Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Boot issue after windows update w7 x64


  • This topic is locked This topic is locked
10 replies to this topic

#1 milly22

milly22

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 25 April 2015 - 07:11 AM

Hi,and thanks in advance  for any help.

I am after a fix file after running farbar. 

 

A quick back story:

Something went wrong while windows was configuring updates.  I was stuck in a start-up repair loop, with no access to safemode (f8 didn't work),system restore points deleted, start up repair couldn't automatically fix problems. 

 

The only way I could eventually get into advanced system repair was using a recovery usb stick,not sure which one as my son downloaded it 

 

The only useful thing I could get into was command prompt... sfc scan now wouldn't work as there were pending system repairs...trying to revert pending changes didn't work ... nor did deleting pending.xml ..... the usual commands used to rebuild boot mgr also didn't work. Eventually I simply copied everything from x:/windows/system32/ into e:/windows/system32 and surprisingly was able to log in.. however dll files were throwing errors, and when I logged back out the windows updates started running again and caused more boot errors.  I tried my 'copy everything' fix again and it worked. I used command prompt to stop windows updates.  It was still throwing dll errors. Next time I restarted I got the blue screen of death .. tried bootcat.cache fix but it did nothing.  

 

The computer is a lenovo g575,running windows 7, x64.  It's used by the whole family so there are a few user accounts.

 It came with windows 7 pre-installed, so microsoft won't let me make an .iso.

 

Weirdly in command prompt the partitions show e: as being where windows boots from, but when logged in it appears as c:  I can access e: when in recovery, but when the computer was logged in I couldn't access e:

 

The farbar recovery tool shows this: 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-04-2015
Ran by SYSTEM on MININT-80BOFCS on 25-04-2015 20:34:09
Running from H:\
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 9
Boot Mode: Recovery
 
