PCEU virus (Fabar file)

Discussion in 'Malware Help (A Specialist Will Reply)' started by theelmani, May 18, 2013.

  1. theelmani

    theelmani Private E-2

    Hi there.
    I've got the PCEU virus (which I've had before) but this time I can't use safe mode as it just reboots. I've run Fabar and have attached the results - can anyone help!??!?!?!? please....


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-05-2013
    Ran by SYSTEM on 18-05-2013 23:51:58
    Running from I:\
    Windows 7 Home Premium (X64) OS Language: English(US)
    Internet Explorer Version 9
    Boot Mode: Recovery
    The current controlset is ControlSet001
    ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

    ==================== Registry (Whitelisted) ==================

    HKLM-x32\...\Winlogon: [Shell] [x ] ()
    HKLM-x32\...\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [642216 2012-08-06] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [AgentMonitor] C:\Program Files (x86)\VTech\DownloadManager\System\AgentMonitor.exe [377800 2012-11-05] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
    HKLM-x32\...\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe [105120 2012-08-21] (PC Tools)
    HKLM-x32\...\Run: [PrivitizeVPN] C:\Program Files (x86)\PrivitizeVPN\PrivitizeVPN.exe /autorun [196784 2013-05-18] (OOO Industry)
    HKU\elmani\...\Run: [AdobeBridge] [x]
    HKU\elmani\...\Run: [Google Update] "C:\Users\elmani\AppData\Local\Google\Update\GoogleUpdate.exe" /c [116648 2012-09-21] (Google Inc.)
    HKU\elmani\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\elmani\Documents\220d7456.exe [27136 2013-05-18] ()
    HKU\elmani\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION
    AppInit_DLLs: [0 ] ()

    ==================== Services (Whitelisted) =================

    S2 HsdService; C:\Program Files (x86)\Virgin Media\Digital Home Support\HsdService.exe [1406264 2011-03-23] (Virgin Media)
    S2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\20.3.1.22\diMaster.dll [554288 2013-03-29] (Symantec Corporation)
    S2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\diMaster.dll [554288 2013-03-29] (Symantec Corporation)
    S2 PCToolsSSDMonitorSvc; C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [794272 2012-08-21] (PC Tools)
    S2 ServicepointService; C:\Program Files (x86)\Virgin Media\Service Manager\ServicepointService.exe [689464 2011-03-25] (Radialpoint Inc.)
    S2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [149904 2009-12-14] (Microsoft ® Corporation)
    S3 DMService; C:\Windows\Downloaded Program Files\DM.0\DMService.exe [x]

    ==================== Drivers (Whitelisted) ====================

    S1 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\BASHDefs\20130502.001\BHDrvx64.sys [1390680 2013-04-12] (Symantec Corporation)
    S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484512 2013-04-30] (Symantec Corporation)
    S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [138912 2013-04-30] (Symantec Corporation)
    S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
    S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32000 2013-04-29] ()
    S1 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\IPSDefs\20130517.001\IDSvia64.sys [513184 2013-05-02] (Symantec Corporation)
    S3 lgmdbus; C:\Windows\System32\DRIVERS\lgmdbus.sys [115200 2008-07-08] (MCCI Corporation)
    S3 lgmdmdfl; C:\Windows\System32\DRIVERS\lgmdmdfl.sys [18944 2008-07-08] (MCCI Corporation)
    S3 lgmdmdm; C:\Windows\System32\DRIVERS\lgmdmdm.sys [158720 2008-07-08] (MCCI Corporation)
    S3 lgmdmgmt; C:\Windows\System32\DRIVERS\lgmdmgmt.sys [137216 2008-07-08] (MCCI Corporation)
    S3 lgmdobex; C:\Windows\System32\DRIVERS\lgmdobex.sys [136704 2008-07-08] (MCCI Corporation)
    S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [8192 2005-03-28] ()
    S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130517.025\ENG64.SYS [126192 2013-04-30] (Symantec Corporation)
    S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130517.025\EX64.SYS [2087664 2013-04-30] (Symantec Corporation)
    S3 PSSDKLBF; C:\Windows\system32\Drivers\pssdklbf.sys [65600 2012-12-26] (microOLAP Technologies LTD)
    S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-05-01] (Symantec Corporation)
    S1 A2DDA; \??\C:\Users\elmani\AppData\Local\Temp\Rar$EX09.047\Run\a2ddax64.sys [x]
    S1 ccSet_NAV; \SystemRoot\system32\drivers\NAVx64\1403010.016\ccSetx64.sys [x]
    S1 ccSet_NST; \SystemRoot\system32\drivers\NSTx64\7DD03030.013\ccSetx64.sys [x]
    S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [x]
    S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [x]
    S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [x]
    S1 SRTSP; \SystemRoot\System32\Drivers\NAVx64\1403010.016\SRTSP64.SYS [x]
    S1 SRTSPX; \SystemRoot\system32\drivers\NAVx64\1403010.016\SRTSPX64.SYS [x]
    S0 SymDS; system32\drivers\NAVx64\1403010.016\SYMDS64.SYS [x]
    S0 SymEFA; system32\drivers\NAVx64\1403010.016\SYMEFA64.SYS [x]
    S1 SymIRON; \SystemRoot\system32\drivers\NAVx64\1403010.016\Ironx64.SYS [x]
    S1 SymNetS; \SystemRoot\System32\Drivers\NAVx64\1403010.016\SYMNETS.SYS [x]

