\Users\Paul\AppData\Local\{B8EDE861-BD34-4C88-88FB-968D734C11CA}
2014-05-12 06:03 - 2014-05-12 06:03 - 00000000 ____D () C:\A9REA2D.tmp
2014-05-12 06:03 - 2014-05-12 06:03 - 00000000 ____D () C:\A9REA2C.tmp
2014-05-12 06:03 - 2014-05-12 06:03 - 00000000 ____D () C:\A9REA2B.tmp
2014-05-12 06:03 - 2014-05-12 06:03 - 00000000 ____D () C:\A9RC5AA.tmp

Some content of TEMP:
====================
C:\Users\Paul\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpb9mp0u.dll
C:\Users\Paul\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmptl7lpz.dll


==================== Known DLLs (Whitelisted) ============


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll IS MISSING <==== ATTENTION!.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== BCD ================================

Windows Boot Manager
--------------------
identifier              {bootmgr}
device                  partition=Y:
description             Windows Boot Manager
locale                  en-US
inherit                 {globalsettings}
default                 {default}
resumeobject            {ec580791-9608-11df-bcf3-b8ac6fbd68b1}
displayorder            {default}
toolsdisplayorder       {memdiag}
timeout                 30

Windows Boot Loader
-------------------
identifier              {default}
device                  partition=C:
path                    \Windows\system32\winload.exe
description             Windows 7
locale                  en-US
inherit                 {bootloadersettings}
recoverysequence        {current}
recoveryenabled         Yes
osdevice                partition=C:
systemroot              \Windows
resumeobject            {ec580791-9608-11df-bcf3-b8ac6fbd68b1}
nx                      OptIn

Windows Boot Loader
-------------------
identifier              {current}
device                  ramdisk=[Y:]\Recovery\WindowsRE\Winre.wim,{ec580794-9608-11df-bcf3-b8ac6fbd68b1}
path                    \windows\system32\winload.exe
description             Windows Recovery Environment
inherit                 {bootloadersettings}
osdevice                ramdisk=[Y:]\Recovery\WindowsRE\Winre.wim,{ec580794-9608-11df-bcf3-b8ac6fbd68b1}
systemroot              \windows
nx                      OptIn
winpe                   Yes

Resume from Hibernate
---------------------
identifier              {ec580791-9608-11df-bcf3-b8ac6fbd68b1}
device                  partition=C:
path                    \Windows\system32\winresume.exe
description             Windows Resume Application
locale                  en-US
inherit                 {resumeloadersettings}
filedevice              partition=C:
filepath                \hiberfil.sys
pae                     Yes
debugoptionenabled      No

Windows Memory Tester
---------------------
identifier              {memdiag}
device                  partition=Y:
path                    \boot\memtest.exe
description             Windows Memory Diagnostic
locale                  en-US
inherit                 {globalsettings}
badmemoryaccess         Yes

EMS Settings
------------
identifier              {emssettings}
bootems                 Yes

Debugger Settings
-----------------
identifier              {dbgsettings}
debugtype               Serial
debugport               1
baudrate                115200

RAM Defects
-----------
identifier              {badmemory}

Global Settings
---------------
identifier              {globalsettings}
inherit                 {dbgsettings}
                        {emssettings}
                        {badmemory}

Boot Loader Settings
--------------------
identifier              {bootloadersettings}
inherit                 {globalsettings}
                        {hypervisorsettings}

Hypervisor Settings
-------------------
identifier              {hypervisorsettings}
hypervisordebugtype     Serial
hypervisordebugport     1
hypervisorbaudrate      115200

Resume Loader Settings
----------------------
identifier              {resumeloadersettings}
inherit                 {globalsettings}

Device options
--------------
identifier              {ec580794-9608-11df-bcf3-b8ac6fbd68b1}
description             Ramdisk Options
ramdisksdidevice        partition=Y:
ramdisksdipath          \Recovery\WindowsRE\boot.sdi


==================== Memory info ===========================

Percentage of memory in use: 15%
Total physical RAM: 3036.8 MB
Available physical RAM: 2558.9 MB
Total Pagefile: 3035.08 MB
Available Pagefile: 2553.91 MB
Total Virtual: 2047.88 MB
Available Virtual: 1940.26 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:288.46 GB) (Free:232.84 GB) NTFS
Drive f: (USB DISK) (Removable) (Total:14.73 GB) (Free:0.89 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (RECOVERY) (Fixed) (Total:9.59 GB) (Free:5.37 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: 48E2F468)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=10 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=288 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 15 GB) (Disk ID: C3072E18)

Partition: GPT Partition Type.


LastRegBack: 2014-06-02 10:44

==================== End Of Log ============================



#7 Netghost56

Netghost56
  • Topic Starter

  • Members
  • 973 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Texas
  • Local time:06:51 AM

Posted 11 June 2014 - 12:22 PM

Well I replaced the rpcss.dll file from the one in the Recovery drive and was able to boot to the desktop (albeit VERY slowly).

 

I dealt with this virus back in January but it was doing different things then. I'm thinking that the systems coming in now have already cleaned off the patched virus, but with the aftereffects (black screen) still lingering.

 

Looks like I got this one cornered, for the moment :thumbup2:






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users