Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need a farbar fixlist please!


  • This topic is locked This topic is locked
2 replies to this topic

#1 cdocinc

cdocinc

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:08:50 PM

Posted 25 August 2014 - 03:21 PM

Having issues with this PC and i'll attach the text file and hopefully somebody can help me out.
thanks in advance!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-08-2014 03
Ran by SYSTEM on MININT-8J74PL3 on 25-08-2014 15:59:09
Running from J:\
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.


The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11057768 2010-07-06] (Realtek Semiconductor)
HKLM\...\Run: [UpdatePRCShortCut] => C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe [222504 2009-05-13] (CyberLink Corp.)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1271072 2014-03-11] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [jmekey] => C:\windows\jmesoft\hotkey.exe [118784 2011-06-08] (Lenovo)
HKLM-x32\...\Run: [ModeSwitch] => C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe [163840 2010-09-26] (Lenovo)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139264 2013-07-22] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4522496 2012-12-27] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Nuance OmniPage 17-reminder] => C:\Program Files (x86)\Nuance\OmniPage17\Ereg\Ereg.exe [54560 2008-11-03] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [PDFHook] => C:\Program Files (x86)\Nuance\PDF Viewer Plus\pdfpro5hook.exe [636192 2010-03-05] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-26] (Renesas Electronics Corporation)
HKLM-x32\...\RunOnce: [SMRequiresRestart] => [X]
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\DrWoz\...\Run: [GoToMeeting] => C:\Program Files (x86)\Citrix\GoToMeeting\1172\g2mstart.exe [40816 2013-05-28] (Citrix Online, a division of Citrix Systems, Inc.)
HKU\DrWoz\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\DrWoz\...\Run: [Google Update] => C:\Users\DrWoz\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-05-11] (Google Inc.)
HKU\DrWoz\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe [1104256 2014-05-08] (Adobe Systems Incorporated)
AppInit_DLLs-x32: OGPDFLoader.dll => "OGPDFLoader.dll" File Not Found
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\Users\DrWoz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> (No File)
BootExecute: autocheck autochk /p \??\C:"autocheck autochk /p \??\C:"rs圹ಽoҰFile verification completed.aKe፡౦Ұ0 bad file records processed.ocᎱ౦Ұ44 reparse records processed.edᐁ౦Ұ368538 index entries processed.ᑑ౦ҰIndex verification completed.leᅠ౦ҰIndex verification completed..ᅠ౦Ұ368538 index entries processed.ᅠ౦Ұ44 reparse records processed..bsolutePath></AbsolutePath> <Parameters></Parameters> <Reference>C:\Program Files (x86)\Skype\Updater\</Reference> <RegValueName>SkypeUpdate</RegValueName> <ServiceStatus>2</ServiceStatus> <Automatic>1</Automatic> <Disabled>0</Disabled> <Excluded>0</Excluded> <Delay>0</Delay> <MD5>50d9949020e02b847cd48f1243fcb895</MD5> <FV_FileVersion>6.8.1.61523</FV_FileVersion> <FV_Description>Skype Updater Service</FV_Description> <FV_Copyright></FV_Copyright> <FV_Company>Skype Technologies</FV_Company> <FV_Name></FV_Name> <FV_Language>English (United States)</FV_Language> <FV_OriginalName></FV_OriginalName> <FV_Product>Skype</FV_Product> <FV_ProductVersion>6.8</FV_ProductVersion> <RemoteMachineName></RemoteMachineName></StartupItemData>rsion> <RemoteMachineName></RemoteMachineName></StartupI㋓배᎘배᎘Ւ<?xml version="1.0"?><StartupItemData> <StartupType>Background service</StartupType> <Status>0</Status> <OriginalStatus>0</OriginalStatus> <ProgramClassification>4</ProgramClassification> <ProgramClassificationName>User Choice</ProgramClassificationName> <SocialDataKeptOnPct>75</SocialDataKeptOnPct> <SocialDataTurnedOffPct>25</SocialDataTurnedOffPct> <SocialDataDeferredPct>-1</SocialDataDeferredPct> <Source>Installed Services</Source> <Name>Skype Updater</Name> <Path>C:\Program Files (x86)\Skype\Updater\Updater.exe</Path> <AbsolutePath></AbsolutePath> <Parameters></Parameters> <Reference>C:\Program Files (x86)\Skype\Updater\</Reference> <RegValueName>SkypeUpdate</RegValueName> <ServiceStatus>2</ServiceStatus> <Automatic>1</Automatic> <Disabled>0</Disabled> <Excluded>0</Excluded> <Delay>0</Delay> <MD5>50d9949020e02b847cd48f1243fcb895</MD5> <FV_FileVersion>6.8.1.61523</FV_FileVersion> <FV_Description>Skype Updater Service</FV_Description> <FV_Copyright></FV_Copyright> <FV_Company>Skype Technologies</FV_Company> <FV_Name></FV_Name> <FV_Language>English (United States)</FV_Language> <FV_OriginalName></FV_OriginalName> <FV_Product>Skype</FV_Product> <FV_ProductVersion>6.8</FV_ProductVersion> <RemoteMachineName></RemoteMachineName></StartupItemData>riginalName>PDFPROFILTSRVPP.EXE</FV_OriginalName> <FV_Prod➣믘᎘믘᎘perPort</FV_Product> <FV_ProductVersion>12.1</FV_ProductVersion> <RemoteMachineName></RemoteMachineName></StartupItemData>Name></StartupItemData>achineName></RemoteMachineName></StartupItemData>ginalName> <FV_Product>Garmin Co▣믈᎘믈᎘ate Service</FV_Product> <FV_ProductVersion>2.9.4.31.7d4df4a</FV_ProductVersion> <RemoteMachineName></RemoteMachineName></StartupItemData>IVERS\usbscan.sys῔ጔ⭱౦Ұsystem32\DRIVERS\USBSTOR.SYSautocheck smrgdf C:\Users\DrWoz\AppData\Roaming\iolo\