    ========================== Drivers MD5 =======================

    C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
    C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
    C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
    C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
    C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4
    C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\atikmdag.sys 322E5C178990F116F00E3D923F4E6B1C
    C:\Windows\System32\DRIVERS\atikmpag.sys 961A81A84FDD700E361E8294528A37BA
    C:\Windows\System32\DRIVERS\amdppm.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
    C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
    C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
    C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
    C:\Windows\System32\drivers\AtihdW76.sys B0790FF0E25B7A2674296052F2162C1A
    C:\Windows\System32\DRIVERS\atikmdag.sys 322E5C178990F116F00E3D923F4E6B1C
    C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\BASHDefs\20130502.001\BHDrvx64.sys 7B56A40EAAACF1867FF178501D3EA185
    C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
    C:\Windows\System32\CLFS.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\cng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
    C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
    C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
    C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
    C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 4353FF94D47A0A9D52B89ECCF0CDB013
    C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
    C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys C5BCCB378D0A896304A3E71BE7215983
    C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
    C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys DF96C3CD6AE15F6D0A6BCB70F9C1E88D
    C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
    C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
    C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
    C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
    C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
    C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
    C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hitmanpro37.sys 6B415E7AE774B9118360F559F627468E
    C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
    C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
    C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\IPSDefs\20130517.001\IDSvia64.sys A48928D4CCA6F8B731989DB08CF2C0AB
    C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\intelppm.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
    C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
    C:\Windows\System32\Drivers\ksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
    C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\lgmdbus.sys 678CB7B4D20D700E075B3B1054737008
    C:\Windows\System32\DRIVERS\lgmdmdfl.sys 620E7EDF1D6C5F882C4C7FCB13F0D45C
    C:\Windows\System32\DRIVERS\lgmdmdm.sys BAAC03B6E2016B5A16977E7571411302
    C:\Windows\System32\DRIVERS\lgmdmgmt.sys 33CEC7F1FC47B05FAB306E88A2B68883
    C:\Windows\System32\DRIVERS\lgmdobex.sys 9D2C14824A059EAD09809D359A4E9A04
    C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
    C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
    C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
    C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
    C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ASACPI.sys 03B7145C889603537E9FFEABB1AD1089
    C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130517.025\ENG64.SYS 88A2F45CE66B904285978D6BB13AFEB2
    C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_20.3.1.22\Definitions\VirusDefs\20130517.025\EX64.SYS D2A545DA3A90BBFA40E020C23F1B7A48
    C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
    C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
    C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040
    C:\Windows\System32\DRIVERS\nvlddmkm.sys DD81FBC57AB9134CDDC5CE90880BFD80
    C:\Windows\System32\DRIVERS\nvmf6264.sys 0AD267A4674805B61A5D7B911D2A978A
    C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
    C:\Windows\System32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
    C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\parport.sys ==> MD5 is legit
    C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
    C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pciide.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
    C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
    C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\pssdk42.sys CD33CB6FECF65520466F95AB89CC4AF5
    C:\Windows\system32\Drivers\pssdklbf.sys 07A3500CF1C3325568D1B85683CE4517
    C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\rdpbus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
    C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
    C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
    C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
    C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
    C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\SYMEVENT64x86.SYS F5D6D3B7468C46EA2DDC1D19D2A6DA0F
    C:\Windows\System32\drivers\tcpip.sys B62A953F2BF3922C8764A29C34A22899
    C:\Windows\System32\DRIVERS\tcpip.sys B62A953F2BF3922C8764A29C34A22899
    C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
    C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
    C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tssecsrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\usbaapl64.sys 43228F8EDD1B0BCDD3145AD246E63D39
    C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
    C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
    C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
    C:\Windows\System32\DRIVERS\usbohci.sys 9840FC418B4CBD632D3D0A667A725C31
    C:\Windows\system32\DRIVERS\usbprint.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
    C:\Windows\system32\drivers\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
    C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
    C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wacommousefilter.sys E04D43C7D1641E95D35CAE6086C7E350
    C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wacomvhid.sys EC1CEB237E365330C1FCFC4876AA0AC0
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
    C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
    C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
    C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
    C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
    C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659

