Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

H-E-L-P!!! Win 7 Completely Broken after using Combfix


  • This topic is locked This topic is locked
26 replies to this topic

#1 kojam

kojam

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 18 July 2014 - 10:42 PM

Quickly,

 

Machine: Lenovo B-series Laptop

Processor: Intel Core i-3 (pretty snappy)

Operating System: Some flavour of Win 7 (I say that only because i got a disc from a co-worker that was called Windows 7 48-in-1 CD. None of us knows what that means!  I believe that I chose Win 7 Ultimate when installing along time ago.)

 

Problem: Got some crazy pop-ups bugging the crap out of me...ran Spybot, AVG Free to clean.  Malwarebytes stopped working for me a long time ago.  Re-intalled it many times but just will not do anything...then tried another adware program from this site (starts with "Aw", or something like that) that found 2 things and removed them but the pop-ups did not go away.

 

Not much time on my hands, I came across COMBOFIX (have since come to see all the probs that it has caused people over the years. See all the warnings now that you should't use it unless told to do so by a professional 'cleaner' dude, and even then, he/she will tell you exactly how to use it.)

 

Disabled Spybot and AVG since Combofix was warning to do so.  It said it was making a restore point then did it's thing...

Come home from work only to find that every single icon on my desktop is gone. Computer looks scary. Too stark...Something is afoot!

Click on start menu and EVERYTHING is G-O-N-E, save for one or 2 icons. Click on them and get error that they don't exist.

Go into explorer and NOTHING is there!!! ALL MY STUFF IS G-O-N-E!!! My downloads, my kids pictures, my documents....G-O-N-E!!!

WTF?!

 

Remembered that it made a restore point before so go to system restore...then decide maybe things will be better after a reboot.

BAAAAAAAAAAAAAAAAD MISTAKE!!!!

 

Upon reboot, get an error that looks bad!  NO WINDOWS!  Prompted to insert original disk, run the repair tool, and hope that it works...

Find my disc, boot from it, disc says that the version of Windows is incompatible with the disc so cannot repair.  OMG!!!

No way to access the Ultimate I had chosen when installing.  So got a copy of a regular win 7 disc from a co-worker...same error.  OMG!!!

 

Ask my Windows Admin friend at work...confident that he can fix....is stumped, but didn't time, so left me with it...says that i need to have the exact Win 7 install disc as the version of Win 7 that's installed in order to do the repair....I HAVE NO IDEA WHICH VERSION OF WIN 7 I HAVE (but think it's Ultimate)

 

Was hoping to find a quick, smart and clean bootable tool that could somehow detect my restore and restore it for...

 

Can anyone please HELP me?!

Work has me SUPER busy 7/24, so I may not respond for a few days, however, i REALLY need to fix this.  Your patience is greatly appreciated.

 

Thanks!



BC AdBot (Login to Remove)

 


m

#2 kojam

kojam
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 19 July 2014 - 08:05 AM

Did I forget to turn on my internet?
Nobody? Feel so alone.......

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:09:37 AM

Posted 19 July 2014 - 04:46 PM

This is one of the reasons why we recommend not to use ComboFix on your own.

As a general policy, Bleeping Computer does not offer advice on how to run ComboFix unless we asked someone to run it or if there is a problem with the computer caused by running the tool. We recommend that people should not be using ComboFix without being advised to do so by a trained expert who is assisting them deal with a malware problem. When issues arise due to complex malware infections, problems running ComboFix (i.e. stalling, hanging, crashing) or with other security tools causing conflicts, experts are usually aware of them and can advise what should or should not be done while providing individual assistance. Those attempting to use ComboFix on their own do not have such information and are at risk when running the tool in an unsupervised environment.

While our policy is not to offer advice on running ComboFix unless we asked someone to run it, we are willing to assist with resolving problems caused after using it and we are certainly willing to help with malware disinfection.

Since your computer does not appear bootable I will have to check with someone on the staff who specializes with these types of issues in order to provide the assistance you need. As such, this may result in a delay before someone is able to reply with specific instructions.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,822 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:37 AM

Posted 19 July 2014 - 06:30 PM

:welcome:
 
Lets give it a try.
 
Please download Farbar Recovery Scan Tool and save it to a flash drive.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
 
Plug the flash drive into the infected PC.

  • If you are using Windows 8 consult How to use the Windows 8 System Recovery Environment Command Prompt to enter System Recovery Command prompt.
     
    If you are using Vista or Windows 7 enter System Recovery Options.
     
    To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.
  • Note: In case you can not enter System Recovery Options by using F8 method, you can use Windows installation disc, or make a repair disc. Any Windows installation disc or a repair disc made on another computer can be used.
    To make a repair disk on Windows 7 consult: http://www.sevenforums.com/tutorials/2083-system-repair-disc-create.html

     
     
    To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.
  • On the System Recovery Options menu you will get the following options:
  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt
     
    Once in the Command Prompt:
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#5 kojam

kojam
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 20 July 2014 - 08:57 AM

Hi guys,

 

Thanks for your help...

I will do my best to get this done tonight (after my twins and wife go to bed - hopefully I don't crash too..LOL)

 

JSntgRvr, i came across this whole procedure last week in my desperate searches but it didn't work.  Cannot recall why not. I will re-do, making sure to follow verbatim.

Will get back to you with the results.

 

Have a great day guys!



#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,822 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:37 AM

Posted 20 July 2014 - 10:42 AM

:thumbup2:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 kojam

kojam
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 20 July 2014 - 10:28 PM

I got the info..it wasn't easy.  Same thing was happening that happened...NONE OF THESE WERE WORKING FOR ME....

 

Found an alternate way to get this to work.  Don't ask me how. I probably couldn't do it again!  LOL

I've attached the error I got when trying to run the 1st bunch of instructions to repair...

 

I couldn't use the disk (you'll see the error attached)...

Was about to follow the instructions to make the Win 7 recovery disc but found it by accident using my win 7 disc.

 

Took a preliminary look at the error log and see that I have Win 7 Home Ultimate...it's 64-bit but there's a message that because of the hardware (or something like that) it's not blah blah blah....forgot the context already! LOL

 

As well, it seems that my O/S, which has ALWAYS been on drive-C, is now on drive-E.  What-the-what?!?!?! Did ComboFix do that?!

This explains why Windows cannot be found.

 

Here's the log and some other stuff.

 

Thanks all!

 

Just found out I cannot attach. Is that right? No attachements allowed?

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:20-07-2014
Ran by SYSTEM on MININT-M2FH9ES on 20-07-2014 22:22:14
Running from g:\
Platform: Windows 7 Home Premium (X86) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

ATTENTION!:=====> THE OPERATING SYSTEM IS A X64 SYSTEM BUT THE BOOT DISK THAT IS USED TO BOOT TO RECOVERY ENVIRONMENT IS A X86 SYSTEM DISK.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\HY\...\Run: [MobiLink Lite] => C:\Program Files (x86)\Novatel Wireless\MobiLink\Lite.exe
HKU\HY\...\Run: [Spybot-S&D Cleaning] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
HKU\HY\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\HY\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=64476 (the data entry has 82 more characters).
HKU\HY\...\Run: [GoogleChromeAutoLaunch_1025A09259B952A8C648D1C54233B2A7] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\HY\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\HY\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
ShellIconOverlayIdentifiers: GDriveBlacklistedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedEditOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSharedViewOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncedOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: GDriveSyncingOverlay -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll (Google)
ShellIconOverlayIdentifiers: VeriFace Enc -> {771C7324-DA80-49D3-8017-753B0AF60951} => C:\windows\system32\IcnOvrly.dll ()
BootExecute: autocheck autochk * sdnclean64.exe