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S4 eBLVD; C:\Program Files (x86)\eBLVD\ebhost.exe [588768 2014-04-23] (ENC)
S2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [438616 2014-08-07] (Garmin Ltd or its subsidiaries)
S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4700872 2014-07-16] (iolo technologies, LLC)
S4 JME Keyboard; C:\Windows\jmesoft\Service.exe [32768 2011-03-15] ()
S2 LenovoCOMSvc; C:\Program Files\Lenovo\Power Dial\LenovoCOMSvc.exe [49152 2009-09-30] (Lenovo)
S3 LitModeCtrl; C:\Program Files\Lenovo\Power Dial\LitModeCtrl.exe [81920 2010-09-09] (Lenovo)
S2 LkCitadelServer; C:\windows\SysWOW64\lkcitdl.exe [695136 2009-09-29] (National Instruments, Inc.)
S2 lkClassAds; C:\windows\SysWOW64\lkads.exe [42544 2009-06-18] (National Instruments Corporation)
S2 lkTimeSync; C:\windows\SysWOW64\lktsrv.exe [53296 2009-06-18] (National Instruments Corporation)
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [137528 2013-11-15] (Motorola Mobility LLC)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2014-03-11] (Microsoft Corporation)
S2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [356912 2009-06-18] (National Instruments Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [347872 2014-03-11] (Microsoft Corporation)
S3 PACSPTISVR-Sound_Organizer; C:\Program Files (x86)\Sony\Sound Organizer\Sony.Earth\PACSPTISVR.exe [174176 2012-11-08] (Sony Corporation)
S4 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [145256 2011-08-02] (Nuance Communications, Inc.)
S2 WDBackup; C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe [1150368 2012-04-24] (Western Digital )
S4 WDDriveService; C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe [247704 2012-04-11] (Western Digital)
S2 WDRulesService; C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe [1177496 2012-04-11] (Western Digital )

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 akshasp; C:\Windows\System32\DRIVERS\akshasp.sys [60488 2013-08-09] (SafeNet Inc.)
S3 aksusb; C:\Windows\System32\DRIVERS\aksusb.sys [303624 2013-08-09] (SafeNet Inc.)
S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [165688 2013-09-06] (Broadcom Corporation.)
S1 ElRawDisk; C:\windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
S1 FileDisk; No ImagePath
S2 hardlock; C:\windows\system32\drivers\hardlock.sys [331608 2014-04-28] (SafeNet Inc.)
S0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [268512 2014-01-24] (Microsoft Corporation)
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [133928 2014-03-11] (Microsoft Corporation)
S0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2013-09-14] (Corel Corporation)
S1 RawDisk3; C:\windows\system32\drivers\rawdsk3.sys [32912 2014-07-16] (EldoS Corporation)
S2 IWPORT; \??\C:\windows\SYSTEM32\DRIVERS\IWPORT.SYS [X]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [X]
S3 lmimirr; system32\DRIVERS\lmimirr.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