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2294568 2010-09-02] (Synaptics Incorporated)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1297112 2014-12-08] (COMODO)
HKLM\...\Run: [SBRegRebootCleaner] => "C:\Program Files (x86)\Ad-Aware Antivirus\SBRC.exe"
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-08-09] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331_STI.EXE [536576 2010-01-15] (Vimicro)
HKLM-x32\...\Run: [BigPondWirelessBroadbandCM] => C:\Program Files (x86)\Telstra\Mobile Broadband Manager\TelstraUCM.exe [5251072 2010-09-09] (Telstra)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-29] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [QHSafeTray] => C:\Program Files (x86)\360\Total Security\safemon\QHSafeTray.exe [1208944 2015-03-25] ()
HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\E\...\Run: [Skype] => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
HKU\E\...\Run: [Speech Recognition] => C:\windows\Speech\Common\sapisvr.exe [44544 2009-07-13] (Microsoft Corporation)
HKU\E\...\Run: [myscriptstylus.exe] => C:\Program Files (x86)\Vision Objects\Bamboo Scribe\BambooScribe.exe [2412544 2011-07-31] ()
HKU\E\...\Run: [BambooScribe.exe] => C:\Program Files (x86)\Vision Objects\Bamboo Scribe\BambooScribe.exe [2412544 2011-07-31] ()
HKU\The Doctor\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\The Doctor\...\Run: [GoogleChromeAutoLaunch_FBDC7DEF3C046F69E9BF647FD6BD4F3A] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [843592 2015-01-26] (Google Inc.)
AppInit_DLLs-x32: c:\progra~2\browse~1\sprote~1.dll => "c:\progra~2\browse~1\sprote~1.dll" File Not Found
Startup: C:\Users\E\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 1510 series.lnk [2014-07-26]
ShortcutTarget: Monitor Ink Alerts - HP Deskjet 1510 series.lnk -> C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-08-09] (Advanced Micro Devices, Inc.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2714800 2015-03-19] (Microsoft Corporation)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [7618952 2014-12-08] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265304 2014-12-08] (COMODO)
S4 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [469136 2012-07-17] ()
S2 QHActiveDefense; C:\Program Files (x86)\360\Total Security\safemon\QHActiveDefense.exe [821872 2015-03-25] ()
S2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-25] (Safer Networking Ltd.)
S2 SwiCardDetectSvc; C:\Program Files (x86)\Sierra Wireless Inc\Common\SwiCardDetect64.exe [308080 2010-09-01] (Sierra Wireless, Inc.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
S2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S1 360AntiHacker; C:\Windows\System32\Drivers\360AntiHacker64.sys [100424 2015-01-22] (360.cn)
S3 360AvFlt; C:\Windows\System32\DRIVERS\360AvFlt.sys [77896 2015-03-09] (360.cn)
S1 360Box64; C:\Windows\System32\DRIVERS\360Box64.sys [305736 2015-03-09] (360.cn)
S1 360Camera; C:\Windows\System32\Drivers\360Camera64.sys [40520 2015-01-22] (360.cn)
S1 360FsFlt; C:\Windows\System32\DRIVERS\360FsFlt.sys [314448 2015-01-22] (Qihu 360 Software Co., Ltd.)
S1 BAPIDRV; C:\Windows\System32\DRIVERS\BAPIDRV64.sys [180816 2015-01-22] (Qihu 360 Software Co., Ltd.)
S1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20184 2014-12-08] (COMODO)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [792648 2014-12-08] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [45880 2014-12-08] (COMODO)
S3 ewusbnet; C:\Windows\System32\DRIVERS\ewusbnet.sys [135168 2009-12-08] (Huawei Technologies Co., Ltd.)
S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-22] (ThreatTrack Security)
S0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-04-12] (GFI Software)
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [104608 2014-12-08] (COMODO)
S3 swiwdmbus; C:\Windows\System32\DRIVERS\swiwdmbusx64.sys [102656 2010-06-20] (Sierra Wireless Inc.)
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [240640 2010-06-20] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [210944 2010-06-20] (Sierra Wireless Inc.)
S3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [228224 2010-10-21] (Vimicro Corporation)
S3 vmuvcflt; C:\Windows\System32\Drivers\vmuvcflt.sys [8320 2010-08-16] (Vimicro Corporation)
S3 BcmSqlStartupSvc; No ImagePath
S2 CLKMSVC10_3A60B698; No ImagePath
S2 CLKMSVC10_C3B3B687; No ImagePath
S2 DriverService; No ImagePath
S2 IAStorDataMgrSvc; No ImagePath
S2 iATAgentService; No ImagePath
S2 idealife Update Service; No ImagePath
S3 IGRS; No ImagePath
S2 IviRegMgr; No ImagePath
S2 nvUpdatusService; No ImagePath
S2 Oasis2Service; No ImagePath
S2 PCCarerService; No ImagePath
S2 ReadyComm.DirectRouter; No ImagePath
S2 RichVideo; No ImagePath
S2 RtLedService; No ImagePath
S2 SoftwareService; No ImagePath
S3 SQLWriter; No ImagePath
S2 Stereo Service; No ImagePath
 