    ==================== NetSvcs (Whitelisted) ===================


    ==================== One Month Created Files and Folders ========

    2013-05-18 23:45 - 2013-05-18 23:45 - 00000000 ____D C:\FRST
    2013-05-18 12:37 - 2013-05-18 12:37 - 00116777 ____A C:\ProgramData\2433f433
    2013-05-18 12:37 - 2013-05-18 12:37 - 00116773 ____A C:\Users\elmani\AppData\Roaming\2433f433
    2013-05-18 12:37 - 2013-05-18 12:37 - 00116719 ____A C:\Users\elmani\AppData\Local\2433f433
    2013-05-18 12:37 - 2013-05-18 12:37 - 00027136 ____A C:\Users\elmani\Documents\220d7456.exe
    2013-05-18 11:36 - 2013-05-18 11:36 - 00000000 ____D C:\Users\elmani\Downloads\Amy
    2013-05-18 11:35 - 2013-05-18 11:35 - 00012094 ____A C:\Users\elmani\Downloads\Amy.torrent
    2013-05-18 11:34 - 2013-05-18 11:43 - 00000000 ____D C:\Users\elmani\Downloads\Wreck-It.Ralph.2012.DVDRip.XviD-RiPS
    2013-05-18 11:34 - 2013-05-18 11:34 - 00031114 ____A C:\Users\elmani\Downloads\Wreck-It.Ralph.2012.DVDRip.XviD-RiPS.torrent
    2013-05-18 07:18 - 2013-05-18 07:18 - 00000541 ____A C:\Windows\KB893803v2.log
    2013-05-18 07:18 - 2013-05-18 07:18 - 00000000 ____D C:\Users\elmani\AppData\Local\Nik Software
    2013-05-18 07:18 - 2013-05-18 07:18 - 00000000 ____D C:\ProgramData\Nik Software
    2013-05-18 07:18 - 2013-05-18 07:18 - 00000000 ____D C:\Program Files\Nik Software
    2013-05-18 07:13 - 2013-05-18 07:14 - 34331427 ___RA C:\Users\elmani\Downloads\Nik Software - Silver Efex Pro 2 v2.000 By Cool Release.rar
    2013-05-18 07:10 - 2013-05-18 07:10 - 00000000 ____D C:\Program Files (x86)\PrivitizeVPN
    2013-05-15 14:07 - 2013-05-05 13:36 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-15 14:07 - 2013-05-05 13:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-05-15 14:07 - 2013-05-05 11:25 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-15 14:07 - 2013-05-05 11:12 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-05-15 14:04 - 2013-04-04 17:19 - 10926080 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
    2013-05-15 14:04 - 2013-04-04 17:08 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
    2013-05-15 14:04 - 2013-04-04 17:01 - 01346560 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
    2013-05-15 14:04 - 2013-04-04 17:00 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
    2013-05-15 14:04 - 2013-04-04 16:59 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
    2013-05-15 14:04 - 2013-04-04 16:58 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
    2013-05-15 14:04 - 2013-04-04 16:57 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
    2013-05-15 14:04 - 2013-04-04 16:56 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
    2013-05-15 14:04 - 2013-04-04 16:55 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
    2013-05-15 14:04 - 2013-04-04 16:55 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
    2013-05-15 14:04 - 2013-04-04 16:54 - 02147840 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
    2013-05-15 14:04 - 2013-04-04 16:54 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
    2013-05-15 14:04 - 2013-04-04 16:51 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
    2013-05-15 14:04 - 2013-04-04 16:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
    2013-05-15 14:04 - 2013-04-04 14:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2013-05-15 14:04 - 2013-04-04 14:09 - 09738752 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2013-05-15 14:04 - 2013-04-04 14:02 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2013-05-15 14:04 - 2013-04-04 14:02 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2013-05-15 14:04 - 2013-04-04 14:02 - 01104384 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2013-05-15 14:04 - 2013-04-04 14:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2013-05-15 14:04 - 2013-04-04 13:59 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2013-05-15 14:04 - 2013-04-04 13:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2013-05-15 14:04 - 2013-04-04 13:58 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2013-05-15 14:04 - 2013-04-04 13:57 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2013-05-15 14:04 - 2013-04-04 13:56 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2013-05-15 14:04 - 2013-04-04 13:55 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2013-05-15 14:04 - 2013-04-04 13:54 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2013-05-15 14:04 - 2013-04-04 13:50 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2013-05-15 13:18 - 2013-05-15 13:19 - 103251696 ____A C:\Users\elmani\Downloads\nikcollection-1.0.0.7.exe
    2013-05-15 12:28 - 2013-04-09 22:01 - 00983400 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
    2013-05-15 12:28 - 2013-04-09 22:01 - 00265064 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
    2013-05-15 12:28 - 2013-04-09 19:30 - 03153920 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
    2013-05-15 12:28 - 2013-03-18 21:53 - 00230400 ____A (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
    2013-05-15 12:28 - 2013-03-18 21:53 - 00048640 ____A (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
    2013-05-15 12:28 - 2013-02-26 22:02 - 00111448 ____A (Microsoft Corporation) C:\Windows\System32\consent.exe
    2013-05-15 12:28 - 2013-02-26 21:52 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
    2013-05-15 12:28 - 2013-02-26 21:52 - 00197120 ____A (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
    2013-05-15 12:28 - 2013-02-26 21:48 - 01930752 ____A (Microsoft Corporation) C:\Windows\System32\authui.dll
    2013-05-15 12:28 - 2013-02-26 21:47 - 00070144 ____A (Microsoft Corporation) C:\Windows\System32\appinfo.dll
    2013-05-15 12:28 - 2013-02-26 20:55 - 12872704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2013-05-15 12:28 - 2013-02-26 20:55 - 00180224 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2013-05-15 12:28 - 2013-02-26 20:49 - 01796096 ____A (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2013-05-15 12:28 - 2011-02-03 03:25 - 00144384 ____A (Microsoft Corporation) C:\Windows\System32\cdd.dll
    2013-05-14 12:28 - 2013-05-14 12:28 - 00000000 ____D C:\Program Files (x86)\GUM59E5.tmp
    2013-05-12 02:39 - 2013-05-18 12:16 - 00000000 ____D C:\Users\elmani\Documents\My Collages
    2013-05-12 00:22 - 2013-05-12 00:22 - 00000000 ____D C:\Users\elmani\AppData\Roaming\Mozilla
    2013-05-11 04:48 - 2013-05-11 04:48 - 00000000 ____D C:\Users\elmani\AppData\Local\Software
    2013-05-11 04:48 - 2013-05-11 04:48 - 00000000 ____D C:\Users\elmani\AppData\Local\NikLicenseFiles
    2013-05-11 04:44 - 2013-05-11 04:44 - 00000000 ____D C:\Program Files (x86)\GUM26AF.tmp
    2013-05-11 04:43 - 2013-05-11 04:43 - 00000000 ____D C:\Users\Public\Documents\Digital Anarchy
    2013-05-11 04:38 - 2013-05-11 04:39 - 16379071 ___RA C:\Users\elmani\Downloads\Photoshop Plugin - ToonIt v 2.6.3.rar
    2013-05-10 13:14 - 2013-05-10 13:16 - 00000000 ____D C:\ProgramData\Totally Rad
    2013-05-10 13:14 - 2013-05-10 13:14 - 00000000 ____D C:\Program Files (x86)\Totally Rad
    2013-05-10 13:14 - 2012-07-30 04:17 - 02463232 ____A C:\Windows\System32\QtNetworkTR4.dll
    2013-05-10 13:14 - 2012-07-30 04:16 - 09851392 ____A C:\Windows\System32\QtGuiTR4.dll
    2013-05-10 13:14 - 2012-07-30 04:16 - 00404480 ____A C:\Windows\System32\QtSvgTR4.dll
    2013-05-10 13:14 - 2012-07-30 04:13 - 02916352 ____A C:\Windows\System32\QtCoreTR4.dll
    2013-05-10 13:14 - 2012-07-30 04:09 - 08497664 ____A C:\Windows\SysWOW64\QtGuiTR4.dll
    2013-05-10 13:14 - 2012-07-30 04:09 - 02061824 ____A C:\Windows\SysWOW64\QtNetworkTR4.dll
    2013-05-10 13:14 - 2012-07-30 04:09 - 00363008 ____A C:\Windows\SysWOW64\QtSvgTR4.dll
    2013-05-10 13:14 - 2012-07-30 04:06 - 02510848 ____A C:\Windows\SysWOW64\QtCoreTR4.dll
    2013-05-10 09:00 - 2013-05-18 12:31 - 00000000 ____D C:\Douglas
    2013-05-03 11:34 - 2013-05-03 11:34 - 00000000 ____D C:\Users\elmani\Documents\Symantec
    2013-05-03 11:28 - 2013-05-03 11:28 - 00000000 ____D C:\Windows\System32\Drivers\NSTx64
    2013-05-03 11:27 - 2013-05-03 11:28 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe
    2013-04-30 11:56 - 2013-04-30 11:56 - 00002872 ____A C:\{3DE74EC1-0384-4610-8464-0BEB5AF2FF25}
    2013-04-30 10:08 - 2013-04-30 10:08 - 00000000 ____A C:\autoexec.bat
    2013-04-29 13:02 - 2013-04-29 13:02 - 00032000 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
    2013-04-29 12:10 - 2013-05-18 22:59 - 00002218 ____A C:\Users\elmani\Desktop\SpyHunter.lnk
    2013-04-29 12:09 - 2013-04-29 12:16 - 00000000 ____D C:\Windows\22B3AE667A374118BADB3680C15CA366.TMP
    2013-04-29 12:07 - 2013-04-29 12:07 - 00007816 ____A C:\Windows\System32\.crusader
    2013-04-29 11:42 - 2013-04-29 11:42 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
    2013-04-29 11:02 - 2013-04-29 11:22 - 00000000 ____D C:\ProgramData\HitmanPro
    2013-04-29 10:44 - 2013-04-29 11:42 - 95023320 ___AT C:\ProgramData\iweqodb.pad
    2013-04-29 10:44 - 2013-04-29 11:42 - 00000000 ____A C:\ProgramData\as98213.txt
    2013-04-29 10:44 - 2013-04-29 10:44 - 95023320 ___AT C:\ProgramData\botdv.pad
    2013-04-29 10:44 - 2013-04-29 10:44 - 00000153 ____A C:\ProgramData\iweqodb.reg
    2013-04-28 01:57 - 2013-04-28 02:11 - 00000000 ____D C:\Users\elmani\Downloads\Corel Videostudio Pro X6 incl Keygen XFORCE NiCkkkDoN
    2013-04-26 02:03 - 2013-04-26 02:03 - 00000000 ____D C:\Windows\SysWOW64\Adobe
    2013-04-23 10:48 - 2013-04-12 06:45 - 01656680 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
    2013-04-22 13:00 - 2013-04-22 13:00 - 01434146 ____A C:\Users\elmani\Downloads\33245__ljudman__grenade.wav