========================== Drivers MD5 =======================

C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\windows\system32\drivers\aksdf.sys 3190C577746303CA4C65114441192FE2
C:\Windows\System32\DRIVERS\akshasp.sys 35E43EE8FE28CFD581E8CE42847DFE2B
C:\Windows\System32\DRIVERS\aksusb.sys 8D584711424446969B5E4CB16870A898
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys D7048FA43C3B7F0885022730737AEA10
C:\Windows\System32\DRIVERS\atikmpag.sys DF5950F967D6911433A4B80338B527CC
C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\System32\drivers\AtihdW76.sys DBB487D09F56C674430AC454FD8BCAB9
C:\Windows\System32\DRIVERS\atikmdag.sys D7048FA43C3B7F0885022730737AEA10
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\drivers\bcbtums.sys D70CEC0C62FDC1772ACD42EEF467F491
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BrSerIb.sys 63A00CDBEB300522C49EC7CA77324060
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BrUsbSIb.sys BBCFD6C6EF66449F55AF1BFDB08C9B12
C:\Windows\System32\DRIVERS\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\windows\system32\drivers\btwampfl.sys 96E22173FD0E2670A2A20C1EEECA162A
C:\Windows\System32\drivers\btwaudio.sys A771078558477068DFD8037B82EB00F8
C:\Windows\System32\DRIVERS\btwavdt.sys 9FF58F76024D25784755B01F926B00BE
C:\Windows\System32\DRIVERS\btwl2cap.sys B1ACFD00CDD13B48D86F46BFEC153BF9
C:\Windows\System32\DRIVERS\btwrchid.sys EDD953D635F3AA89EF902E3F82D60D22
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706
C:\Windows\system32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys 88612F1CE3BF42256913BF6E61C70D52
C:\Windows\System32\DRIVERS\e1c62x64.sys 6BAFD9819D9FEC2EDBAEBC8493C711A4
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\windows\system32\drivers\ElRawDsk.sys F21A07780BBD64ADEF872F50E8CE2E75
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fssfltr.sys B9D4827FBAB99CEE4AF2BC2628C585BC
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\drivers\ftdibus.sys FA169871D8FADCC6539C4E8726610286
C:\Windows\System32\drivers\ftser2k.sys 24237091348D1EFB5635A1CF9649E311
C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\windows\system32\drivers\hardlock.sys 3921C845A24C62CA1F44EEF4826263E9
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\iaStor.sys F7CE9BE72EDAC499B713ECA6DAE5D26F
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\drivers\RTKVHD64.sys F5872A11EB4F6DB170D636CD4E53CA9F
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC
C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LEqdUsb.Sys ED7EC050CD6C20E1A93A4DAFB7EFD14D
C:\Windows\System32\DRIVERS\LHidEqd.Sys 3267BC698E29474A8381E68904EB0390
C:\Windows\System32\DRIVERS\LHidFilt.Sys 241F2648ADF090E2A10095BD6D6F5DCB
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\LMouFilt.Sys 342ED5A4B3326014438F36D22D803737
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HECIx64.sys A6518DCC42F7A6E999BB3BEA8FD87567
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\MpFilter.sys 9EB89625A82AC961F25E7C865947BF9A
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\NisDrvWFP.sys C3E0696C3B42F694C5822776AA6FFFDF
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nusb3hub.sys 786DB821BFD57C0551DBBE4F75384A7D
C:\Windows\System32\DRIVERS\nusb3xhc.sys DAA8005CAF745042BB427A1ED7433354
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\PDFsFilter.sys 8570C04D9DBFDDD2CCF655DEB4D84715
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 07D57B890DD5693A6AB660CBAE8F91B4
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\windows\system32\drivers\rawdsk3.sys 7439995C023110A203539E8C37AA36B0
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUStor.sys 9BEB5F18A418FF70659CE2E356829568
C:\Windows\System32\DRIVERS\rtl8192Ce.sys 09A8BA290DB61D2D5C419A06A2E54D20
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\system32\drivers\usbaudio.sys B0435098C81D04CAFFF80DDB746CD3A2
C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A
C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31
C:\Windows\system32\drivers\usbehci.sys 18A85013A3E0F7E1755365D287443965
C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA
C:\Windows\system32\drivers\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys DD253AFC3BC6CBA412342DE60C3647F3
C:\Windows\System32\DRIVERS\VBoxNetAdp.sys 48630B4530C80AAF3DDE9633E4291D8C
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wdcsam64.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:\Windows\System32\DRIVERS\wsvd.sys 83575C43B2BFE9AB0661A7F957E843C0
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\yk62x64.sys B3EEACF62445E24FBB2CD4B0FB4DB026