========================== Drivers MD5 =======================
 
C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\360AntiHacker64.sys 15FE196A71357AC9FF6E5A4B360BDB20
C:\Windows\System32\DRIVERS\360AvFlt.sys 0AABA03736666B85AC37C01467E89578
C:\Windows\System32\DRIVERS\360Box64.sys A583F4DAAA4DB87BF92FD033966ABC4B
C:\Windows\System32\Drivers\360Camera64.sys D31541708A595BCA380105D44C2C2AD5
C:\Windows\System32\DRIVERS\360FsFlt.sys 6D7BFD4C4EC63F417499152A4F7F810B
C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AcpiVpc.sys 5BBFF8B826EC38D32C26334E079C7EFC
C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys 314C17917AC8523EC77A710215012A65
C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atikmdag.sys 03965795805E359D7AD9F02415478984
C:\Windows\System32\DRIVERS\atikmpag.sys EBE165070375C15F0E239DF24ADC6650
C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:\Windows\System32\DRIVERS\amd_sata.sys 08E8A4172C57ABD7693A6915CF1E7A99
C:\Windows\System32\DRIVERS\amd_xata.sys 9866AF4E4AD7F16E810B6C0B8473F9CD
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\BAPIDRV64.sys F29557E06773B97D36341B4ADC7EF472
C:\Windows\System32\DRIVERS\bcmwl664.sys B5D54119CE0BB77872C33A717CB76386
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
C:\Windows\System32\drivers\BPntDrv.sys AAA4F992F879977A000FE8B8C730CD2C
C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\clwvd.sys 50F92C943F18B070F166D019DFAB3D9A
C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cmderd.sys A337FA59FFA4786E4603CC8A440BBB49
C:\Windows\System32\DRIVERS\cmdguard.sys C49B3C7F469C6F1AEAE90653D340B9FA
C:\Windows\System32\DRIVERS\cmdhlp.sys 85FD7C0057DEA753A93FDC783119541B
C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys AAFCB52FE0037207FB6FBEA070D25EFE
C:\Windows\System32\drivers\CHDRT64.sys A260BE645DD096D90318C8CF98536720
C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys ==> MD5 is legit
C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit
C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbnet.sys 3C8C0BF484CABF90565704F394550F6E
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\drivers\fbfmon.sys 3191ACA33088EE2481044FC0DB736442
C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:\Windows\System32\DRIVERS\fvevol.sys ==> MD5 is legit
C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
C:\Windows\System32\drivers\gfiark.sys 4EA5458FCA8518344686C543749365B1
C:\Windows\System32\drivers\gfibto.sys 14908F4F9005C29DE8F5587E271390EE
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidkmdf.sys D42E350C3F5B9DDCE7BDDB109B413109
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ewusbmdm.sys D969D0E26C5B1E813B17066A8318D5D4
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\inspect.sys 6BC36E24396DB59AF5BF6F872F298435
C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:\Windows\System32\Drivers\ksecpkg.sys 7EFB9333E4ECCE6AE4AE9D777D9E553E
C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\L1C62x64.sys 32980B4E711D2EF7128C44DC2CF85706
C:\Windows\System32\DRIVERS\LhdX64.sys BE166935083F9C38EDFDC21B9A7A679B
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\System32\drivers\massfilter.sys F093EF8279734393B0A134FB55C5657D
C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys E453ACF4E7D44E5530B5D5F2B9CA8563
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\System32\Drivers\PxHlpa64.sys 87B04878A6D59D6C79251DC960C674C1
C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdpdispm.sys BDF2DB2F19945AFAF102A2C03062EFB1
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RtsUVStor.sys 89DFB71B370D82DFE75183F677043CEE
C:\Windows\System32\DRIVERS\Rt64win7.sys BAEFEE35D27A5440D35092CE10267BEC
C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\swiwdmbusx64.sys C89FFA6A0B7723F2FB72A734934A4425
C:\Windows\System32\DRIVERS\swnc8ua3.sys EE03EF452EE06ED2539E2F80959144AF
C:\Windows\System32\DRIVERS\swumxa3.sys F6CEB2FF475265197D4407E87FF68701
C:\Windows\System32\DRIVERS\SynTP.sys B3AD15FA10EBEAFC1275F34050E4E230
C:\Windows\System32\drivers\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\DRIVERS\tcpip.sys 40AF23633D197905F03AB5628C558C51
C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07
C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys 82E8F44688E6FAC57B5B7C6FC7ADBC2A
C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:\Windows\System32\DRIVERS\usbfilter.sys 76E2FFAD301490BA27B947C6507752FB
C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:\Windows\System32\DRIVERS\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\vm331avs.sys B977390908F5FC42B66E74D1E96843E6
C:\Windows\System32\Drivers\vmuvcflt.sys 40C39413A2458016FF43444750F467CA
C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wachidrouter.sys A212A4F5D2BB731F9CC6E2C546A0B464
C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wacomrouterfilter.sys E722E0C28881186D1B7E09A66C4D4DA5