    ==================== One Month Modified Files and Folders =======

    2013-05-18 23:45 - 2013-05-18 23:45 - 00000000 ____D C:\FRST
    2013-05-18 23:00 - 2013-04-14 07:32 - 00002174 ____A C:\Users\Public\Desktop\Google Earth.lnk
    2013-05-18 23:00 - 2013-02-16 01:29 - 00001739 ____A C:\Users\Public\Desktop\iTunes.lnk
    2013-05-18 23:00 - 2013-02-03 02:03 - 00002035 ____A C:\Users\Public\Desktop\Loxley Designer PRO.lnk
    2013-05-18 23:00 - 2013-01-30 10:21 - 00000975 ____A C:\Users\Public\Desktop\TweetAdder3.lnk
    2013-05-18 23:00 - 2012-10-11 12:03 - 00002017 ____A C:\Users\Public\Desktop\Virgin Media Digital Home Support.lnk
    2013-05-18 23:00 - 2012-03-17 09:30 - 00002139 ____A C:\Users\Public\Desktop\Google Chrome.lnk
    2013-05-18 23:00 - 2012-02-01 11:18 - 00002353 ____A C:\Users\Public\Desktop\Norton AntiVirus.lnk
    2013-05-18 23:00 - 2012-01-07 11:49 - 00001103 ____A C:\Users\Public\Desktop\Bamboo Dock.lnk
    2013-05-18 23:00 - 2012-01-01 10:24 - 00001026 ____A C:\Users\Public\Desktop\VLC media player.lnk
    2013-05-18 23:00 - 2011-11-29 13:30 - 00002138 ____A C:\Users\Public\Desktop\Adobe Digital Editions.lnk
    2013-05-18 23:00 - 2011-10-15 02:47 - 00000923 ____A C:\Users\Public\Desktop\PageBreeze HTML Editor.lnk
    2013-05-18 23:00 - 2011-08-03 11:40 - 00000994 ____A C:\Users\Public\Desktop\Corel VideoStudio Pro X4.lnk
    2013-05-18 23:00 - 2011-07-25 11:50 - 00001975 ____A C:\Users\Public\Desktop\Adobe Reader X.lnk
    2013-05-18 22:59 - 2013-04-29 12:10 - 00002218 ____A C:\Users\elmani\Desktop\SpyHunter.lnk
    2013-05-18 22:59 - 2013-04-14 09:06 - 00000572 ____A C:\Users\elmani\Desktop\Fraps.lnk
    2013-05-18 22:59 - 2013-02-16 01:42 - 00001165 ____A C:\Users\elmani\Desktop\Learning Lodge Navigator.lnk
    2013-05-18 22:59 - 2013-02-03 02:56 - 00002179 ____A C:\Users\elmani\Desktop\Loxley ROES.lnk
    2013-05-18 22:59 - 2012-04-07 11:11 - 00001039 ____A C:\Users\elmani\Desktop\WinAVI All in One Converter.lnk
    2013-05-18 22:59 - 2012-03-29 09:13 - 00000819 ____A C:\Users\elmani\Desktop\LGMobile update.lnk
    2013-05-18 22:59 - 2012-02-12 09:24 - 00000954 ____A C:\Users\elmani\Desktop\WBFS Manager 3.0.lnk
    2013-05-18 22:59 - 2012-02-08 11:13 - 00001253 ____A C:\Users\elmani\Desktop\AVS4YOU Software Navigator.lnk
    2013-05-18 22:59 - 2011-08-03 12:02 - 00001152 ____A C:\Users\elmani\Desktop\ImTOO DVD Ripper Platinum 5.lnk
    2013-05-18 22:59 - 2011-07-23 04:31 - 00002018 ____A C:\Users\elmani\Desktop\FotoFusion Version 4.lnk
    2013-05-18 22:59 - 2011-07-22 22:40 - 00001235 ____A C:\Users\elmani\Desktop\Norton Installation Files.lnk
    2013-05-18 12:58 - 2013-02-22 05:03 - 00000268 ____A C:\Windows\Tasks\RMAutoUpdate.job
    2013-05-18 12:58 - 2012-09-24 10:43 - 00000000 ____D C:\Program Files (x86)\Registry Mechanic
    2013-05-18 12:58 - 2012-03-17 09:29 - 00000894 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
    2013-05-18 12:58 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2013-05-18 12:57 - 2009-07-13 20:51 - 00078321 ____A C:\Windows\setupact.log
    2013-05-18 12:55 - 2012-03-17 09:29 - 00000898 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
    2013-05-18 12:52 - 2011-07-22 22:19 - 01128515 ____A C:\Windows\WindowsUpdate.log
    2013-05-18 12:43 - 2011-07-23 04:17 - 00000000 ____D C:\Program Files (x86)\uTorrent
    2013-05-18 12:43 - 2011-07-23 02:50 - 00047604 ____A C:\Windows\PFRO.log
    2013-05-18 12:37 - 2013-05-18 12:37 - 00116777 ____A C:\ProgramData\2433f433
    2013-05-18 12:37 - 2013-05-18 12:37 - 00116773 ____A C:\Users\elmani\AppData\Roaming\2433f433
    2013-05-18 12:37 - 2013-05-18 12:37 - 00116719 ____A C:\Users\elmani\AppData\Local\2433f433
    2013-05-18 12:37 - 2013-05-18 12:37 - 00027136 ____A C:\Users\elmani\Documents\220d7456.exe
    2013-05-18 12:35 - 2011-07-23 04:32 - 00000000 ____D C:\ProgramData\LumaPix
    2013-05-18 12:31 - 2013-05-10 09:00 - 00000000 ____D C:\Douglas
    2013-05-18 12:31 - 2012-11-28 13:04 - 00000912 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4164018307-4290200351-3733621057-1001UA.job