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 15:58 - 2014-08-25 15:59 - 00000000 ____D () C:\FRST
2014-08-25 08:55 - 2014-08-25 08:55 - 00000000 ____D () C:\ProgramData\ MH Squad
2014-08-25 08:45 - 2014-08-25 08:45 - 00010240 ____N () C:\bootex.log
2014-08-20 11:49 - 2014-08-20 11:49 - 00000000 ____D () C:\ProgramData\Geek Squad
2014-08-15 23:31 - 2014-08-15 23:31 - 00062408 ____N () C:\bootsqm.dat
2014-08-05 05:09 - 2014-08-05 05:09 - 00000000 _____ () C:\Windows\System32\smrgdf.txt
2014-08-04 02:55 - 2014-08-04 02:56 - 00000206 _____ () C:\INSTALL.LOG
2014-08-04 02:50 - 2014-08-04 02:50 - 00003126 _____ () C:\Windows\System32\Tasks\{7BCFB573-952B-4DE8-B121-787E6CC4D0C2}
2014-08-03 23:06 - 2014-08-03 23:06 - 00001293 _____ () C:\Users\DrWoz\Desktop\BS Contact.lnk
2014-08-03 23:06 - 2014-08-03 23:06 - 00000000 ____D () C:\Users\DrWoz\AppData\Local\Bitmanagement Software
2014-08-03 23:06 - 2014-08-03 23:06 - 00000000 ____D () C:\Program Files (x86)\Bitmanagement Software
2014-08-03 23:05 - 2014-08-03 23:05 - 00001773 _____ () C:\Users\DrWoz\Desktop\CIS.lnk
2014-08-03 23:04 - 2002-10-04 14:06 - 00077824 _____ () C:\Windows\SysWOW64\avHyperLink.ocx
2014-08-03 23:04 - 2002-05-26 13:16 - 00373760 _____ (Softuarium) C:\Windows\SysWOW64\xwpdlx20.ocx
2014-08-03 23:04 - 1999-11-30 22:00 - 00001384 _____ () C:\Windows\SysWOW64\win.tlb
2014-08-03 23:04 - 1999-10-15 11:57 - 00063488 _____ () C:\Windows\SysWOW64\midiio32.ocx
2014-08-03 23:04 - 1999-08-25 10:01 - 00011264 _____ () C:\Windows\SysWOW64\SSC05.DLL
2014-08-03 23:04 - 1998-11-23 12:10 - 00090112 _____ (http://www.mvps.org/vb) C:\Windows\SysWOW64\ccrpTmr6.dll
2014-08-03 23:04 - 1998-06-23 20:00 - 00103744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCOMM32.OCX
2014-08-03 22:20 - 2014-08-03 22:20 - 00000000 ____D () C:\ProgramData\ToneTrend
2014-08-03 22:19 - 2014-08-03 22:20 - 00000000 ____D () C:\Program Files (x86)\ToneTrend
2014-08-03 22:19 - 2014-08-03 22:19 - 00001801 _____ () C:\Users\DrWoz\Desktop\ToneTrend.lnk
2014-08-03 22:19 - 2013-07-09 12:28 - 00088576 _____ () C:\Windows\SysWOW64\msdxm.oca
2014-08-03 22:19 - 2013-06-19 16:05 - 00013824 _____ () C:\Windows\SysWOW64\WebPicLib.oca
2014-08-03 22:19 - 2013-03-18 14:53 - 00041472 _____ () C:\Windows\SysWOW64\ImmWeb.oca
2014-08-03 22:19 - 2008-05-08 07:12 - 00225280 _____ (Immersion Corporation) C:\Windows\SysWOW64\ImmWeb.OCX
2014-08-03 22:19 - 2008-03-18 15:54 - 00679936 _____ (Wilhelm Kurz) C:\Windows\SysWOW64\DynaPlot3.ocx
2014-08-03 22:19 - 2006-11-18 15:49 - 00787968 _____ (Softuarium) C:\Windows\SysWOW64\WebPicLib.ocx
2014-08-03 22:19 - 2004-08-04 03:00 - 01355776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvbvm50.dll
2014-08-03 22:19 - 2004-05-25 16:22 - 00048128 _____ (xFX JumpStart) C:\Windows\SysWOW64\MixerPro.dll
2014-08-03 22:19 - 2004-03-08 20:00 - 00200224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCI32.OCX
2014-08-03 22:19 - 2003-02-11 12:17 - 00011776 _____ (VBSmart) C:\Windows\SysWOW64\smartsubClass.dll
2014-08-03 22:19 - 2002-04-16 06:15 - 02670080 _____ (SwiftSoft) C:\Windows\SysWOW64\MMToolsX2.ocx
2014-08-03 22:19 - 2002-03-13 20:10 - 00233472 _____ (Immersion Corporation) C:\Windows\SysWOW64\IFC23.dll
2014-08-03 22:19 - 2001-01-21 16:01 - 00063488 _____ (SwiftSoft) C:\Windows\SysWOW64\MMRegOCX.EXE
2014-08-03 22:19 - 2001-01-21 15:58 - 00040448 _____ (SwiftSoft) C:\Windows\SysWOW64\AXDIST.EXE
2014-08-03 22:19 - 2001-01-20 14:14 - 00428032 _____ (SwiftSoft) C:\Windows\SysWOW64\MMTypesX2.ocx
2014-08-03 22:19 - 1999-12-02 08:44 - 00050680 _____ (Distributed by Mabry Software, http://www.mabry.com) C:\Windows\SysWOW64\TASKINFO.OCX
2014-08-03 22:19 - 1998-12-29 23:39 - 00040960 _____ (Alvaro Redondo) C:\Windows\SysWOW64\ARINIMgr.dll
2014-08-03 22:19 - 1998-06-23 20:00 - 00067376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SYSINFO.OCX
2014-08-03 21:59 - 2014-08-03 22:07 - 16427930 _____ () C:\Users\DrWoz\Documents\Setup-ToneTrend.exe
2014-08-03 06:03 - 2014-08-12 03:57 - 00003340 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-840757462-502348844-3567072404-1002
2014-08-03 06:03 - 2014-08-12 03:57 - 00003206 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-840757462-502348844-3567072404-1002
2014-07-29 16:02 - 2014-07-29 23:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-26 19:10 - 2014-07-31 19:38 - 00000000 ____D () C:\Users\DrWoz\Documents\DRAGON