========================== Services (Whitelisted) =================

S2 AdobeARMservice; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432 2013-12-20] (Adobe Systems Incorporated)
S2 Apple Mobile Device; C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [55624 2013-09-07] (Apple Inc.)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 BackupMaint; C:\Program Files (x86)\LogMeIn Backup\BackupMaint.exe [140688 2011-08-29] (LogMeIn, Inc.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S4 clr_optimization_v2.0.50727_64; C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe [89920 2009-06-10] (Microsoft Corporation)
S2 cvhsvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [822504 2013-04-22] (Microsoft Corporation)
S2 D-Link SharePort Helper; C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe [49152 2012-09-23] ()
S2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [11776 2010-07-05] ()
S2 EgisTec Service; C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe [703856 2010-12-13] (Egis Technology Inc. )
S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S2 EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [650096 2010-12-13] (Egis Technology Inc. )
S3 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-20] (Microsoft Corporation)
S3 idsvc; C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe [856400 2010-11-20] (Microsoft Corporation)
S2 LMIBackupVSSService.exe; C:\Program Files (x86)\LogMeIn Backup\LMIBackupVSSServiceX64.exe [685456 2011-08-29] (LogMeIn, Inc.)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-06] (LogMeIn, Inc.)
S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-06] (LogMeIn, Inc.)
S2 LMS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [325656 2010-12-20] (Intel Corporation)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)
S2 LogMeInBackupService.exe; C:\Program Files (x86)\LogMeIn Backup\LogmeInBackupService.exe [1787280 2011-08-29] (LogMeIn, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155856 2014-06-26] (McAfee, Inc.)
S2 MSCamSvc; C:\Program Files\Microsoft LifeCam\MSCamS64.exe [199536 2010-05-20] (Microsoft Corporation)
S2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [71168 2011-03-15] (Palm)
S2 OrbMediaService; C:\Program Files (x86)\Orb Networks\Orb\bin\OrbMediaService.exe [36864 2012-09-27] (Orb Networks)
S3 PerfHost; C:\Windows\SysWow64\perfhost.exe [20992 2009-07-13] (Microsoft Corporation)
S2 Samsung Network Fax Server; C:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [239616 2012-08-06] (Samsung Electronics Co., Ltd.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S2 sftlist; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523944 2013-06-26] (Microsoft Corporation)
S3 sftvsa; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207528 2013-06-26] (Microsoft Corporation)
S2 TeamViewer9; C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [4915040 2014-02-17] (TeamViewer GmbH)
S2 TomTomHOMEService; C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-07-02] (TomTom)
S2 UNS; C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280 2010-12-20] (Intel Corporation)
S2 vpnagent; C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [558480 2013-10-10] (Cisco Systems, Inc.)
S3 91MobileDevice; C:\Program Files (x86)\NetDragon\91Mobile\91MobileDeviceService.exe [X]
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [X]
S3 Blackberry Device Manager; "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe" [X]
S2 clr_optimization_v4.0.30319_32; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [X]
S2 EyelineService; "C:\Program Files (x86)\NCH Software\Eyeline\eyeline.exe" -service [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S2 hola_svc; "C:\Program Files\Hola\app\hola_svc.exe" --service [X]
S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X]
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S2 LxrSII1s; C:\windows\system32\LxrSII1s.exe [X]
S3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S4 NetMsmqActivator; "C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X]
S4 NetPipeActivator; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpActivator; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpPortSharing; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [X]
S3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [X]
S2 SDUpdateService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
S4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [X]
S3 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [X]