    2013-05-18 12:31 - 2012-11-28 13:04 - 00000860 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4164018307-4290200351-3733621057-1001Core.job
    2013-05-18 12:16 - 2013-05-12 02:39 - 00000000 ____D C:\Users\elmani\Documents\My Collages
    2013-05-18 12:03 - 2012-08-15 22:58 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
    2013-05-18 11:43 - 2013-05-18 11:34 - 00000000 ____D C:\Users\elmani\Downloads\Wreck-It.Ralph.2012.DVDRip.XviD-RiPS
    2013-05-18 11:42 - 2011-07-23 04:16 - 00000000 ____D C:\Users\elmani\AppData\Roaming\uTorrent
    2013-05-18 11:36 - 2013-05-18 11:36 - 00000000 ____D C:\Users\elmani\Downloads\Amy
    2013-05-18 11:35 - 2013-05-18 11:35 - 00012094 ____A C:\Users\elmani\Downloads\Amy.torrent
    2013-05-18 11:34 - 2013-05-18 11:34 - 00031114 ____A C:\Users\elmani\Downloads\Wreck-It.Ralph.2012.DVDRip.XviD-RiPS.torrent
    2013-05-18 11:31 - 2011-12-30 14:44 - 00000000 ____D C:\Users\elmani\AppData\Local\CrashDumps
    2013-05-18 10:27 - 2013-02-23 00:17 - 00058246 ____A C:\Windows\SysWOW64\AppLog.log
    2013-05-18 10:27 - 2013-02-22 05:03 - 00000270 ____A C:\Windows\Tasks\RMSchedule.job
    2013-05-18 07:18 - 2013-05-18 07:18 - 00000541 ____A C:\Windows\KB893803v2.log
    2013-05-18 07:18 - 2013-05-18 07:18 - 00000000 ____D C:\Users\elmani\AppData\Local\Nik Software
    2013-05-18 07:18 - 2013-05-18 07:18 - 00000000 ____D C:\ProgramData\Nik Software
    2013-05-18 07:18 - 2013-05-18 07:18 - 00000000 ____D C:\Program Files\Nik Software
    2013-05-18 07:15 - 2012-11-24 02:23 - 00000000 ____D C:\ProgramData\Google
    2013-05-18 07:15 - 2012-11-24 02:23 - 00000000 ____D C:\Program Files\Google
    2013-05-18 07:14 - 2013-05-18 07:13 - 34331427 ___RA C:\Users\elmani\Downloads\Nik Software - Silver Efex Pro 2 v2.000 By Cool Release.rar
    2013-05-18 07:10 - 2013-05-18 07:10 - 00000000 ____D C:\Program Files (x86)\PrivitizeVPN
    2013-05-18 07:09 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2013-05-18 07:09 - 2009-07-13 20:45 - 00015152 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2013-05-17 11:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
    2013-05-16 12:22 - 2009-07-13 20:45 - 04866488 ____A C:\Windows\System32\FNTCACHE.DAT
    2013-05-15 14:13 - 2011-07-22 23:16 - 75016696 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
    2013-05-15 14:11 - 2009-07-13 21:13 - 00732066 ____A C:\Windows\System32\PerfStringBackup.INI
    2013-05-15 13:53 - 2013-02-03 03:03 - 00000000 ____D C:\Users\elmani\.roescache
    2013-05-15 13:52 - 2013-02-03 03:03 - 00000000 ____D C:\Users\elmani\.LoxleyColour
    2013-05-15 13:51 - 2013-02-03 02:07 - 00003072 ____A C:\Users\elmani\AppData\Roaming\Loxley Designer PRO Prefsv3
    2013-05-15 13:51 - 2013-02-03 02:06 - 00000000 ____D C:\Users\elmani\Documents\Loxley Designer PRO Projects
    2013-05-15 13:50 - 2013-02-03 02:02 - 00000000 ____D C:\Program Files (x86)\Loxley Designer PRO
    2013-05-15 13:19 - 2013-05-15 13:18 - 103251696 ____A C:\Users\elmani\Downloads\nikcollection-1.0.0.7.exe
    2013-05-14 12:28 - 2013-05-14 12:28 - 00000000 ____D C:\Program Files (x86)\GUM59E5.tmp
    2013-05-14 12:03 - 2012-04-03 12:31 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2013-05-14 12:03 - 2012-01-08 10:46 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2013-05-12 09:01 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\System32\NDF
    2013-05-12 00:22 - 2013-05-12 00:22 - 00000000 ____D C:\Users\elmani\AppData\Roaming\Mozilla
    2013-05-12 00:20 - 2011-07-22 22:28 - 00000000 ____D C:\users\elmani
    2013-05-11 10:42 - 2009-07-13 18:34 - 63438848 ____A C:\Windows\System32\config\software.rmbak
    2013-05-11 10:36 - 2009-07-13 18:34 - 00262144 ____A C:\Windows\System32\config\default.rmbak
    2013-05-11 04:48 - 2013-05-11 04:48 - 00000000 ____D C:\Users\elmani\AppData\Local\Software
    2013-05-11 04:48 - 2013-05-11 04:48 - 00000000 ____D C:\Users\elmani\AppData\Local\NikLicenseFiles
    2013-05-11 04:45 - 2012-03-17 09:29 - 00000000 ____D C:\Users\elmani\AppData\Local\Google