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WsAudio_DeviceS(1).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\drivers\WsAudio_DeviceS(2).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\drivers\WsAudio_DeviceS(3).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\drivers\WsAudio_DeviceS(4).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\drivers\WsAudio_DeviceS(5).sys AD12F5C7251BB8D575D560894E73CBBA
C:\Windows\System32\DRIVERS\wsvd.sys 83575C43B2BFE9AB0661A7F957E843C0
C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
C:\Windows\System32\DRIVERS\xnacc.sys 4A5CE13408945E525503B5F73D29B9C5
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-25 20:04 - 2015-04-25 16:09 - 01249636 _____ () C:\Windows\SysWOW64\bootcat.cache
2015-04-25 19:56 - 2015-04-25 19:56 - 00000000 _____ () C:\sfcdetails.txt
2015-04-25 19:07 - 2009-07-13 17:15 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gacinstall.dll
2015-04-25 12:41 - 2015-04-25 17:55 - 00000572 _____ () C:\Windows\System32\winpeshl.log
2015-04-25 12:41 - 2009-07-13 19:40 - 02359352 _____ () C:\Windows\System32\setup.bmp
2015-04-25 12:41 - 2009-07-13 19:14 - 00705024 _____ (Microsoft Corporation) C:\Windows\System32\WdsImage.dll
2015-04-25 12:41 - 2009-07-13 19:14 - 00541184 _____ (Microsoft Corporation) C:\Windows\System32\wdscapture.exe
2015-04-25 12:41 - 2009-07-13 19:14 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\wdstptc.dll
2015-04-25 12:41 - 2009-07-13 19:14 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\wdscsl.dll
2015-04-25 12:41 - 2009-07-13 19:01 - 00242176 _____ (Microsoft Corporation) C:\Windows\System32\vmicsvc.exe
2015-04-25 12:41 - 2009-07-13 19:01 - 00130048 _____ (Microsoft Corporation) C:\Windows\System32\VmbusCoinstaller.dll
2015-04-25 12:41 - 2009-07-13 19:01 - 00129024 _____ (Microsoft Corporation) C:\Windows\System32\VmdCoinstall.dll
2015-04-25 12:41 - 2009-07-13 19:01 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\vmicres.dll
2015-04-25 12:41 - 2009-07-13 19:01 - 00051712 _____ (Microsoft Corporation) C:\Windows\System32\vmictimeprovider.dll
2015-04-25 12:41 - 2009-07-13 19:01 - 00044544 _____ (Microsoft Corporation) C:\Windows\System32\vmbusres.dll
2015-04-25 12:41 - 2009-07-13 19:01 - 00037888 _____ (Microsoft Corporation) C:\Windows\System32\vmstorfltres.dll
2015-04-25 12:41 - 2009-07-13 19:01 - 00015360 _____ (Microsoft Corporation) C:\Windows\System32\vmbuspipe.dll
2015-04-25 12:41 - 2009-07-13 17:41 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\wpeutil.dll
2015-04-25 12:41 - 2009-07-13 17:41 - 00014848 _____ (Microsoft Corporation) C:\Windows\System32\sacsvr.dll
2015-04-25 12:41 - 2009-07-13 17:39 - 00571392 _____ (Microsoft Corporation) C:\Windows\System32\winpeshl.exe
2015-04-25 12:41 - 2009-07-13 17:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\System32\sacsess.exe
2015-04-25 12:41 - 2009-07-13 17:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\System32\wpeinit.exe
2015-04-25 12:41 - 2009-07-13 17:39 - 00010240 _____ (Microsoft Corporation) C:\Windows\System32\wpeutil.exe
2015-04-25 12:41 - 2009-07-13 17:00 - 00090112 _____ () C:\Windows\System32\schema.dat
2015-04-25 12:41 - 2009-06-10 13:06 - 02359352 _____ () C:\Windows\System32\winpe.bmp
2015-04-25 12:41 - 2009-06-10 13:06 - 00000009 _____ () C:\Windows\System32\startnet.cmd
2015-04-25 12:41 - 2009-06-10 12:09 - 00000053 _____ () C:\Windows\System32\winpeshl.ini
2015-04-25 12:40 - 2009-07-13 19:13 - 00434176 _____ (Microsoft Corporation) C:\Windows\System32\bmrui.exe
2015-04-25 12:40 - 2009-07-13 19:13 - 00365056 _____ (Microsoft Corporation) C:\Windows\System32\BootRec.exe
2015-04-25 12:40 - 2009-07-13 19:01 - 00128512 _____ (Microsoft Corporation) C:\Windows\System32\IcCoinstall.dll
2015-04-25 12:40 - 2009-07-13 17:40 - 00574464 _____ (Microsoft Corporation) C:\Windows\System32\fvewiz.dll
2015-04-25 12:40 - 2009-07-13 17:40 - 00183808 _____ (Microsoft Corporation) C:\Windows\System32\fvecpl.dll
2015-04-25 12:40 - 2009-07-13 17:40 - 00015360 _____ (Microsoft Corporation) C:\Windows\System32\fbwflib.dll
2015-04-25 12:40 - 2009-07-13 17:39 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\drvload.exe
2015-04-25 12:40 - 2009-07-13 17:38 - 00112640 _____ (Microsoft Corporation) C:\Windows\System32\bootsect.exe
2015-04-25 12:40 - 2009-07-13 17:38 - 00100352 _____ (Microsoft Corporation) C:\Windows\System32\BitLockerWizardElev.exe
2015-04-25 12:40 - 2009-07-13 17:38 - 00100352 _____ (Microsoft Corporation) C:\Windows\System32\BitLockerWizard.exe
2015-04-25 12:40 - 2009-06-10 13:03 - 00000808 _____ () C:\Windows\System32\onlinedeploy.cmd
2015-04-25 11:05 - 2015-04-25 20:34 - 00000000 ____D () C:\FRST
2015-04-24 21:45 - 2015-04-24 22:37 - 01740160 _____ (Microsoft Corporation) C:\Windows\System32\ntdll (3).dll
2015-04-24 21:18 - 2015-04-24 21:19 - 00268808 _____ () C:\Windows\Minidump\042515-65863-01.dmp
2015-04-22 13:19 - 2010-11-20 19:23 - 00383786 __RSH () C:\bootmgr
2015-04-22 12:13 - 2015-04-22 12:13 - 00012288 _____ () C:\bcdbackup
2015-04-22 12:13 - 2015-04-22 12:13 - 00009216 ___SH () C:\bcdbackup.LOG
2015-04-17 15:10 - 2015-04-17 15:10 - 00000000 ____D () C:\Windows\System32\config\mybackup
 