==================== Drivers (Whitelisted) ====================

S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] (Microsoft Corporation)
S3 Point64; C:\Windows\System32\DRIVERS\point64.sys [50856 2012-11-02] (Microsoft Corporation)
S3 1394ohci; \SystemRoot\system32\drivers\1394ohci.sys [X]
S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [X]
S3 ACPIVPC; system32\DRIVERS\AcpiVpc.sys [X]
S3 acsock; system32\DRIVERS\acsock64.sys [X]
S3 adp94xx; \SystemRoot\system32\drivers\adp94xx.sys [X]
S3 adpahci; \SystemRoot\system32\drivers\adpahci.sys [X]
S3 adpu320; \SystemRoot\system32\drivers\adpu320.sys [X]
S3 agp440; \SystemRoot\system32\drivers\agp440.sys [X]
S3 aliide; \SystemRoot\system32\drivers\aliide.sys [X]
S3 amdide; \SystemRoot\system32\drivers\amdide.sys [X]
S3 AmdK8; \SystemRoot\system32\drivers\amdk8.sys [X]
S3 AmdPPM; \SystemRoot\system32\drivers\amdppm.sys [X]
S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [X]
S3 amdsbs; \SystemRoot\system32\drivers\amdsbs.sys [X]
S0 amdxata; system32\drivers\amdxata.sys [X]
S3 androidusb; System32\Drivers\androidusb.sys [X]
S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S3 arc; \SystemRoot\system32\drivers\arc.sys [X]
S3 arcsas; \SystemRoot\system32\drivers\arcsas.sys [X]
S1 avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [X]
S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X]
S3 b57nd60a; system32\DRIVERS\b57nd60a.sys [X]
S3 BCM43XX; system32\DRIVERS\bcmwl664.sys [X]
S3 BcmSqlStartupSvc;
S1 blbdrive; system32\DRIVERS\blbdrive.sys [X]
S1 BPntDrv; system32\drivers\BPntDrv.sys [X]
S3 BrFiltLo; \SystemRoot\system32\drivers\BrFiltLo.sys [X]
S3 BrFiltUp; \SystemRoot\system32\drivers\BrFiltUp.sys [X]
S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [X]
S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [X]
S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [X]
S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [X]
S3 BTHMODEM; \SystemRoot\system32\drivers\bthmodem.sys [X]
S3 BthPan; system32\DRIVERS\bthpan.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 circlass; \SystemRoot\system32\drivers\circlass.sys [X]
S2 CLKMSVC10_3A60B698;
S2 CLKMSVC10_C3B3B687;
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 cmdide; \SystemRoot\system32\drivers\cmdide.sys [X]
S3 cpuz136; \??\C:\Users\HY\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S4 crcdisk; \SystemRoot\system32\drivers\crcdisk.sys [X]
S3 dc3d; system32\DRIVERS\dc3d.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S2 Dokan; \??\C:\windows\system32\drivers\dokan.sys [X]
S2 DriverService;
S3 ebdrv; \SystemRoot\system32\drivers\evbda.sys [X]
S1 EgisTecFF; system32\DRIVERS\EgisTecFF.sys [X]
S3 elxstor; \SystemRoot\system32\drivers\elxstor.sys [X]
S3 ErrDev; \SystemRoot\system32\drivers\errdev.sys [X]
S0 fbfmon; system32\drivers\fbfmon.sys [X]
S3 fdc; \SystemRoot\system32\drivers\fdc.sys [X]
S3 flpydisk; \SystemRoot\system32\drivers\flpydisk.sys [X]
S2 FPSensor; System32\Drivers\FPSensor.sys [X]
S3 gagp30kx; \SystemRoot\system32\drivers\gagp30kx.sys [X]
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X]
S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [X]
S3 HidBatt; \SystemRoot\system32\drivers\HidBatt.sys [X]
S3 HidBth; \SystemRoot\system32\drivers\hidbth.sys [X]
S3 HidIr; \SystemRoot\system32\drivers\hidir.sys [X]
S3 HpSAMD; \SystemRoot\system32\drivers\HpSAMD.sys [X]
S0 iaStor; system32\DRIVERS\iaStor.sys [X]
S2 IAStorDataMgrSvc;
S3 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [X]
S2 iATAgentService;
S2 idealife Update Service;
S3 igfx; system32\DRIVERS\igdkmd64.sys [X]
S3 IGRS;
S3 iirsp; \SystemRoot\system32\drivers\iirsp.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 IntcDAud; system32\DRIVERS\IntcDAud.sys [X]
S3 intelide; \SystemRoot\system32\drivers\intelide.sys [X]
S3 IPMIDRV; \SystemRoot\system32\drivers\IPMIDrv.sys [X]
S3 isapnp; \SystemRoot\system32\drivers\isapnp.sys [X]
S2 IviRegMgr;
S0 LHDmgr; System32\DRIVERS\LhdX64.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S4 LMIRfsClientNP; No ImagePath
S2 LMIRfsDriver; \??\C:\windows\system32\drivers\LMIRfsDriver.sys [X]
S3 LSI_FC; \SystemRoot\system32\drivers\lsi_fc.sys [X]
S3 LSI_SAS; \SystemRoot\system32\drivers\lsi_sas.sys [X]
S3 LSI_SAS2; \SystemRoot\system32\drivers\lsi_sas2.sys [X]
S3 LSI_SCSI; \SystemRoot\system32\drivers\lsi_scsi.sys [X]
S2 LxrSII1d; \??\C:\windows\System32\Drivers\LxrSII1d.sys [X]
S3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MBAMWebAccessControl; \??\C:\windows\system32\drivers\mwac.sys [X]
S3 megasas; \SystemRoot\system32\drivers\megasas.sys [X]
S3 MegaSR; \SystemRoot\system32\drivers\MegaSR.sys [X]
S3 MEIx64; system32\DRIVERS\HECIx64.sys [X]
S3 mpio; \SystemRoot\system32\drivers\mpio.sys [X]
S0 msahci; system32\drivers\msahci.sys [X]
S3 msdsm; \SystemRoot\system32\drivers\msdsm.sys [X]
S3 MSHUSBVideo; System32\Drivers\nx6000.sys [X]
S3 MTConfig; \SystemRoot\system32\drivers\MTConfig.sys [X]
S1 mwlPSDFilter; system32\DRIVERS\mwlPSDFilter.sys [X]
S1 mwlPSDNServ; system32\DRIVERS\mwlPSDNServ.sys [X]
S1 mwlPSDVDisk; system32\DRIVERS\mwlPSDVDisk.sys [X]
S3 nfrd960; \SystemRoot\system32\drivers\nfrd960.sys [X]
S3 NuidFltr; system32\DRIVERS\NuidFltr.sys [X]
S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [X]
S3 nvstor; \SystemRoot\system32\drivers\nvstor.sys [X]
S2 nvUpdatusService;
S3 nv_agp; \SystemRoot\system32\drivers\nv_agp.sys [X]
S3 NWUSBModem; system32\DRIVERS\nwusbmdm.sys [X]
S3 NWUSBPort; system32\DRIVERS\nwusbser.sys [X]
S3 NWUSBPort2; system32\DRIVERS\nwusbser2.sys [X]
S2 Oasis2Service;
S3 ohci1394; \SystemRoot\system32\drivers\ohci1394.sys [X]
S3 Parport; \SystemRoot\system32\drivers\parport.sys [X]
S2 PCCarerService;
S3 pcmcia; \SystemRoot\system32\drivers\pcmcia.sys [X]
S3 Processor; \SystemRoot\system32\drivers\processr.sys [X]
S3 psadd; system32\DRIVERS\psadd.sys [X]
S3 pwdrvio; \??\C:\windows\system32\pwdrvio.sys [X]
S3 pwdspio; \??\C:\windows\system32\pwdspio.sys [X]
S3 ql2300; \SystemRoot\system32\drivers\ql2300.sys [X]
S3 ql40xx; \SystemRoot\system32\drivers\ql40xx.sys [X]
S3 rdpbus; \SystemRoot\system32\drivers\rdpbus.sys [X]
S2 ReadyComm.DirectRouter;
S3 RFCOMM; system32\DRIVERS\rfcomm.sys [X]
S2 RichVideo;
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 RimVSerPort; system32\DRIVERS\RimSerial_AMD64.sys [X]
S3 RSUSBVSTOR; System32\Drivers\RtsUVStor.sys [X]
S3 RTL8167; system32\DRIVERS\Rt64win7.sys [X]
S2 RtLedService;
S3 S6000KNT; System32\Drivers\S6000KNT.sys [X]
S3 sbp2port; \SystemRoot\system32\drivers\sbp2port.sys [X]
S2 SeaPort;
S2 secdrv; No ImagePath
S3 Serenum; \SystemRoot\system32\drivers\serenum.sys [X]
S3 Serial; \SystemRoot\system32\drivers\serial.sys [X]
S3 sffdisk; \SystemRoot\system32\drivers\sffdisk.sys [X]
S3 sffp_mmc; \SystemRoot\system32\drivers\sffp_mmc.sys [X]
S3 sffp_sd; \SystemRoot\system32\drivers\sffp_sd.sys [X]
S3 sfloppy; \SystemRoot\system32\drivers\sfloppy.sys [X]
S3 Sftfs; system32\DRIVERS\Sftfslh.sys [X]
S3 Sftplay; system32\DRIVERS\Sftplaylh.sys [X]
S3 Sftredir; system32\DRIVERS\Sftredirlh.sys [X]
S3 Sftvol; system32\DRIVERS\Sftvollh.sys [X]
S3 SiSRaid2; \SystemRoot\system32\drivers\SiSRaid2.sys [X]
S3 SiSRaid4; \SystemRoot\system32\drivers\sisraid4.sys [X]
S2 SoftwareService;
S3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]
S3 SQLWriter;
S2 SSPORT; \??\C:\windows\system32\Drivers\SSPORT.sys [X]
S3 ssudeadb; System32\Drivers\ssudeadb.sys [X]
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]
S2 Stereo Service;
S3 stexstor; \SystemRoot\system32\drivers\stexstor.sys [X]
S3 swenum; system32\DRIVERS\swenum.sys [X]
S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]
S3 SynTP; system32\DRIVERS\SynTP.sys [X]
S3 tap0901; system32\DRIVERS\tap0901.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 TsUsbGD; \SystemRoot\system32\drivers\TsUsbGD.sys [X]
S3 uagp35; \SystemRoot\system32\drivers\uagp35.sys [X]
S3 uliagpkx; \SystemRoot\system32\drivers\uliagpkx.sys [X]
S3 UmPass; \SystemRoot\system32\drivers\umpass.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
S3 usbcir; \SystemRoot\system32\drivers\usbcir.sys [X]
S3 usbscan; \SystemRoot\system32\drivers\usbscan.sys [X]
S3 vhdmp; \SystemRoot\system32\drivers\vhdmp.sys [X]
S3 viaide; \SystemRoot\system32\drivers\viaide.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64-6.sys [X]
S3 vsmraid; \SystemRoot\system32\drivers\vsmraid.sys [X]
S3 WacomPen; \SystemRoot\system32\drivers\wacompen.sys [X]
S3 Wd; \SystemRoot\system32\drivers\wd.sys [X]
S3 wsvd; system32\DRIVERS\wsvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-07-20 22:21 - 2014-07-20 22:22 - 00000000 ____D () C:\FRST
2014-07-16 04:43 - 2014-07-16 14:03 - 00000000 ____D () C:\LogMeIn Backup Storage
2014-07-15 17:29 - 2014-07-16 04:43 - 00000000 ____D () C:\ComboFix
2014-07-08 19:12 - 2014-06-29 18:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-07-08 19:12 - 2014-06-29 18:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-07-08 19:12 - 2014-06-18 18:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-08 19:12 - 2014-06-18 18:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-07-08 19:12 - 2014-06-18 18:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-08 19:12 - 2014-06-18 18:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-07-08 19:12 - 2014-06-18 18:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-07-08 19:12 - 2014-06-18 16:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-07-08 19:12 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe
2014-07-08 19:12 - 2014-06-17 17:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-07-08 19:12 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-07-08 19:12 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-07-08 19:11 - 2014-06-18 18:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-08 19:11 - 2014-06-18 18:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-08 19:11 - 2014-06-18 18:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-08 19:11 - 2014-06-18 18:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2014-07-08 19:11 - 2014-06-18 18:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-07-08 19:11 - 2014-06-18 18:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-08 19:11 - 2014-06-18 15:37 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2014-07-08 19:11 - 2014-06-05 06:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-07-08 19:11 - 2014-05-30 00:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-07-08 19:11 - 2014-05-30 00:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-07-08 19:11 - 2014-05-30 00:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-07-08 19:11 - 2014-05-30 00:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-07-08 19:11 - 2014-05-30 00:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-07-08 19:11 - 2014-05-30 00:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-07-08 19:11 - 2014-05-30 00:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll

==================== One Month Modified Files and Folders =======

2014-07-20 22:22 - 2014-07-20 22:21 - 00000000 ____D () C:\FRST
2014-07-16 14:03 - 2014-07-16 04:43 - 00000000 ____D () C:\LogMeIn Backup Storage
2014-07-16 14:03 - 2012-02-25 12:43 - 01556339 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 05:41 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\LogFiles
2014-07-16 05:06 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\twain_32
2014-07-16 05:06 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64
2014-07-16 05:06 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\winevt
2014-07-16 05:05 - 2011-02-22 03:42 - 00000000 ____D () C:\Windows\ShellNew
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ___SD () C:\Windows\Media
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\spool
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\SMI
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\MUI
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Msdtc
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\com
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Resources
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PLA
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Help
2014-07-16 04:59 - 2013-04-12 12:49 - 00000000 ____D () C:\users\TEMP.HY-PC.734
2014-07-16 04:57 - 2012-09-10 15:44 - 00000000 ____D () C:\users\HY
2014-07-16 04:53 - 2013-03-31 16:12 - 00000000 ____D () C:\Users\HY\AppData\Roaming\ProcessLasso
2014-07-16 04:49 - 2013-04-13 02:36 - 00000000 ____D () C:\users\fbwuser.HY-PC.977
2014-07-16 04:47 - 2013-04-11 20:45 - 00000000 ____D () C:\users\fbwuser.HY-PC.241
2014-07-16 04:47 - 2013-04-11 20:10 - 00000000 ____D () C:\users\fbwuser.HY-PC.238
2014-07-16 04:47 - 2013-04-11 18:06 - 00000000 ____D () C:\users\fbwuser.HY-PC.230
2014-07-16 04:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files (x86)
2014-07-16 04:43 - 2014-07-15 17:29 - 00000000 ____D () C:\ComboFix
2014-07-16 04:43 - 2013-03-31 16:12 - 00000000 ____D () C:\Program Files\Process Lasso
2014-07-16 04:43 - 2012-12-03 18:53 - 00000000 ____D () C:\Program Files\Palm, Inc
2014-07-16 04:43 - 2012-09-12 19:59 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-16 04:43 - 2012-09-12 18:13 - 00000000 ____D () C:\Program Files\Microsoft LifeCam
2014-07-16 04:43 - 2012-02-25 13:20 - 00000000 ____D () C:\Program Files\Lenovo
2014-07-16 04:43 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-07-16 04:43 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-07-16 04:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-09 14:46 - 2014-05-06 23:03 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-07-09 14:46 - 2011-02-22 03:42 - 00000000 ____D () C:\Program Files\Windows Journal
2014-06-29 18:09 - 2014-07-08 19:12 - 00519168 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-06-29 18:04 - 2014-07-08 19:12 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll

==================== Known DLLs (Whitelisted) ============

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2012-02-25 20:37] - [2012-02-25 20:37] - 2871808 ____A (Microsoft Corporation) 332FEAB1435662FC6C672E25BEB37BE3

C:\Windows\System32\winlogon.exe
[2014-05-14 12:03] - [2014-03-04 01:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C

C:\Windows\System32\wininit.exe
[2009-07-13 15:52] - [2009-07-13 17:39] - 0129024 ____A (Microsoft Corporation) 94355C28C1970635A31B3FE52EB7CEBA

C:\Windows\System32\svchost.exe
[2009-07-13 15:31] - [2009-07-13 17:39] - 0027136 ____A (Microsoft Corporation) C78655BC80301D76ED4FEF1C1EA40A7D

C:\Windows\System32\services.exe
[2009-07-13 15:19] - [2009-07-13 17:39] - 0328704 ____A (Microsoft Corporation) 24ACB7E5BE595468E3B9AA488B9B4FCB

C:\Windows\System32\User32.dll
[2010-11-20 19:24] - [2010-11-20 19:24] - 1008128 ____A (Microsoft Corporation) FE70103391A64039A921DBFFF9C7AB1B

C:\Windows\System32\userinit.exe
[2010-11-20 19:24] - [2010-11-20 19:24] - 0030720 ____A (Microsoft Corporation) BAFE84E637BF7388C96EF48D4D3FDD53

C:\Windows\System32\rpcss.dll
[2010-11-20 19:24] - [2010-11-20 19:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys
[2010-11-20 19:23] - [2010-11-20 19:23] - 0295808 ____A (Microsoft Corporation) 0D08D2F3B3FF84E433346669B5E0F639

C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== Restore Points  =========================

Restore point made on: 2014-07-16 05:48:18

==================== Memory info ===========================

Percentage of memory in use: 7%
Total physical RAM: 8106.14 MB
Available physical RAM: 7506.77 MB
Total Pagefile: 8104.42 MB
Available Pagefile: 7521.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1947.36 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:390.26 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:12 GB) NTFS
Drive f: (CD_ROM) (CDROM) (Total:3.48 GB) (Free:0 GB) CDFS
Drive g: (MULTIBOOT) (Removable) (Total:0.48 GB) (Free:0.41 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D120BA36)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

========================================================
Disk: 1 (Size: 489 MB) (Disk ID: 20AC7DDA)
No partition Table on disk 1.

LastRegBack: 2014-07-09 15:19

==================== End Of Log ============================



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,822 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:37 AM

Posted 21 July 2014 - 04:43 AM

I am sorry, but you must use FRST64, as your system is 64 bit. I believe the boot disk is 32.bit
 
Perhaps you friend has a Windows 7 64 bit computer. You may produce a Recovery CD in that computer as follows:
 
Create a Windows 7 System Repair Disc
 
Note: the below can only be done if your machine has a a type of CD/R or DVD/R optical drive installed. Also depending on the exact type of OEM your machine has you may be unable to actually create a SRD.

  • Click on Start(Windows 7 Orb) >> Run...(or the Windows key and R together) to bring up the Run box, then copy/paste the following command into the box and click on OK:
     

    recdisc.exe

  • Allow the UAC(User Account Control) prompt via selecting Yes.
  • You should now see a menu like the below:-

WTSRD1.gif

  • Put a blank rewritable  CD/DVD in your optical(CD/DVD) drive and then click on Create disc.
  • Note: If a AutoPlay window pops up, just close it.
  • When the SRD has been created you will see the below:-

WTSRD2.gif

  • Now click on Close >> OK. Leave the disc in the drive as we will be using it shortly.
  • You now have a Windows 7 System Repair Disc.