    2013-05-11 04:45 - 2011-07-23 02:45 - 00000000 ____D C:\Users\elmani\AppData\Roaming\Adobe
    2013-05-11 04:44 - 2013-05-11 04:44 - 00000000 ____D C:\Program Files (x86)\GUM26AF.tmp
    2013-05-11 04:43 - 2013-05-11 04:43 - 00000000 ____D C:\Users\Public\Documents\Digital Anarchy
    2013-05-11 04:39 - 2013-05-11 04:38 - 16379071 ___RA C:\Users\elmani\Downloads\Photoshop Plugin - ToonIt v 2.6.3.rar
    2013-05-11 04:39 - 2013-03-30 02:08 - 00000000 ____D C:\Users\elmani\Downloads\kindle.books
    2013-05-10 13:16 - 2013-05-10 13:14 - 00000000 ____D C:\ProgramData\Totally Rad
    2013-05-10 13:14 - 2013-05-10 13:14 - 00000000 ____D C:\Program Files (x86)\Totally Rad
    2013-05-07 12:46 - 2011-07-25 11:48 - 00000000 ____D C:\ProgramData\Adobe
    2013-05-05 13:36 - 2013-05-15 14:07 - 17818624 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
    2013-05-05 13:16 - 2013-05-15 14:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
    2013-05-05 11:25 - 2013-05-15 14:07 - 12324864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2013-05-05 11:12 - 2013-05-15 14:07 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2013-05-04 04:39 - 2012-09-24 13:31 - 00000000 ____D C:\Users\elmani\AppData\Roaming\Spotify
    2013-05-04 04:38 - 2012-09-24 13:32 - 00000000 ____D C:\Users\elmani\AppData\Local\Spotify
    2013-05-03 11:34 - 2013-05-03 11:34 - 00000000 ____D C:\Users\elmani\Documents\Symantec
    2013-05-03 11:31 - 2011-07-22 22:43 - 00000000 ____D C:\Windows\System32\Drivers\NAVx64
    2013-05-03 11:30 - 2011-07-22 22:40 - 00000000 ____D C:\ProgramData\Norton
    2013-05-03 11:28 - 2013-05-03 11:28 - 00000000 ____D C:\Windows\System32\Drivers\NSTx64
    2013-05-03 11:28 - 2013-05-03 11:27 - 00000000 ____D C:\Program Files (x86)\Norton Identity Safe
    2013-05-01 14:37 - 2011-07-22 22:43 - 00000000 ____D C:\Program Files\Symantec
    2013-05-01 14:36 - 2011-07-22 22:43 - 00177312 ____A (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT64x86.SYS
    2013-05-01 14:36 - 2011-07-22 22:43 - 00007466 ____A C:\Windows\System32\Drivers\SYMEVENT64x86.CAT
    2013-05-01 14:31 - 2011-07-22 22:40 - 00000000 ____D C:\Users\Public\Downloads\Norton
    2013-04-30 11:56 - 2013-04-30 11:56 - 00002872 ____A C:\{3DE74EC1-0384-4610-8464-0BEB5AF2FF25}
    2013-04-30 10:44 - 2012-03-29 09:01 - 00000000 ____D C:\Program Files (x86)\LG Electronics
    2013-04-30 10:44 - 2011-08-03 11:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2013-04-30 10:08 - 2013-04-30 10:08 - 00000000 ____A C:\autoexec.bat
    2013-04-29 13:02 - 2013-04-29 13:02 - 00032000 ____A C:\Windows\System32\Drivers\hitmanpro37.sys
    2013-04-29 12:59 - 2012-10-16 13:31 - 00000000 ____D C:\Users\elmani\AppData\Local\NPE
    2013-04-29 12:16 - 2013-04-29 12:09 - 00000000 ____D C:\Windows\22B3AE667A374118BADB3680C15CA366.TMP
    2013-04-29 12:07 - 2013-04-29 12:07 - 00007816 ____A C:\Windows\System32\.crusader
    2013-04-29 11:42 - 2013-04-29 11:42 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
    2013-04-29 11:42 - 2013-04-29 10:44 - 95023320 ___AT C:\ProgramData\iweqodb.pad
    2013-04-29 11:42 - 2013-04-29 10:44 - 00000000 ____A C:\ProgramData\as98213.txt
    2013-04-29 11:22 - 2013-04-29 11:02 - 00000000 ____D C:\ProgramData\HitmanPro
    2013-04-29 10:44 - 2013-04-29 10:44 - 95023320 ___AT C:\ProgramData\botdv.pad
    2013-04-29 10:44 - 2013-04-29 10:44 - 00000153 ____A C:\ProgramData\iweqodb.reg
    2013-04-28 02:14 - 2013-03-30 10:48 - 00000000 ____D C:\Users\elmani\Downloads\Bolt.DVDRip.XViD-PUKKA
    2013-04-28 02:11 - 2013-04-28 01:57 - 00000000 ____D C:\Users\elmani\Downloads\Corel Videostudio Pro X6 incl Keygen XFORCE NiCkkkDoN
    2013-04-28 01:53 - 2012-04-04 11:53 - 00105379 ____A C:\MP4debug.log
    2013-04-26 02:04 - 2011-07-23 02:45 - 00000000 ____D C:\Windows\SysWOW64\Macromed
    2013-04-26 02:03 - 2013-04-26 02:03 - 00000000 ____D C:\Windows\SysWOW64\Adobe
    2013-04-22 13:00 - 2013-04-22 13:00 - 01434146 ____A C:\Users\elmani\Downloads\33245__ljudman__grenade.wav
    2013-04-20 07:42 - 2009-07-13 21:08 - 00032620 ____A C:\Windows\Tasks\SCHEDLGU.TXT