2015-04-07 00:28 - 2015-04-07 00:28 - 00127216 _____ () C:\Users\E\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-06 19:53 - 2015-04-06 20:28 - 00000000 ___HT () C:\Windows\wusa.lock
2015-04-06 15:24 - 2015-04-06 15:24 - 00264614 _____ () C:\Windows\msxml4-KB2758694-chs.LOG
2015-03-30 00:17 - 2015-03-30 00:17 - 00031205 _____ () C:\Users\E\AppData\Local\recently-used.xbel
2015-03-29 14:44 - 2015-03-29 14:44 - 00259491 _____ () C:\Users\E\Documents\graphics tablet tree.xcf
2015-03-26 03:19 - 2015-03-26 03:19 - 00000778 _____ () C:\Users\Public\egd.txt
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-25 20:26 - 2012-07-03 03:00 - 00000000 ____D () C:\users\E
2015-04-25 19:29 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system
2015-04-25 17:55 - 2015-01-29 12:16 - 00076760 _____ () C:\Windows\System32\FNTCACHE.DAT
2015-04-25 16:37 - 2014-03-20 17:53 - 01740160 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2015-04-24 22:18 - 2012-01-18 08:24 - 01898135 _____ () C:\Windows\WindowsUpdate.log
2015-04-24 22:15 - 2009-07-13 20:45 - 00021072 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-24 22:15 - 2009-07-13 20:45 - 00021072 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-24 22:09 - 2012-01-18 09:30 - 00155787 _____ () C:\Windows\System32\fastboot.set
2015-04-24 22:08 - 2012-06-17 14:30 - 22410039 _____ () C:\Windows\System32\PsBoot.log
2015-04-24 22:08 - 2012-06-17 14:30 - 00000000 _____ () C:\Windows\System32\defragLog.log
2015-04-24 22:08 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-24 22:08 - 2009-07-13 20:51 - 00126906 _____ () C:\Windows\setupact.log
2015-04-24 21:56 - 2014-09-21 04:36 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-76050236-319365056-2429183546-1002UA.job
2015-04-24 21:18 - 2014-11-16 20:52 - 173308428 _____ () C:\Windows\MEMORY.DMP
2015-04-24 21:18 - 2012-07-10 03:53 - 00000000 ____D () C:\Windows\Minidump
2015-04-24 20:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-04-24 20:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\inetsrv
2015-04-24 19:51 - 2009-07-13 21:08 - 00032620 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-24 19:32 - 2009-07-13 20:45 - 00021504 _____ () C:\Windows\System32\umstartup.etl
2015-04-24 19:28 - 2012-08-27 03:46 - 00000000 ____D () C:\Users\E\.gimp-2.8
2015-04-22 12:19 - 2009-07-13 21:38 - 00029696 ___SH () C:\Windows\System32\config\BCD-Template.LOG
2015-04-22 12:19 - 2009-07-13 21:32 - 00032768 _____ () C:\Windows\System32\config\BCD-Template
2015-04-22 12:00 - 2014-11-17 04:20 - 00000000 ____D () C:\TEMP
2015-04-19 12:33 - 2014-02-14 15:23 - 00000000 ____D () C:\users\The Doctor
2015-04-19 12:33 - 2013-02-11 20:12 - 00000000 ____D () C:\users\zz
2015-04-19 12:33 - 2013-02-09 00:17 - 00000000 ____D () C:\users\Guest
2015-04-19 12:33 - 2013-01-29 17:36 - 00000000 ____D () C:\users\buy
2015-04-19 12:33 - 2013-01-25 23:24 - 00000000 ____D () C:\users\respond
2015-04-19 12:33 - 2012-06-14 21:15 - 00000000 ____D () C:\users\Sha
2015-04-19 12:33 - 2011-09-28 19:37 - 00000000 ____D () C:\Windows\ShellNew
2015-04-19 12:33 - 2011-09-28 19:37 - 00000000 ____D () C:\Program Files\Windows Journal
2015-04-19 12:33 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-04-19 12:33 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-04-19 12:33 - 2009-07-13 19:20 - 00000000 __RSD () C:\Windows\Media
2015-04-19 12:33 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-19 12:32 - 2015-01-28 17:41 - 00000000 ____D () C:\Windows\Tasks\360Disabled
2015-04-19 12:31 - 2015-02-19 16:34 - 00000000 ____D () C:\Users\E\ftp
2015-04-19 12:31 - 2015-02-09 20:17 - 00000000 ____D () C:\Users\E\Downloads\osclass.3.5.3
2015-04-19 12:31 - 2014-12-01 15:52 - 00000000 ____D () C:\Users\E\AppData\Roaming\Blackboard
2015-04-19 12:31 - 2014-11-13 22:00 - 00000000 ____D () C:\Users\E\Downloads\Request for FEE-HELP assistance_files
2015-04-19 12:31 - 2014-10-30 03:04 - 00000000 ____D () C:\Users\E\Downloads\osclass.3.4.3
2015-04-19 12:31 - 2014-10-19 22:33 - 00000000 ____D () C:\Users\E\Downloads\E1762-Windows7-64bit-drive
2015-04-19 12:31 - 2014-09-07 19:54 - 00000000 ____D () C:\Users\E\AppData\Roaming\dvdcss
2015-04-19 12:31 - 2014-08-10 22:52 - 00000000 ____D () C:\Users\E\Desktop\Age of Empires II