Boot the ailing computer with that CD and use FRST64,


Edited by JSntgRvr, 21 July 2014 - 04:58 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#9 kojam

kojam
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 21 July 2014 - 04:59 AM

Exactly.

I used it 1st because I knew it's a 64-bit system, however, I got an error stating that even though it is a 64-bit system, the hardware...(cannot remember the rest)...and then was instructed to use the 32-bit version.  The 64-bit version wouldn't run because of the error message.

 

Hope this helps

 

Thanks..



#10 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,822 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:37 AM

Posted 21 July 2014 - 05:02 AM

It is due to the boot disk. Try to create a 64 bit CD.


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#11 kojam

kojam
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 21 July 2014 - 05:40 AM

It is due to the boot disk. Try to create a 64 bit CD.

 

So sorry. When I read your message my browser only showed 2 lines about wherein you stated that i must use 64-bit because mine is a 64-bit system...

Good thing i re-read on my tablet.  That's when I saw your further instructions.

 

I'm temporarily using LIVE CD's to be able to use my laptop (God Bless LIVE CD's!!!)

 

Will try to find some one with 64-bit to make me a CD.

 

will post the results.  Please be patient with me....the work week is beginning...it's ALWAYS killer for me to try to find even a scintilla of time to do anything.

 

Cheers!



#12 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,822 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:37 AM

Posted 21 July 2014 - 09:20 AM

:thumbup2:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#13 kojam

kojam
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 26 July 2014 - 08:33 AM

Been a hell of a week....
My desktop support at work took a long time to get me the right disc.
Will do it tonight when the family nods off.

Thanks.

#14 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 10,822 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:10:37 AM

Posted 26 July 2014 - 10:05 AM

:thumbup2:


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#15 kojam

kojam
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:09:37 AM

Posted 29 July 2014 - 07:12 PM

OMG!  I CANNOT BELIEVE ALL THAT ENDURED TO GET THIS!!! Y'ALL WOULDN'T BELIEVE IF I TOLD YA!

To top it all off...every single version that I tried was incompatible!  Downloaded several, but still no luck. Finally realized, I needed Win 7, no service pack, no updates, nothing! 

Already got in trouble from my ISP 2 years ago because someone visiting illegally downloaded a movie from a torrent site.  Risked it to download Windows now...and expect to get more trouble, because everything that could go wrong during this whole ordeal, has gone wrong!

 

Finally got it though.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by SYSTEM on MININT-6PUDQ1J on 29-07-2014 20:04:22
Running from H:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\windows\system32\igfxtray.exe
HKLM\...\Run: [HotKeysCmds] => C:\windows\system32\hkcmd.exe
HKLM\...\Run: [Persistence] => C:\windows\system32\igfxpers.exe
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
HKLM\...\Run: [SynTPEnh] => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe
HKLM\...\Run: [Lenovo EE Boot Optimizer] => C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe
HKLM\...\Run: [IntelliType Pro] => "c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"
HKLM\...\Run: [IntelliPoint] => "c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe"
HKLM\...\Run: [LogMeIn GUI] => "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
HKLM-x32\...\Run: [EgisTecPMMUpdate] => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
HKLM-x32\...\Run: [EgisUpdate] => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
HKLM-x32\...\Run: [SDTray] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5179408 2014-06-17] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Adobe ARM] => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Winlogon\Notify\igfxcui: igfxdev.dll [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\HY\...\Run: [MobiLink Lite] => C:\Program Files (x86)\Novatel Wireless\MobiLink\Lite.exe
HKU\HY\...\Run: [Spybot-S&D Cleaning] => "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
HKU\HY\...\Run: [AVG-Secure-Search-Update_0214c] => C:\Users\HY\AppData\Roaming\AVG 0214c Campaign\AVG-Secure-Search-Update-0214c.exe /PROMPT /mid=64476 (the data entry has 82 more characters).
HKU\HY\...\Run: [GoogleChromeAutoLaunch_1025A09259B952A8C648D1C54233B2A7] => "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\HY\...\Run: [swg] => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
HKU\HY\...\Run: [GoogleDriveSync] => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
BootExecute: autocheck autochk * sdnclean64.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3241488 2014-06-27] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-06-17] (AVG Technologies CZ, s.r.o.)
S2 BackupMaint; C:\Program Files (x86)\LogMeIn Backup\BackupMaint.exe [140688 2011-08-29] (LogMeIn, Inc.)
S2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
S2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
S2 D-Link SharePort Helper; C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe [49152 2012-09-23] ()
S2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [11776 2010-07-05] ()
S2 EgisTec Service Help; C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe [327024 2010-10-22] (Egis Technology Inc. )
S2 LMIBackupVSSService.exe; C:\Program Files (x86)\LogMeIn Backup\LMIBackupVSSServiceX64.exe [685456 2011-08-29] (LogMeIn, Inc.)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [376144 2014-06-06] (LogMeIn, Inc.)
S2 LMIMaint; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [226640 2014-06-06] (LogMeIn, Inc.)
S2 LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [407424 2012-11-29] (LogMeIn, Inc.)
S2 LogMeInBackupService.exe; C:\Program Files (x86)\LogMeIn Backup\LogmeInBackupService.exe [1787280 2011-08-29] (LogMeIn, Inc.)
S2 LxrSII1s; C:\windows\SysWOW64\LxrSII1s.exe [65536 2009-12-30] (Lexar Media, Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [155856 2014-06-26] (McAfee, Inc.)
S2 NovacomD; C:\Program Files\Palm, Inc\novacomd\amd64\novacomd.exe [71168 2011-03-15] (Palm)
S2 OrbMediaService; C:\Program Files (x86)\Orb Networks\Orb\bin\OrbMediaService.exe [36864 2012-09-27] (Orb Networks)
S2 Samsung Network Fax Server; C:\windows\system32\spool\drivers\x64\3\NetFaxServer64.exe [239616 2012-08-06] (Samsung Electronics Co., Ltd.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1817560 2013-05-16] (Safer-Networking Ltd.)
S2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2013-05-15] (Safer-Networking Ltd.)
S3 91MobileDevice; C:\Program Files (x86)\NetDragon\91Mobile\91MobileDeviceService.exe [X]
S3 AdobeFlashPlayerUpdateSvc; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [X]
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [X]
S3 Blackberry Device Manager; "C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe" [X]
S2 clr_optimization_v4.0.30319_32; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [X]
S2 clr_optimization_v4.0.30319_64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [X]
S2 EyelineService; "C:\Program Files (x86)\NCH Software\Eyeline\eyeline.exe" -service [X]
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 gusvc; "C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
S2 hola_svc; "C:\Program Files\Hola\app\hola_svc.exe" --service [X]
S3 IDriverT; "C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe" [X]
S3 iPod Service; "C:\Program Files\iPod\bin\iPodService.exe" [X]
S3 Microsoft Office Groove Audit Service; "C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe" [X]
S3 MozillaMaintenance; "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe" [X]
S4 NetMsmqActivator; "C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe" -NetMsmqActivator [X]
S4 NetPipeActivator; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpActivator; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S4 NetTcpPortSharing; C:\windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [X]
S3 odserv; "C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" [X]
S3 ose; "C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE" [X]
S3 osppsvc; "C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE" [X]
S2 SDUpdateService; "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" [X]
S2 SkypeUpdate; "C:\Program Files (x86)\Skype\Updater\Updater.exe" [X]
S4 wlcrasvc; "C:\Program Files\Windows Live\Mesh\wlcrasvc.exe" [X]
S3 wlidsvc; "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [242968 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-06-17] (AVG Technologies CZ, s.r.o.)
S0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [269080 2014-06-17] (AVG Technologies CZ, s.r.o.)
S4 LMIRfsClientNP; No ImagePath
S2 secdrv; No ImagePath
S3 1394ohci; \SystemRoot\system32\drivers\1394ohci.sys [X]
S3 AcpiPmi; \SystemRoot\system32\drivers\acpipmi.sys [X]
S3 ACPIVPC; system32\DRIVERS\AcpiVpc.sys [X]
S3 acsock; system32\DRIVERS\acsock64.sys [X]
S3 adp94xx; \SystemRoot\system32\drivers\adp94xx.sys [X]
S3 adpahci; \SystemRoot\system32\drivers\adpahci.sys [X]
S3 adpu320; \SystemRoot\system32\drivers\adpu320.sys [X]
S3 agp440; \SystemRoot\system32\drivers\agp440.sys [X]
S3 aliide; \SystemRoot\system32\drivers\aliide.sys [X]
S3 amdide; \SystemRoot\system32\drivers\amdide.sys [X]
S3 AmdK8; \SystemRoot\system32\drivers\amdk8.sys [X]
S3 AmdPPM; \SystemRoot\system32\drivers\amdppm.sys [X]
S3 amdsata; \SystemRoot\system32\drivers\amdsata.sys [X]
S3 amdsbs; \SystemRoot\system32\drivers\amdsbs.sys [X]
S0 amdxata; system32\drivers\amdxata.sys [X]
S3 androidusb; System32\Drivers\androidusb.sys [X]
S3 arc; \SystemRoot\system32\drivers\arc.sys [X]
S3 arcsas; \SystemRoot\system32\drivers\arcsas.sys [X]
S1 avgtp; \??\C:\windows\system32\drivers\avgtpx64.sys [X]
S3 b06bdrv; \SystemRoot\system32\drivers\bxvbda.sys [X]
S3 b57nd60a; system32\DRIVERS\b57nd60a.sys [X]
S3 BCM43XX; system32\DRIVERS\bcmwl664.sys [X]
S3 BcmSqlStartupSvc;
S1 blbdrive; system32\DRIVERS\blbdrive.sys [X]
S1 BPntDrv; system32\drivers\BPntDrv.sys [X]
S3 BrFiltLo; \SystemRoot\system32\drivers\BrFiltLo.sys [X]
S3 BrFiltUp; \SystemRoot\system32\drivers\BrFiltUp.sys [X]
S3 Brserid; \SystemRoot\System32\Drivers\Brserid.sys [X]
S3 BrSerWdm; \SystemRoot\System32\Drivers\BrSerWdm.sys [X]
S3 BrUsbMdm; \SystemRoot\System32\Drivers\BrUsbMdm.sys [X]
S3 BrUsbSer; \SystemRoot\System32\Drivers\BrUsbSer.sys [X]
S3 BTHMODEM; \SystemRoot\system32\drivers\bthmodem.sys [X]
S3 BthPan; system32\DRIVERS\bthpan.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 circlass; \SystemRoot\system32\drivers\circlass.sys [X]
S2 CLKMSVC10_3A60B698;
S2 CLKMSVC10_C3B3B687;
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
S3 cmdide; \SystemRoot\system32\drivers\cmdide.sys [X]
S3 cpuz136; \??\C:\Users\HY\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S4 crcdisk; \SystemRoot\system32\drivers\crcdisk.sys [X]
S3 dc3d; system32\DRIVERS\dc3d.sys [X]
S3 dg_ssudbus; system32\DRIVERS\ssudbus.sys [X]
S2 Dokan; \??\C:\windows\system32\drivers\dokan.sys [X]
S2 DriverService;
S3 ebdrv; \SystemRoot\system32\drivers\evbda.sys [X]
S1 EgisTecFF; system32\DRIVERS\EgisTecFF.sys [X]
S3 elxstor; \SystemRoot\system32\drivers\elxstor.sys [X]
S3 ErrDev; \SystemRoot\system32\drivers\errdev.sys [X]
S0 fbfmon; system32\drivers\fbfmon.sys [X]
S3 fdc; \SystemRoot\system32\drivers\fdc.sys [X]
S3 flpydisk; \SystemRoot\system32\drivers\flpydisk.sys [X]
S2 FPSensor; System32\Drivers\FPSensor.sys [X]
S3 gagp30kx; \SystemRoot\system32\drivers\gagp30kx.sys [X]
S3 GEARAspiWDM; system32\DRIVERS\GEARAspiWDM.sys [X]
S3 hcw85cir; \SystemRoot\system32\drivers\hcw85cir.sys [X]
S3 HidBatt; \SystemRoot\system32\drivers\HidBatt.sys [X]
S3 HidBth; \SystemRoot\system32\drivers\hidbth.sys [X]
S3 HidIr; \SystemRoot\system32\drivers\hidir.sys [X]
S3 HpSAMD; \SystemRoot\system32\drivers\HpSAMD.sys [X]
S0 iaStor; system32\DRIVERS\iaStor.sys [X]
S2 IAStorDataMgrSvc;
S3 iaStorV; \SystemRoot\system32\drivers\iaStorV.sys [X]
S2 iATAgentService;
S2 idealife Update Service;
S3 igfx; system32\DRIVERS\igdkmd64.sys [X]
S3 IGRS;
S3 iirsp; \SystemRoot\system32\drivers\iirsp.sys [X]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [X]
S3 IntcDAud; system32\DRIVERS\IntcDAud.sys [X]
S3 intelide; \SystemRoot\system32\drivers\intelide.sys [X]
S3 IPMIDRV; \SystemRoot\system32\drivers\IPMIDrv.sys [X]
S3 isapnp; \SystemRoot\system32\drivers\isapnp.sys [X]
S2 IviRegMgr;
S0 LHDmgr; System32\DRIVERS\LhdX64.sys [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S2 LMIRfsDriver; \??\C:\windows\system32\drivers\LMIRfsDriver.sys [X]
S3 LSI_FC; \SystemRoot\system32\drivers\lsi_fc.sys [X]
S3 LSI_SAS; \SystemRoot\system32\drivers\lsi_sas.sys [X]
S3 LSI_SAS2; \SystemRoot\system32\drivers\lsi_sas2.sys [X]
S3 LSI_SCSI; \SystemRoot\system32\drivers\lsi_scsi.sys [X]
S2 LxrSII1d; \??\C:\windows\System32\Drivers\LxrSII1d.sys [X]
S3 MBAMProtector; \??\C:\windows\system32\drivers\mbam.sys [X]
S3 MBAMSwissArmy; \??\C:\windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 MBAMWebAccessControl; \??\C:\windows\system32\drivers\mwac.sys [X]
S3 megasas; \SystemRoot\system32\drivers\megasas.sys [X]
S3 MegaSR; \SystemRoot\system32\drivers\MegaSR.sys [X]
S3 MEIx64; system32\DRIVERS\HECIx64.sys [X]
S3 mpio; \SystemRoot\system32\drivers\mpio.sys [X]
S0 msahci; system32\drivers\msahci.sys [X]
S3 msdsm; \SystemRoot\system32\drivers\msdsm.sys [X]
S3 MSHUSBVideo; System32\Drivers\nx6000.sys [X]
S3 MTConfig; \SystemRoot\system32\drivers\MTConfig.sys [X]
S1 mwlPSDFilter; system32\DRIVERS\mwlPSDFilter.sys [X]
S1 mwlPSDNServ; system32\DRIVERS\mwlPSDNServ.sys [X]
S1 mwlPSDVDisk; system32\DRIVERS\mwlPSDVDisk.sys [X]
S3 nfrd960; \SystemRoot\system32\drivers\nfrd960.sys [X]
S3 NuidFltr; system32\DRIVERS\NuidFltr.sys [X]
S3 nvraid; \SystemRoot\system32\drivers\nvraid.sys [X]
S3 nvstor; \SystemRoot\system32\drivers\nvstor.sys [X]
S2 nvUpdatusService;
S3 nv_agp; \SystemRoot\system32\drivers\nv_agp.sys [X]
S3 NWUSBModem; system32\DRIVERS\nwusbmdm.sys [X]
S3 NWUSBPort; system32\DRIVERS\nwusbser.sys [X]
S3 NWUSBPort2; system32\DRIVERS\nwusbser2.sys [X]
S2 Oasis2Service;
S3 ohci1394; \SystemRoot\system32\drivers\ohci1394.sys [X]
S3 Parport; \SystemRoot\system32\drivers\parport.sys [X]
S2 PCCarerService;
S3 pcmcia; \SystemRoot\system32\drivers\pcmcia.sys [X]
S3 Processor; \SystemRoot\system32\drivers\processr.sys [X]
S3 psadd; system32\DRIVERS\psadd.sys [X]
S3 pwdrvio; \??\C:\windows\system32\pwdrvio.sys [X]
S3 pwdspio; \??\C:\windows\system32\pwdspio.sys [X]
S3 ql2300; \SystemRoot\system32\drivers\ql2300.sys [X]
S3 ql40xx; \SystemRoot\system32\drivers\ql40xx.sys [X]
S3 rdpbus; \SystemRoot\system32\drivers\rdpbus.sys [X]
S2 ReadyComm.DirectRouter;
S3 RFCOMM; system32\DRIVERS\rfcomm.sys [X]
S2 RichVideo;
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]
S3 RimVSerPort; system32\DRIVERS\RimSerial_AMD64.sys [X]
S3 RSUSBVSTOR; System32\Drivers\RtsUVStor.sys [X]
S3 RTL8167; system32\DRIVERS\Rt64win7.sys [X]
S2 RtLedService;
S3 S6000KNT; System32\Drivers\S6000KNT.sys [X]
S3 sbp2port; \SystemRoot\system32\drivers\sbp2port.sys [X]
S2 SeaPort;
S3 Serenum; \SystemRoot\system32\drivers\serenum.sys [X]
S3 Serial; \SystemRoot\system32\drivers\serial.sys [X]
S3 sffdisk; \SystemRoot\system32\drivers\sffdisk.sys [X]
S3 sffp_mmc; \SystemRoot\system32\drivers\sffp_mmc.sys [X]
S3 sffp_sd; \SystemRoot\system32\drivers\sffp_sd.sys [X]
S3 sfloppy; \SystemRoot\system32\drivers\sfloppy.sys [X]
S3 Sftfs; system32\DRIVERS\Sftfslh.sys [X]
S3 Sftplay; system32\DRIVERS\Sftplaylh.sys [X]
S3 Sftredir; system32\DRIVERS\Sftredirlh.sys [X]
S3 Sftvol; system32\DRIVERS\Sftvollh.sys [X]
S3 SiSRaid2; \SystemRoot\system32\drivers\SiSRaid2.sys [X]
S3 SiSRaid4; \SystemRoot\system32\drivers\sisraid4.sys [X]
S2 SoftwareService;
S3 SPPD; \??\C:\windows\system32\drivers\SPPD.sys [X]
S3 SQLWriter;
S2 SSPORT; \??\C:\windows\system32\Drivers\SSPORT.sys [X]
S3 ssudeadb; System32\Drivers\ssudeadb.sys [X]
S3 ssudmdm; system32\DRIVERS\ssudmdm.sys [X]
S2 Stereo Service;
S3 stexstor; \SystemRoot\system32\drivers\stexstor.sys [X]
S3 swenum; system32\DRIVERS\swenum.sys [X]
S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]
S3 SynTP; system32\DRIVERS\SynTP.sys [X]
S3 tap0901; system32\DRIVERS\tap0901.sys [X]
S3 taphss; system32\DRIVERS\taphss.sys [X]
S3 taphss6; system32\DRIVERS\taphss6.sys [X]
S3 TsUsbGD; \SystemRoot\system32\drivers\TsUsbGD.sys [X]
S3 uagp35; \SystemRoot\system32\drivers\uagp35.sys [X]
S3 uliagpkx; \SystemRoot\system32\drivers\uliagpkx.sys [X]
S3 UmPass; \SystemRoot\system32\drivers\umpass.sys [X]
S3 USBAAPL64; System32\Drivers\usbaapl64.sys [X]
S3 usbcir; \SystemRoot\system32\drivers\usbcir.sys [X]
S3 usbscan; \SystemRoot\system32\drivers\usbscan.sys [X]
S3 vhdmp; \SystemRoot\system32\drivers\vhdmp.sys [X]
S3 viaide; \SystemRoot\system32\drivers\viaide.sys [X]
S3 vpnva; system32\DRIVERS\vpnva64-6.sys [X]
S3 vsmraid; \SystemRoot\system32\drivers\vsmraid.sys [X]
S3 WacomPen; \SystemRoot\system32\drivers\wacompen.sys [X]
S3 Wd; \SystemRoot\system32\drivers\wd.sys [X]
S3 wsvd; system32\DRIVERS\wsvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-20 22:21 - 2014-07-29 20:04 - 00000000 ____D () C:\FRST
2014-07-16 04:43 - 2014-07-16 14:03 - 00000000 ____D () C:\LogMeIn Backup Storage
2014-07-15 17:29 - 2014-07-16 04:43 - 00000000 ____D () C:\ComboFix
2014-07-14 19:03 - 2014-07-16 04:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-08 19:12 - 2014-06-29 18:09 - 00519168 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-07-08 19:12 - 2014-06-29 18:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll
2014-07-08 19:12 - 2014-06-18 18:12 - 02239488 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2014-07-08 19:12 - 2014-06-18 18:12 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2014-07-08 19:12 - 2014-06-18 18:11 - 19277312 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2014-07-08 19:12 - 2014-06-18 18:11 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2014-07-08 19:12 - 2014-06-18 18:11 - 00097792 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 03959296 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 02650624 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 00855552 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 00526336 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 00452096 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 00281600 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 00255488 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2014-07-08 19:12 - 2014-06-18 18:10 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2014-07-08 19:12 - 2014-06-18 16:53 - 14368768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-07-08 19:12 - 2014-06-18 16:53 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-07-08 19:12 - 2014-06-18 16:53 - 01141760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-07-08 19:12 - 2014-06-18 16:53 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-07-08 19:12 - 2014-06-18 16:53 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-07-08 19:12 - 2014-06-18 16:53 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-07-08 19:12 - 2014-06-18 16:52 - 02863616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-07-08 19:12 - 2014-06-18 16:52 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-07-08 19:12 - 2014-06-18 16:52 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-07-08 19:12 - 2014-06-18 16:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-07-08 19:12 - 2014-06-18 16:52 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-07-08 19:12 - 2014-06-18 16:52 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-07-08 19:12 - 2014-06-18 16:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-07-08 19:12 - 2014-06-18 16:52 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-07-08 19:12 - 2014-06-18 16:52 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-07-08 19:12 - 2014-06-18 16:52 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-07-08 19:12 - 2014-06-18 16:52 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-07-08 19:12 - 2014-06-18 16:33 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2014-07-08 19:12 - 2014-06-18 16:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-07-08 19:12 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\System32\osk.exe
2014-07-08 19:12 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-07-08 19:12 - 2014-06-17 17:10 - 03157504 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-07-08 19:12 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2014-07-08 19:12 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-07-08 19:12 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2014-07-08 19:11 - 2014-06-18 18:12 - 01366528 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2014-07-08 19:11 - 2014-06-18 18:10 - 15369728 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2014-07-08 19:11 - 2014-06-18 18:10 - 00603136 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2014-07-08 19:11 - 2014-06-18 18:10 - 00136704 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2014-07-08 19:11 - 2014-06-18 18:10 - 00067072 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2014-07-08 19:11 - 2014-06-18 18:09 - 01508864 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2014-07-08 19:11 - 2014-06-18 16:52 - 13732352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-07-08 19:11 - 2014-06-18 16:52 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-07-08 19:11 - 2014-06-18 15:37 - 00089600 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2014-07-08 19:11 - 2014-06-18 15:34 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-07-08 19:11 - 2014-06-05 06:45 - 01460736 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2014-07-08 19:11 - 2014-06-05 06:26 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-07-08 19:11 - 2014-06-05 06:25 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-07-08 19:11 - 2014-05-30 00:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\System32\kerberos.dll
2014-07-08 19:11 - 2014-05-30 00:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2014-07-08 19:11 - 2014-05-30 00:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\System32\msv1_0.dll
2014-07-08 19:11 - 2014-05-30 00:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2014-07-08 19:11 - 2014-05-30 00:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\System32\wdigest.dll
2014-07-08 19:11 - 2014-05-30 00:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\System32\TSpkg.dll
2014-07-08 19:11 - 2014-05-30 00:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\System32\credssp.dll
2014-07-08 19:11 - 2014-05-29 23:52 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-07-08 19:11 - 2014-05-29 23:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-07-08 19:11 - 2014-05-29 23:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-07-08 19:11 - 2014-05-29 23:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-07-08 19:11 - 2014-05-29 23:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-07-08 19:11 - 2014-05-29 23:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-07-08 19:11 - 2014-05-29 23:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-07-29 20:04 - 2014-07-20 22:21 - 00000000 ____D () C:\FRST
2014-07-16 14:03 - 2014-07-16 04:43 - 00000000 ____D () C:\LogMeIn Backup Storage
2014-07-16 14:03 - 2013-01-22 05:02 - 00000000 ____D () C:\Program Files (x86)\LogMeIn
2014-07-16 14:03 - 2012-02-25 12:43 - 01556339 _____ () C:\Windows\WindowsUpdate.log
2014-07-16 05:06 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Setup
2014-07-16 05:06 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-07-16 05:06 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\MUI
2014-07-16 05:06 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\com
2014-07-16 05:06 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\winevt
2014-07-16 05:05 - 2011-02-22 03:42 - 00000000 ____D () C:\Windows\ShellNew
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ___SD () C:\Windows\Media
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\sysprep
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\spool
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\SMI
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Setup
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\oobe
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\MUI
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Msdtc
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\com
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Resources
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PLA
2014-07-16 05:05 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Help
2014-07-16 04:59 - 2013-04-12 12:49 - 00000000 ____D () C:\users\TEMP.HY-PC.734
2014-07-16 04:57 - 2012-09-10 15:44 - 00000000 ____D () C:\users\HY
2014-07-16 04:53 - 2013-03-31 16:12 - 00000000 ____D () C:\Users\HY\AppData\Roaming\ProcessLasso
2014-07-16 04:49 - 2013-04-13 02:36 - 00000000 ____D () C:\users\fbwuser.HY-PC.977
2014-07-16 04:47 - 2013-04-11 20:45 - 00000000 ____D () C:\users\fbwuser.HY-PC.241
2014-07-16 04:47 - 2013-04-11 20:10 - 00000000 ____D () C:\users\fbwuser.HY-PC.238
2014-07-16 04:47 - 2013-04-11 18:06 - 00000000 ____D () C:\users\fbwuser.HY-PC.230
2014-07-16 04:45 - 2013-10-05 13:40 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-07-16 04:45 - 2013-07-23 11:42 - 00000000 ____D () C:\Program Files (x86)\TomTom HOME 2
2014-07-16 04:45 - 2013-03-07 21:01 - 00000000 ____D () C:\Program Files (x86)\Orb Networks
2014-07-16 04:45 - 2012-09-24 18:04 - 00000000 ____D () C:\Program Files (x86)\Skype
2014-07-16 04:45 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2014-07-16 04:44 - 2014-07-14 19:03 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-16 04:44 - 2013-04-16 18:56 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Backup
2014-07-16 04:44 - 2012-09-26 18:10 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-07-16 04:44 - 2012-02-25 13:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-07-16 04:44 - 2012-02-25 13:17 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-07-16 04:44 - 2012-02-25 13:06 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2014-07-16 04:44 - 2012-02-25 12:51 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-07-16 04:44 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-07-16 04:43 - 2014-07-15 17:29 - 00000000 ____D () C:\ComboFix
2014-07-16 04:43 - 2013-03-31 16:12 - 00000000 ____D () C:\Program Files\Process Lasso
2014-07-16 04:43 - 2012-12-03 18:53 - 00000000 ____D () C:\Program Files\Palm, Inc
2014-07-16 04:43 - 2012-10-05 16:28 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-07-16 04:43 - 2012-09-12 19:59 - 00000000 ____D () C:\Program Files\Bonjour
2014-07-16 04:43 - 2012-09-12 19:59 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-07-16 04:43 - 2012-09-12 18:13 - 00000000 ____D () C:\Program Files\Microsoft LifeCam
2014-07-16 04:43 - 2012-02-25 13:31 - 00000000 ____D () C:\Program Files (x86)\Google
2014-07-16 04:43 - 2012-02-25 13:21 - 00000000 ____D () C:\Program Files (x86)\EgisTec Port Locker
2014-07-16 04:43 - 2012-02-25 13:20 - 00000000 ____D () C:\Program Files\Lenovo
2014-07-16 04:43 - 2012-02-25 13:15 - 00000000 ____D () C:\Program Files (x86)\EgisTec BioExcess
2014-07-16 04:43 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2014-07-16 04:43 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-07-16 04:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-07-09 14:46 - 2014-05-06 23:03 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-07-09 14:46 - 2011-02-22 03:42 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 14:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-07-09 14:46 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\Dism
2014-06-29 18:09 - 2014-07-08 19:12 - 00519168 _____ (Microsoft Corporation) C:\Windows\System32\aepdu.dll
2014-06-29 18:04 - 2014-07-08 19:12 - 00424448 _____ (Microsoft Corporation) C:\Windows\System32\aeinv.dll

==================== Known DLLs (Whitelisted) ================

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Windows\system32\codeintegrity\Bootcat.cache IS MISSING <==== ATTENTION!.

==================== Restore Points  =========================

Restore point made on: 2014-07-16 05:48:18

==================== Memory info ===========================

Percentage of memory in use: 9%
Total physical RAM: 8106.14 MB
Available physical RAM: 7313.37 MB
Total Pagefile: 8104.29 MB
Available Pagefile: 7312.25 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:421.81 GB) (Free:390.25 GB) NTFS
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:12 GB) NTFS
Drive g: (Windows_7_Home_Premium) (CDROM) (Total:3.14 GB) (Free:0 GB) UDF
Drive h: (MULTIBOOT) (Removable) (Total:0.48 GB) (Free:0.4 GB) FAT
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: D120BA36)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=422 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=15 GB) - (Type=12)

========================================================
Disk: 1 (Size: 489 MB) (Disk ID: 20AC7DDA)
No partition Table on disk 1.

LastRegBack: 2014-07-09 15:19

==================== End Of Log ============================






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users