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-25 15:59 - 2014-08-25 15:58 - 00000000 ____D () C:\FRST
2014-08-25 12:11 - 2014-05-05 23:00 - 00000000 ___SD () C:\Windows\System32\CompatTel
2014-08-25 12:11 - 2013-09-15 15:53 - 00000000 ____D () C:\Program Files (x86)\Garmin
2014-08-25 12:11 - 2013-08-18 20:32 - 00000000 ____D () C:\Program Files (x86)\Opera
2014-08-25 12:11 - 2012-06-02 04:55 - 00000000 ____D () C:\users\DrWoz
2014-08-25 12:11 - 2012-06-01 18:55 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-25 12:11 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-08-25 12:11 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-25 12:11 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2014-08-25 12:11 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-08-25 12:10 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\servicing
2014-08-25 12:09 - 2013-11-20 20:33 - 00000000 ____D () C:\Users\DrWoz\AppData\Roaming\Dropbox
2014-08-25 12:09 - 2012-06-05 18:19 - 00000000 ____D () C:\ProgramData\Real
2014-08-25 08:55 - 2014-08-25 08:55 - 00000000 ____D () C:\ProgramData\ MH Squad
2014-08-25 08:45 - 2014-08-25 08:45 - 00010240 ____N () C:\bootex.log
2014-08-20 11:49 - 2014-08-20 11:49 - 00000000 ____D () C:\ProgramData\Geek Squad
2014-08-20 09:40 - 2011-02-15 02:41 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-08-15 23:31 - 2014-08-15 23:31 - 00062408 ____N () C:\bootsqm.dat
2014-08-15 23:07 - 2013-08-06 23:03 - 00000000 ____D () C:\Windows\System32\MRT
2014-08-15 23:00 - 2012-03-01 13:28 - 01279408 _____ () C:\Windows\WindowsUpdate.log
2014-08-15 22:51 - 2012-03-01 14:00 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-15 22:49 - 2013-07-03 12:13 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840757462-502348844-3567072404-1002UA.job
2014-08-15 22:40 - 2012-06-09 14:00 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-15 19:51 - 2013-10-31 17:36 - 00002414 _____ () C:\Users\DrWoz\Desktop\Google Chrome Canary.lnk
2014-08-15 15:42 - 2011-11-13 10:55 - 00000000 ___RD () C:\Users\DrWoz\Dropbox
2014-08-15 11:49 - 2013-07-03 12:13 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-840757462-502348844-3567072404-1002Core.job
2014-08-15 05:51 - 2012-03-01 14:00 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-15 03:51 - 2013-08-04 14:12 - 00002266 ____H () C:\Users\DrWoz\Documents\Default.rdp
2014-08-15 03:48 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\System32\FxsTmp
2014-08-15 02:44 - 2009-07-13 20:51 - 00134842 _____ () C:\Windows\setupact.log
2014-08-13 16:34 - 2013-12-10 16:55 - 00001017 _____ () C:\Users\DrWoz\Desktop\Dropbox.lnk
2014-08-12 16:53 - 2013-01-12 14:49 - 00002183 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-08-12 16:53 - 2012-03-01 14:01 - 00002183 _____ () C:\Users\Public\Desktop\Internet Browser.lnk
2014-08-12 05:40 - 2014-06-14 05:38 - 00003828 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1376886758
2014-08-12 03:57 - 2014-08-03 06:03 - 00003340 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-840757462-502348844-3567072404-1002
2014-08-12 03:57 - 2014-08-03 06:03 - 00003206 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-840757462-502348844-3567072404-1002