2015-04-19 12:31 - 2014-08-10 22:50 - 00000000 ____D () C:\Users\E\Desktop\Plants vs. Zombies
2015-04-19 12:31 - 2014-04-18 00:03 - 00000000 ___RD () C:\Users\E\Desktop\The Hitchhikers Guide to the Galaxy
2015-04-19 12:31 - 2014-04-02 00:40 - 00000000 ____D () C:\Users\E\Documents\zoom
2015-04-19 12:31 - 2014-03-05 00:31 - 00000000 ____D () C:\Users\E\dwhelper
2015-04-19 12:31 - 2013-09-05 00:42 - 00000000 ____D () C:\Users\E\AppData\Roaming\IDM
2015-04-19 12:31 - 2013-08-31 05:20 - 00000000 ____D () C:\Users\E\AppData\Roaming\vlc
2015-04-19 12:31 - 2013-06-02 18:57 - 00000000 ____D () C:\Users\E\AppData\Roaming\Efficient Calendar Free
2015-04-19 12:31 - 2013-04-25 23:59 - 00000000 ____D () C:\Users\E\Documents\OperaPortable
2015-04-19 12:31 - 2013-01-13 20:28 - 00000000 ____D () C:\Users\E\AppData\Roaming\FreeVideoConverter
2015-04-19 12:31 - 2012-09-06 22:40 - 00000000 ____D () C:\Users\E\AppData\Roaming\FreeAudioPack
2015-04-19 12:31 - 2012-09-06 03:21 - 00000000 ____D () C:\Users\E\AppData\Roaming\Audacity
2015-04-19 12:31 - 2012-08-19 21:30 - 00000000 ____D () C:\Users\E\AppData\Local\WebPage
2015-04-19 12:31 - 2012-07-03 21:29 - 00000000 ____D () C:\Users\E\AppData\Roaming\Skype
2015-04-19 12:31 - 2012-07-03 03:00 - 00000000 ____D () C:\Users\E\AppData\Local\VirtualStore
2015-04-19 12:30 - 2012-12-26 00:59 - 00000000 ____D () C:\Users\E\AppData\Local\Downloader
2015-04-19 12:28 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2015-04-19 12:17 - 2014-04-01 14:49 - 00000000 ____D () C:\Users\E\Documents\Admin-Rows
2015-04-19 12:17 - 2014-03-29 14:48 - 00000000 ____D () C:\Users\E\Documents\Vertical-Accordion-Category-Menu-fixed
2015-04-19 12:17 - 2013-07-09 15:33 - 00000000 ____D () C:\Users\E\AppData\Roaming\Mozilla
2015-04-19 12:17 - 2013-01-06 00:28 - 00000000 ____D () C:\Users\E\AppData\Roaming\OpenCandy
2015-04-19 12:17 - 2012-07-30 19:37 - 00000000 ____D () C:\Users\E\AppData\Roaming\OpenOffice.org
2015-04-19 12:17 - 2012-07-03 03:08 - 00000000 ____D () C:\Users\E\AppData\Roaming\Macromedia
2015-04-19 12:17 - 2012-07-03 03:08 - 00000000 ____D () C:\Users\E\AppData\Roaming\Adobe
2015-04-19 12:16 - 2013-10-26 21:17 - 00000000 ____D () C:\Users\E\AppData\Local\Comodo
2015-04-19 12:16 - 2013-07-09 15:33 - 00000000 ____D () C:\Users\E\AppData\Local\Mozilla
2015-04-19 12:16 - 2012-11-06 16:20 - 00000000 ____D () C:\Users\E\AppData\Local\HP
2015-04-19 12:16 - 2012-09-07 00:39 - 00000000 ____D () C:\Users\E\AppData\Local\Microsoft Games
2015-04-19 12:16 - 2012-08-17 20:18 - 00000000 ____D () C:\Users\E\AppData\Local\CyberLink
2015-04-19 12:16 - 2012-07-03 03:06 - 00000000 ____D () C:\Users\E\AppData\Local\Google
2015-04-19 12:15 - 2014-12-01 15:47 - 00000000 ____D () C:\Users\E\AppData\Local\Blackboard
2015-04-19 12:15 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-04-08 09:33 - 2011-09-28 19:37 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-04-07 15:02 - 2015-01-28 17:36 - 00000000 _RSHD () C:\360SANDBOX
2015-04-06 23:48 - 2012-12-24 16:10 - 00000000 ____D () C:\Users\E\AppData\Local\CrashDumps
2015-04-06 20:12 - 2009-07-13 21:13 - 00938720 _____ () C:\Windows\System32\PerfStringBackup.INI
2015-04-06 17:15 - 2012-07-06 20:22 - 00001100 _____ () C:\Windows\System32\Drivers\etc\hosts.ics
2015-04-06 16:54 - 2015-01-01 18:56 - 00922662 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-06 15:24 - 2012-12-27 20:27 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-04-06 15:02 - 2015-02-19 16:19 - 00022619 _____ () C:\Windows\iis7.log
2015-04-06 14:52 - 2012-10-04 17:36 - 00003770 _____ () C:\Windows\System32\Tasks\adobe flash player updater
2015-04-06 14:52 - 2012-06-15 21:30 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-06 14:52 - 2012-06-15 21:30 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-06 03:04 - 2014-07-26 17:26 - 00000000 ____D () C:\Users\E\AppData\Roaming\HpUpdate
2015-04-05 14:55 - 2014-09-21 04:36 - 00000840 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-76050236-319365056-2429183546-1002Core.job
2015-04-03 13:41 - 2010-11-20 19:47 - 00900094 _____ () C:\Windows\PFRO.log
2015-03-30 16:06 - 2015-01-28 17:41 - 00000000 ____D () C:\Users\E\AppData\Roaming\360safe
 