    Other Malware:
    ===========
    C:\ProgramData\rundll32.exe
    C:\ProgramData\botdv.pad
    C:\ProgramData\iweqodb.pad
    C:\ProgramData\iweqodb.reg
    C:\ProgramData\rundll32.exe

    ==================== Known DLLs (Whitelisted) ================


    ==================== Bamital & volsnap Check =================

    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\SysWOW64\wininit.exe => MD5 is legit
    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\SysWOW64\explorer.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\SysWOW64\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe => MD5 is legit
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\SysWOW64\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\SysWOW64\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ==================== Restore Points =========================

    Restore point made on: 2013-05-18 08:11:31

    ==================== BCD ================================

    Windows Boot Manager
    --------------------
    identifier {bootmgr}
    device partition=E:
    description Windows Boot Manager
    locale en-US
    inherit {globalsettings}
    default {default}
    resumeobject {2c7e9364-ccf9-11df-a519-a842bb84a5a0}
    displayorder {default}
    toolsdisplayorder {memdiag}
    timeout 30

    Windows Boot Loader
    -------------------
    identifier {2c7e9362-ccf9-11df-a519-a842bb84a5a0}
    device ramdisk=[C:]\Recovery\2c7e9362-ccf9-11df-a519-a842bb84a5a0\Winre.wim,{2c7e9363-ccf9-11df-a519-a842bb84a5a0}
    path \windows\system32\winload.exe
    description Windows Recovery Environment
    inherit {bootloadersettings}
    osdevice ramdisk=[C:]\Recovery\2c7e9362-ccf9-11df-a519-a842bb84a5a0\Winre.wim,{2c7e9363-ccf9-11df-a519-a842bb84a5a0}
    systemroot \windows
    nx OptIn
    winpe Yes