2014-08-11 23:36 - 2013-09-15 15:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-11 23:35 - 2014-03-09 06:27 - 00003556 _____ () C:\Windows\System32\Tasks\GarminUpdaterTask
2014-08-11 23:35 - 2013-09-15 15:54 - 00001888 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-08-11 23:35 - 2013-09-15 15:54 - 00000000 ____D () C:\ProgramData\Garmin
2014-08-10 20:37 - 2010-09-30 20:01 - 00000000 ____D () C:\Users\Public\CIS
2014-08-10 03:58 - 2010-06-16 18:22 - 00000000 ____D () C:\Program Files (x86)\Brother
2014-08-10 00:06 - 2009-07-13 20:45 - 00028336 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-10 00:06 - 2009-07-13 20:45 - 00028336 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-05 07:32 - 2013-09-05 20:49 - 00015611 _____ () C:\Windows\BRRBCOM.INI
2014-08-05 05:09 - 2014-08-05 05:09 - 00000000 _____ () C:\Windows\System32\smrgdf.txt
2014-08-05 03:59 - 2009-07-13 21:13 - 00782470 _____ () C:\Windows\System32\PerfStringBackup.INI
2014-08-05 03:56 - 2013-12-13 20:15 - 00000000 ____D () C:\Users\DrWoz\.gstreamer-0.10
2014-08-05 03:56 - 2013-08-03 12:21 - 00000000 ____D () C:\Users\DrWoz\AppData\Roaming\MotoCast
2014-08-05 03:56 - 2012-06-02 04:56 - 00089984 _____ () C:\Users\DrWoz\AppData\Local\GDIPFONTCACHEV1.DAT
2014-08-05 03:53 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-05 03:53 - 2009-07-13 20:45 - 00359368 _____ () C:\Windows\System32\FNTCACHE.DAT
2014-08-04 21:03 - 2012-06-06 03:24 - 00000000 ____D () C:\Users\DrWoz\AppData\Roaming\Skype
2014-08-04 02:56 - 2014-08-04 02:55 - 00000206 _____ () C:\INSTALL.LOG
2014-08-04 02:50 - 2014-08-04 02:50 - 00003126 _____ () C:\Windows\System32\Tasks\{7BCFB573-952B-4DE8-B121-787E6CC4D0C2}
2014-08-04 00:46 - 2014-07-05 12:34 - 00000000 ____D () C:\Users\DrWoz\Desktop\Julia Fall Schedule
2014-08-03 23:06 - 2014-08-03 23:06 - 00001293 _____ () C:\Users\DrWoz\Desktop\BS Contact.lnk
2014-08-03 23:06 - 2014-08-03 23:06 - 00000000 ____D () C:\Users\DrWoz\AppData\Local\Bitmanagement Software
2014-08-03 23:06 - 2014-08-03 23:06 - 00000000 ____D () C:\Program Files (x86)\Bitmanagement Software
2014-08-03 23:05 - 2014-08-03 23:05 - 00001773 _____ () C:\Users\DrWoz\Desktop\CIS.lnk
2014-08-03 23:04 - 2010-10-08 13:46 - 00000000 ____D () C:\Program Files (x86)\CIS
2014-08-03 22:20 - 2014-08-03 22:20 - 00000000 ____D () C:\ProgramData\ToneTrend
2014-08-03 22:20 - 2014-08-03 22:19 - 00000000 ____D () C:\Program Files (x86)\ToneTrend
2014-08-03 22:19 - 2014-08-03 22:19 - 00001801 _____ () C:\Users\DrWoz\Desktop\ToneTrend.lnk
2014-08-03 22:07 - 2014-08-03 21:59 - 16427930 _____ () C:\Users\DrWoz\Documents\Setup-ToneTrend.exe
2014-08-03 07:08 - 2011-04-26 18:26 - 00000000 ____D () C:\Users\DrWoz\Documents\Alexei's Library--Acer
2014-08-03 06:59 - 2012-08-31 05:22 - 00000000 ____D () C:\Users\DrWoz\AppData\Local\CrashDumps
2014-08-01 20:16 - 2013-05-21 04:52 - 00000000 ____D () C:\Users\DrWoz\Desktop\Practice-Related
2014-08-01 20:08 - 2012-08-14 08:19 - 00000000 ____D () C:\ProgramData\CNS Vital Signs
2014-07-31 19:38 - 2014-07-26 19:10 - 00000000 ____D () C:\Users\DrWoz\Documents\DRAGON
2014-07-29 23:27 - 2014-07-29 16:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-27 21:03 - 2012-03-01 14:00 - 00000000 ____D () C:\ProgramData\Temp

Files to move or delete:
====================
C:\ProgramData\flashax10.exe
C:\Users\DrWoz\g2mdlhlpx (1).exe
C:\Users\Public\NTUSER (1).DAT


Some content of TEMP:
====================
C:\Users\DrWoz\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmppjcrxt.dll
C:\Users\DrWoz\AppData\Local\Temp\sqlite-3.6.20-sqlitejdbc.dll


==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================

Restore point made on: 2014-08-07 01:44:20
Restore point made on: 2014-08-09 04:05:00
Restore point made on: 2014-08-11 23:35:07
Restore point made on: 2014-08-11 23:35:25
Restore point made on: 2014-08-11 23:36:24
Restore point made on: 2014-08-13 04:05:30
Restore point made on: 2014-08-15 23:00:23

==================== Memory info ===========================

Percentage of memory in use: 11%
Total physical RAM: 8172.96 MB
Available physical RAM: 7244.93 MB
Total Pagefile: 8171.16 MB
Available Pagefile: 7238.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.89 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:1837.84 GB) (Free:1304.72 GB) NTFS
Drive j: (UNTITLED) (Removable) (Total:15.22 GB) (Free:3.16 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (SYSTEM RESERVED) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: D8C28DFB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1837.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=25.1 GB) - (Type=12)

========================================================
Disk: 5 (Size: 15.2 GB) (Disk ID: E40BA8C1)
Partition 1: (Not Active) - (Size=15.2 GB) - (Type=0B)


LastRegBack: 2014-08-06 21:02

==================== End Of Log ============================

Attached Files


Edited by nasdaq, 29 August 2014 - 07:42 AM.
FRST log posted.


BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:50 PM

Posted 30 August 2014 - 07:35 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===


Please get the Last Good Configuration.
http://windows.microsoft.com/en-CA/windows7/Using-Last-Known-Good-Configuration
<<<>>>


When completed please run the Farbar tool one more time and post a fresh FRST log for my review.

#3 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:50 PM

Posted 04 September 2014 - 09:09 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users