Some content of TEMP:
====================
C:\Users\E\AppData\Local\Temp\APNSetup.exe
C:\Users\E\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\E\AppData\Local\Temp\ResetDevice.exe
C:\Users\Sha\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sha\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe
C:\Users\Sha\AppData\Local\Temp\KMP_3.3.0.33.exe
C:\Users\Sha\AppData\Local\Temp\KMP_3.4.0.59.exe
C:\Users\Sha\AppData\Local\Temp\KMP_3.5.0.77.exe
C:\Users\Sha\AppData\Local\Temp\MSNA508.exe
C:\Users\Sha\AppData\Local\Temp\PF7_2c0e.exe
C:\Users\Sha\AppData\Local\Temp\PF7_ee63.exe
 
 
==================== Known DLLs (Whitelisted) ================
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== Restore Points  =========================
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 16%
Total physical RAM: 3690.9 MB
Available physical RAM: 3073.32 MB
Total Pagefile: 3689.05 MB
Available Pagefile: 3076.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:421.81 GB) (Free:242 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:29 GB) (Free:15.42 GB) NTFS
Drive g: (REPAIR_DISC) (Fixed) (Total:7.44 GB) (Free:7.1 GB) FAT32 ==>[System with boot components (obtained from reading drive)]
Drive h: (USB DISK) (Removable) (Total:3.74 GB) (Free:3.46 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: () (Fixed) (Total:0.2 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: DB234265)
Partition 1: (Active) - (Size=200 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=421.8 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=29 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=14.8 GB) - (Type=12)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: 77E4ACD4)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)
 
========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 3.7 GB) (Disk ID: C3072E18)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
 
 
LastRegBack: 2015-04-03 17:01
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,769 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:27 AM

Posted 30 April 2015 - 07:15 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/574353 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 milly22

milly22
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:11:27 PM

Posted 30 April 2015 - 07:25 AM

As per original post, have run frst64 and posted result.



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:27 AM

Posted 01 May 2015 - 09:42 AM

Greetings milly22 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far.

Though your efforts were well intended I fear that matters were made worse. I can't guarantee anything but let's see what we can do. Can you tell me when this issue first started?

Do you have access to a full Windows 7 Home Premium 64 bit Installation disk?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:27 AM

Posted 04 May 2015 - 08:17 PM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:27 AM

Posted 06 May 2015 - 09:39 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:27 AM

Posted 07 May 2015 - 08:39 AM

This topic has been re-opened at the request of the person who originally posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:27 AM

Posted 07 May 2015 - 08:53 AM

Hi Karen,

Let's do this first.

===================================================

Farbar's Recovery Scan Tool - Run Fix

--------------------
  • From a clean computer press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it on the flashdrive as fixlist.txt
LastRegBack: 2015-04-03 17:01
  • Insert the USB device into your infected computer
  • Enter the System Recovery Options (press F8 during boot up), select Repair Your Computer, then select Command Prompt.
  • Run FRST as you did the first time and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the flashdrive (Fixlog.txt). Copy and paste that information in your reply.
  • Please attempt to boot your computer into Normal Mode or, if not, Safe Mode
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Are you able to boot?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:27 AM

Posted 11 May 2015 - 07:34 AM

Greetings,

===================================================

3 Day Bump

It has been more than 3 days since my last post.
  • Do you still need help with this?
  • If after 48hrs you have not replied to this thread then it will have to be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:27 AM

Posted 13 May 2015 - 12:30 PM

Hi Karen,

Although I re-opened the Topic at your request we still need to make some progress in a reasonable amount of time. If you are unable to work on this now please let me know.

Thanks.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,147 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:04:27 AM

Posted 15 May 2015 - 07:50 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users