    Windows Boot Loader
    -------------------
    identifier {default}
    device partition=C:
    path \Windows\system32\winload.exe
    description Windows 7
    locale en-US
    inherit {bootloadersettings}
    recoverysequence {2c7e9366-ccf9-11df-a519-a842bb84a5a0}
    recoveryenabled Yes
    osdevice partition=C:
    systemroot \Windows
    resumeobject {2c7e9364-ccf9-11df-a519-a842bb84a5a0}
    nx OptIn
    bootlog No

    Windows Boot Loader
    -------------------
    identifier {2c7e9366-ccf9-11df-a519-a842bb84a5a0}
    device ramdisk=[C:]\Recovery\2c7e9366-ccf9-11df-a519-a842bb84a5a0\Winre.wim,{2c7e9367-ccf9-11df-a519-a842bb84a5a0}
    path \windows\system32\winload.exe
    description Windows Recovery Environment
    inherit {bootloadersettings}
    osdevice ramdisk=[C:]\Recovery\2c7e9366-ccf9-11df-a519-a842bb84a5a0\Winre.wim,{2c7e9367-ccf9-11df-a519-a842bb84a5a0}
    systemroot \windows
    nx OptIn
    winpe Yes

    Resume from Hibernate
    ---------------------
    identifier {2c7e9364-ccf9-11df-a519-a842bb84a5a0}
    device partition=C:
    path \Windows\system32\winresume.exe
    description Windows Resume Application
    locale en-US
    inherit {resumeloadersettings}
    filedevice partition=C:
    filepath \hiberfil.sys
    debugoptionenabled No

    Windows Memory Tester
    ---------------------
    identifier {memdiag}
    device partition=E:
    path \boot\memtest.exe
    description Windows Memory Diagnostic
    locale en-US
    inherit {globalsettings}
    badmemoryaccess Yes

    EMS Settings
    ------------
    identifier {emssettings}
    bootems Yes

    Debugger Settings
    -----------------
    identifier {dbgsettings}
    debugtype Serial
    debugport 1
    baudrate 115200

    RAM Defects
    -----------
    identifier {badmemory}

    Global Settings
    ---------------
    identifier {globalsettings}
    inherit {dbgsettings}
    {emssettings}
    {badmemory}

    Boot Loader Settings
    --------------------
    identifier {bootloadersettings}
    inherit {globalsettings}
    {hypervisorsettings}

    Hypervisor Settings
    -------------------
    identifier {hypervisorsettings}
    hypervisordebugtype Serial
    hypervisordebugport 1
    hypervisorbaudrate 115200

    Resume Loader Settings
    ----------------------
    identifier {resumeloadersettings}
    inherit {globalsettings}

    Device options
    --------------
    identifier {2c7e9363-ccf9-11df-a519-a842bb84a5a0}
    description Ramdisk Options
    ramdisksdidevice partition=C:
    ramdisksdipath \Recovery\2c7e9362-ccf9-11df-a519-a842bb84a5a0\boot.sdi

    Device options
    --------------
    identifier {2c7e9367-ccf9-11df-a519-a842bb84a5a0}
    description Ramdisk Options
    ramdisksdidevice partition=C:
    ramdisksdipath \Recovery\2c7e9366-ccf9-11df-a519-a842bb84a5a0\boot.sdi


    ==================== Memory info ===========================

    Percentage of memory in use: 15%
    Total physical RAM: 4095.16 MB
    Available physical RAM: 3465.34 MB
    Total Pagefile: 4093.31 MB
    Available Pagefile: 3465.72 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.88 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:235.19 GB) (Free:19 GB) NTFS (Disk=2 Partition=2)
    Drive d: (Software) (Fixed) (Total:189.92 GB) (Free:5.98 GB) NTFS (Disk=1 Partition=1)
    Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=2 Partition=1) ==>[System with boot components (obtained from reading drive)]
    Drive g: (Photos) (Fixed) (Total:230.47 GB) (Free:26.1 GB) NTFS (Disk=2 Partition=3)
    Drive h: (GRMCHPXFREO_EN_DVD) (CDROM) (Total:3 GB) (Free:0 GB) UDF
    Drive i: (Transcend) (Removable) (Total:3.74 GB) (Free:2.7 GB) FAT32 (Disk=3 Partition=1)
    Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    Drive y: (Videos) (Fixed) (Total:372.61 GB) (Free:5.43 GB) NTFS (Disk=0 Partition=1)

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 373 GB) (Disk ID: 06AB3C80)
    Partition 1: (Active) - (Size=373 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows XP) (Size: 190 GB) (Disk ID: 269F477F)
    Partition 1: (Active) - (Size=190 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 2 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 439459DE)
    Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=235 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=230 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 3 (Size: 4 GB) (Disk ID: 00000000)
    Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)


    Last Boot: 2013-05-17 10:54

    ==================== End Of Log ============================
     
    theelmani, May 18, 2013
    #1
  2. TimW

    TimW MajorGeeks Administrator - Jedi Malware Expert Staff Member

    PLEASE attach your logs in the future.

    Save fixlist.txt to your flash drive.

    • You should now have both fixlist.txt and FRST.exe on your flash drive.

    Now reboot back into the System Recovery Options as you did previously.
    Run FRST and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt).
    Please attach this to your next message. (See how to attach)

    Now boot into normal Windows can continue with the below.

    Running MGTools.
     

    Attached Files:

    TimW, May 19, 2013
    #2

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds