I ran combofix on a pc that I could not re-attach the driver on last night.
I have been able to Farbar Recovery Scan Tool and these are the results
K guys I want to explain the shift position encryption cipher method, I see alot of C code here using shift method incorrectly below is a modified caesar cipher, First modification is that we don't use Alphabet A.Z which is 26 characters, Instead we use all readable characters and special characters, the second modification is that the Alphabet we use is mixed up making harder to decrypt as.
any help is greatly appreciated.
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-07-2013 03
Ran by SYSTEM on 01-08-2013 20:38:12
Running from F:
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.
Registry (Whitelisted)
HKLM...Run: [RTHDVCPL] - C:Program FilesRealtekAudioHDARtkNGUI64.exe [6463592 2012-02-02] (Realtek Semiconductor)
HKLM...Run: [combofix] - C:ComboFixCF32727.3XE [345088 2010-11-20] (Microsoft Corporation)
HKLM...RunOnce: [combofix] - C:ComboFixCF32727.3XE /c C:ComboFixCombobatch.bat [345088 2010-11-20] (Microsoft Corporation)
HKLM...runonceex: [flags] - 8 [x]
HKLM...InprocServer32: [Default-cscui] < ATTENTION!
HKLM-x32...Run: [FUFAXRCV] - C:Program Files (x86)Epson SoftwareFAX UtilityFUFAXRCV.exe [495616 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32...Run: [FUFAXSTM] - C:Program Files (x86)Epson SoftwareFAX UtilityFUFAXSTM.exe [856064 2011-03-08] (SEIKO EPSON CORPORATION)
HKLM-x32...Run: [EEventManager] - C:Program Files (x86)Epson SoftwareEvent ManagerEEventManager.exe [979328 2010-10-11] (SEIKO EPSON CORPORATION)
HKLM-x32...Run: [APSDaemon] - C:Program Files (x86)Common FilesAppleApple Application SupportAPSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32...Run: [SunJavaUpdateSched] - C:Program Files (x86)Common FilesJavaJava Updatejusched.exe [252848 2012-07-02] (Sun Microsystems, Inc.)
HKLM-x32...Run: [Adobe ARM] - C:Program Files (x86)Common FilesAdobeARM1.0AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKUAtgiaras...Run: [EPLTargetP0000000000000001] - C:Windowssystem32spoolDRIVERSx643E_YATIHWP.EXE [241280 2012-12-09] (SEIKO EPSON CORPORATION)
HKUAtgiaras...Run: [EPLTargetP0000000000000000] - C:Windowssystem32spoolDRIVERSx643E_YATIHWP.EXE [241280 2012-12-09] (SEIKO EPSON CORPORATION)
HKUAtgiaras...Run: [iMesh] - C:Program Files (x86)iMesh ApplicationsiMeshiMesh.exe [30943096 2013-04-04] (iMesh, Inc)
HKUUpdatusUser...Run: [Exetender] - 'C:Program Files (x86)FantastiGamesGPlayer.exe' /runonstartup [x]
HKUUpdatusUser...Run: [EPLTargetP0000000000000001] - C:Windowssystem32spoolDRIVERSx643E_YATIHWP.EXE [241280 2012-12-09] (SEIKO EPSON CORPORATION)
HKUUpdatusUser...Run: [EPLTargetP0000000000000000] - C:Windowssystem32spoolDRIVERSx643E_YATIHWP.EXE [241280 2012-12-09] (SEIKO EPSON CORPORATION)
AppInit_DLLs: C:PROGRA~2SEARCH~1Datamngrx64mgrldr.dll [97280 2009-07-13] ()
Services (Whitelisted)
S2 IERA; C:Program Files (x86)Sierra Wireless IncIERAIERA64.exe [198512 2010-11-22] (Sierra Wireless, Inc.)
S2 jhi_service; C:Program Files (x86)IntelIntel® Management Engine ComponentsDALjhi_service.exe [161560 2012-01-20] (Intel Corporation)
S2 NIS; C:Program Files (x86)Norton Internet SecurityEngine19.9.1.14ccSvcHst.exe [138272 2012-06-15] (Symantec Corporation)
S2 VideoDownloadConverter_4zService; C:PROGRA~2VIDEOD~2bar1.bin4zbarsvc.exe [42504 2012-12-05] (COMPANYVERS_NAME)
Drivers (Whitelisted)
S1 BHDrvx64; C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.5.0.145DefinitionsBASHDefs20130715.001BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 BHDrvx64; C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.5.0.145DefinitionsBASHDefs20130715.001BHDrvx64.sys [1393240 2013-05-31] (Symantec Corporation)
S1 ccSet_NIS; C:Windowssystem32driversNISx641309010.00EccSetx64.sys [167072 2012-06-06] (Symantec Corporation)
S1 eeCtrl; C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys [484512 2012-09-30] (Symantec Corporation)
S1 eeCtrl; C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys [484512 2012-09-30] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys [138912 2012-09-30] (Symantec Corporation)
S1 IDSVia64; C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.5.0.145DefinitionsIPSDefs20130726.001IDSvia64.sys [513184 2012-09-27] (Symantec Corporation)
S1 IDSVia64; C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.5.0.145DefinitionsIPSDefs20130726.001IDSvia64.sys [513184 2012-09-27] (Symantec Corporation)
S3 NAVENG; C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.5.0.145DefinitionsVirusDefs20130726.018ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
S3 NAVENG; C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.5.0.145DefinitionsVirusDefs20130726.018ENG64.SYS [126040 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.5.0.145DefinitionsVirusDefs20130726.018EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
S3 NAVEX15; C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.5.0.145DefinitionsVirusDefs20130726.018EX64.SYS [2098776 2013-05-22] (Symantec Corporation)
S1 SRTSP; C:WindowsSystem32DriversNISx641309010.00ESRTSP64.SYS [737952 2012-07-05] (Symantec Corporation)
S1 SRTSPX; C:Windowssystem32driversNISx641309010.00ESRTSPX64.SYS [37536 2012-07-05] (Symantec Corporation)
S3 swiwdmbus; C:WindowsSystem32DRIVERSswiwdmbusx64.sys [102656 2010-06-20] (Sierra Wireless Inc.)
S3 SWUMXA3; C:WindowsSystem32DRIVERSswumxa3.sys [210944 2010-06-20] (Sierra Wireless Inc.)
S0 SymDS; C:WindowsSystem32driversNISx641309010.00ESYMDS64.SYS [451192 2011-08-15] (Symantec Corporation)
S0 SymEFA; C:WindowsSystem32driversNISx641309010.00ESYMEFA64.SYS [1129120 2012-05-21] (Symantec Corporation)
S3 SymEvent; C:Windowssystem32DriversSYMEVENT64x86.SYS [175736 2012-09-29] (Symantec Corporation)
S1 SymIRON; C:Windowssystem32driversNISx641309010.00EIronx64.SYS [190072 2012-04-17] (Symantec Corporation)
S1 SymNetS; C:WindowsSystem32DriversNISx641309010.00ESYMNETS.SYS [405624 2012-04-17] (Symantec Corporation)
S3 catchme; ??C:ComboFixcatchme.sys [x]
S3 MSICDSetup; ??D:CDriver64.sys [x]
S3 NTIOLib_1_0_C; ??D:NTIOLib_X64.sys [x]
S3 SWUMX20; system32DRIVERSswumx20.sys [x]
Drivers MD5
C:Windowssystem32drivers1394ohci.sys > MD5 is legit
C:WindowsSystem32driversACPI.sys > MD5 is legit
C:Windowssystem32driversacpipmi.sys > MD5 is legit
C:Windowssystem32driversadp94xx.sys > MD5 is legit
C:Windowssystem32driversadpahci.sys > MD5 is legit
C:Windowssystem32driversadpu320.sys > MD5 is legit
C:Windowssystem32driversafd.sys 1C7857B62DE5994A75B054A9FD4C3825
C:Windowssystem32driversagp440.sys > MD5 is legit
C:Windowssystem32driversaliide.sys > MD5 is legit
C:Windowssystem32driversamdide.sys > MD5 is legit
C:Windowssystem32driversamdk8.sys > MD5 is legit
C:Windowssystem32driversamdppm.sys > MD5 is legit
C:Windowssystem32driversamdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
C:Windowssystem32driversamdsbs.sys > MD5 is legit
C:WindowsSystem32driversamdxata.sys 540DAF1CEA6094886D72126FD7C33048
C:Windowssystem32driversappid.sys > MD5 is legit
C:Windowssystem32driversarc.sys > MD5 is legit
C:Windowssystem32driversarcsas.sys > MD5 is legit
C:WindowsSystem32DRIVERSasyncmac.sys > MD5 is legit
C:WindowsSystem32driversatapi.sys > MD5 is legit
C:Windowssystem32driversbxvbda.sys > MD5 is legit
C:WindowsSystem32DRIVERSb57nd60a.sys > MD5 is legit
C:WindowsSystem32DriversBeep.sys > MD5 is legit
C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.5.0.145DefinitionsBASHDefs20130715.001BHDrvx64.sys 6E10DB69DB1AA96207F4B14B18FF12F8
C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.5.0.145DefinitionsBASHDefs20130715.001BHDrvx64.sys 6E10DB69DB1AA96207F4B14B18FF12F8
C:WindowsSystem32DRIVERSblbdrive.sys > MD5 is legit
C:WindowsSystem32DRIVERSbowser.sys > MD5 is legit
C:Windowssystem32driversBrFiltLo.sys > MD5 is legit
C:Windowssystem32driversBrFiltUp.sys > MD5 is legit
C:WindowsSystem32DRIVERSbridge.sys 5C2F352A4E961D72518261257AAE204B
C:WindowsSystem32DriversBrserid.sys > MD5 is legit
C:WindowsSystem32DriversBrSerWdm.sys > MD5 is legit
C:WindowsSystem32DriversBrUsbMdm.sys > MD5 is legit
C:WindowsSystem32DriversBrUsbSer.sys > MD5 is legit
C:Windowssystem32driversbthmodem.sys > MD5 is legit
C:Windowssystem32driversNISx641309010.00EccSetx64.sys 2C6FFCCA37B002AAB3C7C31A6D780A76
C:WindowsSystem32DRIVERScdfs.sys > MD5 is legit
C:WindowsSystem32DRIVERScdrom.sys > MD5 is legit
C:Windowssystem32driverscirclass.sys > MD5 is legit
C:WindowsSystem32CLFS.sys > MD5 is legit
C:Windowssystem32driversCmBatt.sys > MD5 is legit
C:Windowssystem32driverscmdide.sys > MD5 is legit
C:WindowsSystem32Driverscng.sys 9AC4F97C2D3E93367E2148EA940CD2CD
C:Windowssystem32driverscompbatt.sys > MD5 is legit
C:WindowsSystem32DRIVERSCompositeBus.sys > MD5 is legit
C:Windowssystem32driverscrcdisk.sys > MD5 is legit
C:WindowsSystem32Driversdfsc.sys > MD5 is legit
C:WindowsSystem32driversdiscache.sys > MD5 is legit
C:WindowsSystem32driversdisk.sys > MD5 is legit
C:WindowsSystem32driversdrmkaud.sys > MD5 is legit
C:WindowsSystem32driversdxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
C:Windowssystem32driversevbda.sys > MD5 is legit
C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys 4353FF94D47A0A9D52B89ECCF0CDB013
C:Program Files (x86)Common FilesSymantec SharedEENGINEeeCtrl64.sys 4353FF94D47A0A9D52B89ECCF0CDB013
C:Windowssystem32driverselxstor.sys > MD5 is legit
C:Program Files (x86)Common FilesSymantec SharedEENGINEEraserUtilRebootDrv.sys C5BCCB378D0A896304A3E71BE7215983
C:Windowssystem32driverserrdev.sys > MD5 is legit
C:WindowsSystem32Driversexfat.sys > MD5 is legit
C:WindowsSystem32Driversfastfat.sys > MD5 is legit
C:Windowssystem32driversfdc.sys > MD5 is legit
C:WindowsSystem32driversfileinfo.sys > MD5 is legit
C:WindowsSystem32driversfiletrace.sys > MD5 is legit
C:Windowssystem32driversflpydisk.sys > MD5 is legit
C:WindowsSystem32driversfltmgr.sys > MD5 is legit
C:WindowsSystem32driversFsDepends.sys > MD5 is legit
C:WindowsSystem32DriversFs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
C:WindowsSystem32DRIVERSfvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
C:Windowssystem32driversgagp30kx.sys > MD5 is legit
C:WindowsSystem32DRIVERSGEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:Windowssystem32drivershcw85cir.sys > MD5 is legit
C:WindowsSystem32driversHdAudio.sys 975761C778E33CD22498059B91E7373A
C:WindowsSystem32DRIVERSHDAudBus.sys > MD5 is legit
C:Windowssystem32driversHidBatt.sys > MD5 is legit
C:Windowssystem32drivershidbth.sys > MD5 is legit
C:Windowssystem32drivershidir.sys > MD5 is legit
C:WindowsSystem32DRIVERShidusb.sys > MD5 is legit
C:Windowssystem32driversHpSAMD.sys > MD5 is legit
C:WindowsSystem32driversHTTP.sys > MD5 is legit
C:WindowsSystem32drivershwpolicy.sys > MD5 is legit
C:WindowsSystem32DRIVERSi8042prt.sys > MD5 is legit
C:Windowssystem32driversiaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.5.0.145DefinitionsIPSDefs20130726.001IDSvia64.sys A48928D4CCA6F8B731989DB08CF2C0AB
C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.5.0.145DefinitionsIPSDefs20130726.001IDSvia64.sys A48928D4CCA6F8B731989DB08CF2C0AB
C:Windowssystem32driversiirsp.sys > MD5 is legit
C:WindowsSystem32driversRTKVHD64.sys 602788BF364D43E5878AA1B4F85C232B
C:Windowssystem32driversintelide.sys > MD5 is legit
C:WindowsSystem32DRIVERSintelppm.sys > MD5 is legit
C:WindowsSystem32DRIVERSipfltdrv.sys > MD5 is legit
C:Windowssystem32driversIPMIDrv.sys > MD5 is legit
C:WindowsSystem32driversipnat.sys > MD5 is legit
C:WindowsSystem32driversirenum.sys > MD5 is legit
C:Windowssystem32driversisapnp.sys > MD5 is legit
C:Windowssystem32driversmsiscsi.sys > MD5 is legit
C:WindowsSystem32DRIVERSkbdclass.sys > MD5 is legit
C:WindowsSystem32DRIVERSkbdhid.sys > MD5 is legit
C:WindowsSystem32Driversksecdd.sys 97A7070AEA4C058B6418519E869A63B4
C:WindowsSystem32Driversksecpkg.sys 26C43A7C2862447EC59DEDA188D1DA07
C:Windowssystem32driversksthunk.sys > MD5 is legit
C:WindowsSystem32DRIVERSlltdio.sys > MD5 is legit
C:Windowssystem32driverslsi_fc.sys > MD5 is legit
C:Windowssystem32driverslsi_sas.sys > MD5 is legit
C:Windowssystem32driverslsi_sas2.sys > MD5 is legit
C:Windowssystem32driverslsi_scsi.sys > MD5 is legit
C:Windowssystem32driversluafv.sys > MD5 is legit
C:Windowssystem32driversmegasas.sys > MD5 is legit
C:Windowssystem32driversMegaSR.sys > MD5 is legit
C:WindowsSystem32DRIVERSHECIx64.sys 6B01B7414A105B9E51652089A03027CF
C:WindowsSystem32driversmodem.sys > MD5 is legit
C:WindowsSystem32DRIVERSmonitor.sys > MD5 is legit
C:WindowsSystem32DRIVERSmouclass.sys > MD5 is legit
C:WindowsSystem32DRIVERSmouhid.sys > MD5 is legit
C:WindowsSystem32driversmountmgr.sys > MD5 is legit
C:Windowssystem32driversmpio.sys > MD5 is legit
C:WindowsSystem32driversmpsdrv.sys > MD5 is legit
C:Windowssystem32driversmrxdav.sys > MD5 is legit
C:WindowsSystem32DRIVERSmrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
C:WindowsSystem32DRIVERSmrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
C:WindowsSystem32DRIVERSmrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
C:WindowsSystem32driversmsahci.sys > MD5 is legit
C:Windowssystem32driversmsdsm.sys > MD5 is legit
C:WindowsSystem32DriversMsfs.sys > MD5 is legit
C:WindowsSystem32driversmshidkmdf.sys > MD5 is legit
C:WindowsSystem32driversmsisadrv.sys > MD5 is legit
C:WindowsSystem32driversMSKSSRV.sys > MD5 is legit
C:WindowsSystem32driversMSPCLOCK.sys > MD5 is legit
C:WindowsSystem32driversMSPQM.sys > MD5 is legit
C:WindowsSystem32DriversMsRPC.sys > MD5 is legit
C:WindowsSystem32DRIVERSmssmbios.sys > MD5 is legit
C:WindowsSystem32driversMSTEE.sys > MD5 is legit
C:Windowssystem32driversMTConfig.sys > MD5 is legit
C:WindowsSystem32Driversmup.sys > MD5 is legit
C:WindowsSystem32DRIVERSnwifi.sys > MD5 is legit
C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.5.0.145DefinitionsVirusDefs20130726.018ENG64.SYS 56540E526B46E379A476FB5BC381B290
C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.5.0.145DefinitionsVirusDefs20130726.018ENG64.SYS 56540E526B46E379A476FB5BC381B290
C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.5.0.145DefinitionsVirusDefs20130726.018EX64.SYS 8A19D3991F9F14B885CDE8BC640F6B68
C:ProgramDataNorton{0C55C096-0F1D-4F28-AAA2-85EF591126E7}NIS_19.5.0.145DefinitionsVirusDefs20130726.018EX64.SYS 8A19D3991F9F14B885CDE8BC640F6B68
C:WindowsSystem32DRIVERSndiscap.sys > MD5 is legit
C:WindowsSystem32DRIVERSndistapi.sys > MD5 is legit
C:WindowsSystem32DRIVERSndisuio.sys > MD5 is legit
C:WindowsSystem32DRIVERSndiswan.sys > MD5 is legit
C:WindowsSystem32DriversNDProxy.sys > MD5 is legit
C:WindowsSystem32DRIVERSnetbios.sys > MD5 is legit
C:WindowsSystem32DRIVERSnetbt.sys > MD5 is legit
C:Windowssystem32driversnfrd960.sys > MD5 is legit
C:WindowsSystem32driversnsiproxy.sys > MD5 is legit
C:WindowsSystem32DriversNtfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
C:WindowsSystem32driversnvhda64v.sys 10204955027011E08A9DC27737A48A54
C:WindowsSystem32DRIVERSnvlddmkm.sys FCBA1C22727939E7CFF9EB08FE9692AB
C:Windowssystem32driversnvraid.sys 0A92CB65770442ED0DC44834632F66AD
C:Windowssystem32driversnvstor.sys DAB0E87525C10052BF65F06152F37E4A
C:Windowssystem32driversnv_agp.sys > MD5 is legit
C:Windowssystem32driversohci1394.sys > MD5 is legit
C:WindowsSystem32DRIVERSparport.sys > MD5 is legit
C:WindowsSystem32driverspartmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
C:WindowsSystem32driverspci.sys > MD5 is legit
C:Windowssystem32driverspciide.sys > MD5 is legit
C:Windowssystem32driverspcmcia.sys > MD5 is legit
C:WindowsSystem32driverspcw.sys > MD5 is legit
C:WindowsSystem32driverspeauth.sys > MD5 is legit
C:WindowsSystem32DRIVERSraspptp.sys > MD5 is legit
C:Windowssystem32driversprocessr.sys > MD5 is legit
C:WindowsSystem32DRIVERSpacer.sys > MD5 is legit
C:Windowssystem32driversql2300.sys > MD5 is legit
C:Windowssystem32driversql40xx.sys > MD5 is legit
C:Windowssystem32driversqwavedrv.sys > MD5 is legit
C:WindowsSystem32DRIVERSrasacd.sys > MD5 is legit
C:WindowsSystem32DRIVERSAgileVpn.sys > MD5 is legit
C:WindowsSystem32DRIVERSrasl2tp.sys > MD5 is legit
C:WindowsSystem32DRIVERSraspppoe.sys > MD5 is legit
C:WindowsSystem32DRIVERSrassstp.sys > MD5 is legit
C:WindowsSystem32DRIVERSrdbss.sys > MD5 is legit
C:Windowssystem32driversrdpbus.sys > MD5 is legit
C:WindowsSystem32DRIVERSRDPCDD.sys > MD5 is legit
C:WindowsSystem32driversrdpencdd.sys > MD5 is legit
C:WindowsSystem32driversrdprefmp.sys > MD5 is legit
C:WindowsSystem32DriversRDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
C:WindowsSystem32driversrdyboost.sys > MD5 is legit
C:WindowsSystem32DriversRootMdm.sys 388D3DD1A6457280F3BADBA9F3ACD6B1
C:WindowsSystem32DRIVERSrspndr.sys > MD5 is legit
C:WindowsSystem32DRIVERSRt64win7.sys 130DD683DCC902F47A4AC35201D07E2F
C:Windowssystem32driverssbp2port.sys > MD5 is legit
C:WindowsSystem32DRIVERSscfilter.sys > MD5 is legit
C:WindowsSystem32Driverssecdrv.sys > MD5 is legit
C:WindowsSystem32DRIVERSserenum.sys > MD5 is legit
C:WindowsSystem32DRIVERSserial.sys > MD5 is legit
C:Windowssystem32driverssermouse.sys > MD5 is legit
C:Windowssystem32driverssffdisk.sys > MD5 is legit
C:Windowssystem32driverssffp_mmc.sys > MD5 is legit
C:Windowssystem32driverssffp_sd.sys > MD5 is legit
C:Windowssystem32driverssfloppy.sys > MD5 is legit
C:Windowssystem32driversSiSRaid2.sys > MD5 is legit
C:Windowssystem32driverssisraid4.sys > MD5 is legit
C:WindowsSystem32DRIVERSsmb.sys > MD5 is legit
C:WindowsSystem32Driversspldr.sys > MD5 is legit
C:WindowsSystem32DriversNISx641309010.00ESRTSP64.SYS 891793E00432FA055CF040605C260E49
C:Windowssystem32driversNISx641309010.00ESRTSPX64.SYS 1CB7BB3B0561FB5ECFE37F7731E8BF3E
C:WindowsSystem32DRIVERSsrv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
C:WindowsSystem32DRIVERSsrv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
C:WindowsSystem32DRIVERSsrvnet.sys 27E461F0BE5BFF5FC737328F749538C3
C:Windowssystem32driversstexstor.sys > MD5 is legit
C:WindowsSystem32DRIVERSswenum.sys > MD5 is legit
C:WindowsSystem32DRIVERSswiwdmbusx64.sys C89FFA6A0B7723F2FB72A734934A4425
C:WindowsSystem32DRIVERSswumxa3.sys F6CEB2FF475265197D4407E87FF68701
C:WindowsSystem32driversNISx641309010.00ESYMDS64.SYS 8B2430762099598DA40686F754632EFD
C:WindowsSystem32driversNISx641309010.00ESYMEFA64.SYS 5CB7F2FD7E30A0F52F93574BFC3A8041
C:Windowssystem32DriversSYMEVENT64x86.SYS 898BB48C797483420DF523B2BBC1ECDB
C:Windowssystem32driversNISx641309010.00EIronx64.SYS 5013A76CAAA1D7CF1C55214B490B4E35
C:WindowsSystem32DriversNISx641309010.00ESYMNETS.SYS 3911BD0E68C010E5438A87706ABBE9AB
C:WindowsSystem32driverstcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:WindowsSystem32DRIVERStcpip.sys 9849EA3843A2ADBDD1497E97A85D8CAE
C:WindowsSystem32driverstcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
C:WindowsSystem32driverstdpipe.sys > MD5 is legit
C:WindowsSystem32driverstdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
C:WindowsSystem32DRIVERStdx.sys > MD5 is legit
C:WindowsSystem32DRIVERStermdd.sys > MD5 is legit
C:WindowsSystem32DRIVERStssecsrv.sys > MD5 is legit
C:WindowsSystem32driverstsusbflt.sys > MD5 is legit
C:Windowssystem32driversTsUsbGD.sys 9CC2CCAE8A84820EAECB886D477CBCB8
C:WindowsSystem32DRIVERStunnel.sys > MD5 is legit
C:Windowssystem32driversuagp35.sys > MD5 is legit
C:WindowsSystem32DRIVERSudfs.sys > MD5 is legit
C:Windowssystem32driversuliagpkx.sys > MD5 is legit
C:WindowsSystem32DRIVERSumbus.sys > MD5 is legit
C:Windowssystem32driversumpass.sys > MD5 is legit
C:WindowsSystem32DRIVERSusbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
C:Windowssystem32driversusbcir.sys > MD5 is legit
C:Windowssystem32driversusbehci.sys C025055FE7B87701EB042095DF1A2D7B
C:WindowsSystem32DRIVERSusbhub.sys 287C6C9410B111B68B52CA298F7B8C24
C:Windowssystem32driversusbohci.sys 9840FC418B4CBD632D3D0A667A725C31
C:Windowssystem32driversusbprint.sys > MD5 is legit
C:WindowsSystem32DRIVERSUSBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
C:Windowssystem32driversusbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
C:WindowsSystem32driversvdrvroot.sys > MD5 is legit
C:WindowsSystem32DRIVERSvgapnp.sys > MD5 is legit
C:WindowsSystem32driversvga.sys > MD5 is legit
C:Windowssystem32driversvhdmp.sys > MD5 is legit
C:Windowssystem32driversviaide.sys > MD5 is legit
C:WindowsSystem32driversvolmgr.sys > MD5 is legit
C:WindowsSystem32driversvolmgrx.sys > MD5 is legit
C:WindowsSystem32driversvolsnap.sys > MD5 is legit
C:Windowssystem32driversvsmraid.sys > MD5 is legit
C:WindowsSystem32driversvwifibus.sys > MD5 is legit
C:Windowssystem32driverswacompen.sys > MD5 is legit
C:WindowsSystem32DRIVERSwanarp.sys > MD5 is legit
C:WindowsSystem32DRIVERSwanarp.sys > MD5 is legit
C:Windowssystem32driverswd.sys > MD5 is legit
C:WindowsSystem32driversWdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
C:WindowsSystem32DRIVERSwfplwf.sys > MD5 is legit
C:WindowsSystem32driverswimmount.sys > MD5 is legit
C:WindowsSysWow64driverswimmount.sys > MD5 is legit
C:WindowsSystem32DRIVERSWinUsb.sys FE88B288356E7B47B74B13372ADD906D
C:Windowssystem32driverswmiacpi.sys > MD5 is legit
C:Windowssystem32driversws2ifsl.sys > MD5 is legit
C:WindowsSystem32DRIVERSWSDPrint.sys 8D918B1DB190A4D9B1753A66FA8C96E8
C:WindowsSystem32DRIVERSWSDScan.sys 4A2A5C50DD1A63577D3ACA94269FBC7F
C:WindowsSystem32driversWudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
C:WindowsSystem32DRIVERSWUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
NetSvcs (Whitelisted)
One Month Created Files and Folders
2013-08-01 20:37 - 2013-08-01 20:37 - 00000000 ____D C:FRST
2013-08-01 01:33 - 2013-08-01 01:37 - 00000000 ___SD C:ComboFix
2013-08-01 01:33 - 2013-08-01 01:37 - 00000000 ____D C:Windowserdnt
2013-08-01 01:33 - 2013-08-01 01:33 - 00000000 ___SD C:32788R22FWJFW
2013-08-01 01:33 - 2013-08-01 01:33 - 00000000 ____D C:Qoobox
2013-08-01 01:33 - 2011-06-25 22:45 - 00256000 _____ C:WindowsPEV.exe
2013-08-01 01:33 - 2010-11-07 09:20 - 00208896 _____ C:WindowsMBR.exe
2013-08-01 01:33 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:WindowsNIRCMD.exe
2013-08-01 01:33 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:WindowsSWREG.exe
2013-08-01 01:33 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:WindowsSWSC.exe
2013-08-01 01:33 - 2000-08-30 16:00 - 00098816 _____ C:Windowssed.exe
2013-08-01 01:33 - 2000-08-30 16:00 - 00080412 _____ C:Windowsgrep.exe
2013-08-01 01:33 - 2000-08-30 16:00 - 00068096 _____ C:Windowszip.exe
2013-07-30 00:02 - 2013-07-30 00:02 - 00000000 ____D C:ProgramData2430A
2013-07-28 02:52 - 2013-07-28 02:50 - 00869654 _____ C:UsersAtgiarasDesktopDriver_Win7_7072_05222013.zip
2013-07-28 01:32 - 2013-07-28 01:32 - 00000000 ____D C:UsersAtgiarasAppDataRoamingMalwarebytes
2013-07-28 01:32 - 2013-07-28 01:32 - 00000000 ____D C:ProgramDataMalwarebytes
2013-07-28 01:25 - 2013-07-28 01:35 - 00000000 ____D C:Program Files (x86)Sierra Wireless Inc
2013-07-28 01:25 - 2013-07-28 01:26 - 00000000 ____D C:UsersAtgiarasAppDataRoamingSierra Wireless
2013-07-28 01:25 - 2013-07-28 01:25 - 00000000 ____D C:ProgramDataSierra Wireless
2013-07-27 03:41 - 2013-07-27 03:41 - 00032352 _____ C:{10BA3DCA-25ED-42E3-BE67-509F328F9E32}
2013-07-27 03:41 - 2013-07-27 03:41 - 00002200 _____ C:{8CD708F7-C529-4205-A006-199E81E9658B}
2013-07-12 04:16 - 2013-06-11 15:43 - 14329856 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.dll
2013-07-12 04:16 - 2013-06-11 15:43 - 02877440 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript9.dll
2013-07-12 04:16 - 2013-06-11 15:43 - 01767936 _____ (Microsoft Corporation) C:WindowsSysWOW64wininet.dll
2013-07-12 04:16 - 2013-06-11 15:43 - 01141248 _____ (Microsoft Corporation) C:WindowsSysWOW64urlmon.dll
2013-07-12 04:16 - 2013-06-11 15:43 - 00690688 _____ (Microsoft Corporation) C:WindowsSysWOW64jscript.dll
2013-07-12 04:16 - 2013-06-11 15:43 - 00493056 _____ (Microsoft Corporation) C:WindowsSysWOW64msfeeds.dll
2013-07-12 04:16 - 2013-06-11 15:43 - 00039424 _____ (Microsoft Corporation) C:WindowsSysWOW64jsproxy.dll
2013-07-12 04:16 - 2013-06-11 15:42 - 13760512 _____ (Microsoft Corporation) C:WindowsSysWOW64ieframe.dll
2013-07-12 04:16 - 2013-06-11 15:42 - 02046976 _____ (Microsoft Corporation) C:WindowsSysWOW64iertutil.dll
2013-07-12 04:16 - 2013-06-11 15:42 - 00391168 _____ (Microsoft Corporation) C:WindowsSysWOW64ieui.dll
2013-07-12 04:16 - 2013-06-11 15:42 - 00109056 _____ (Microsoft Corporation) C:WindowsSysWOW64iesysprep.dll
2013-07-12 04:16 - 2013-06-11 15:42 - 00061440 _____ (Microsoft Corporation) C:WindowsSysWOW64iesetup.dll
2013-07-12 04:16 - 2013-06-11 15:42 - 00033280 _____ (Microsoft Corporation) C:WindowsSysWOW64iernonce.dll
2013-07-12 04:16 - 2013-06-11 15:26 - 02241024 _____ (Microsoft Corporation) C:WindowsSystem32wininet.dll
2013-07-12 04:16 - 2013-06-11 15:26 - 01365504 _____ (Microsoft Corporation) C:WindowsSystem32urlmon.dll
2013-07-12 04:16 - 2013-06-11 15:26 - 00051712 _____ (Microsoft Corporation) C:WindowsSystem32ie4uinit.exe
2013-07-12 04:16 - 2013-06-11 15:25 - 19238912 _____ (Microsoft Corporation) C:WindowsSystem32mshtml.dll
2013-07-12 04:16 - 2013-06-11 15:25 - 15404032 _____ (Microsoft Corporation) C:WindowsSystem32ieframe.dll
2013-07-12 04:16 - 2013-06-11 15:25 - 03958784 _____ (Microsoft Corporation) C:WindowsSystem32jscript9.dll
2013-07-12 04:16 - 2013-06-11 15:25 - 02648576 _____ (Microsoft Corporation) C:WindowsSystem32iertutil.dll
2013-07-12 04:16 - 2013-06-11 15:25 - 00855552 _____ (Microsoft Corporation) C:WindowsSystem32jscript.dll
2013-07-12 04:16 - 2013-06-11 15:25 - 00603136 _____ (Microsoft Corporation) C:WindowsSystem32msfeeds.dll
2013-07-12 04:16 - 2013-06-11 15:25 - 00526336 _____ (Microsoft Corporation) C:WindowsSystem32ieui.dll
2013-07-12 04:16 - 2013-06-11 15:25 - 00136704 _____ (Microsoft Corporation) C:WindowsSystem32iesysprep.dll
2013-07-12 04:16 - 2013-06-11 15:25 - 00067072 _____ (Microsoft Corporation) C:WindowsSystem32iesetup.dll
2013-07-12 04:16 - 2013-06-11 15:25 - 00053248 _____ (Microsoft Corporation) C:WindowsSystem32jsproxy.dll
2013-07-12 04:16 - 2013-06-11 15:25 - 00039936 _____ (Microsoft Corporation) C:WindowsSystem32iernonce.dll
2013-07-12 04:16 - 2013-06-11 14:51 - 00071680 _____ (Microsoft Corporation) C:WindowsSysWOW64RegisterIEPKEYs.exe
2013-07-12 04:16 - 2013-06-11 14:50 - 00089600 _____ (Microsoft Corporation) C:WindowsSystem32RegisterIEPKEYs.exe
2013-07-12 04:16 - 2013-06-06 19:22 - 02706432 _____ (Microsoft Corporation) C:WindowsSystem32mshtml.tlb
2013-07-12 04:16 - 2013-06-06 18:37 - 02706432 _____ (Microsoft Corporation) C:WindowsSysWOW64mshtml.tlb
2013-07-12 02:10 - 2013-06-04 19:34 - 03153920 _____ (Microsoft Corporation) C:WindowsSystem32win32k.sys
2013-07-12 02:10 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:WindowsSystem32qedit.dll
2013-07-12 02:10 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:WindowsSysWOW64qedit.dll
2013-07-12 02:10 - 2013-05-05 22:03 - 01887744 _____ (Microsoft Corporation) C:WindowsSystem32WMVDECOD.DLL
2013-07-12 02:10 - 2013-05-05 20:56 - 01620480 _____ (Microsoft Corporation) C:WindowsSysWOW64WMVDECOD.DLL
2013-07-12 02:10 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:WindowsSysWOW64DWrite.dll
2013-07-12 02:10 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:WindowsSystem32DWrite.dll
2013-07-05 19:11 - 2013-07-13 19:44 - 00000000 ____D C:UsersAtgiarasDocumentsBOOK SHELF
2013-07-04 02:30 - 2013-07-04 02:30 - 00000557 _____ C:UsersAtgiarasDownloadsusb000i5tm.kml
2013-07-03 22:04 - 2013-07-03 22:04 - 00013006 _____ C:UsersAtgiarasDownloadsSuppliers breakdown.xlsx
One Month Modified Files and Folders
2013-08-01 20:37 - 2013-08-01 20:37 - 00000000 ____D C:FRST
2013-08-01 19:40 - 2012-09-29 22:59 - 00950128 _____ (Microsoft Corporation) C:WindowsSystem32Driversndis.sys
2013-08-01 01:37 - 2013-08-01 01:33 - 00000000 ___SD C:ComboFix
2013-08-01 01:37 - 2013-08-01 01:33 - 00000000 ____D C:Windowserdnt
2013-08-01 01:33 - 2013-08-01 01:33 - 00000000 ___SD C:32788R22FWJFW
2013-08-01 01:33 - 2013-08-01 01:33 - 00000000 ____D C:Qoobox
2013-08-01 01:33 - 2009-07-13 21:13 - 00782902 _____ C:WindowsSystem32PerfStringBackup.INI
2013-08-01 01:32 - 2013-04-17 05:04 - 00000000 ____D C:UsersAtgiarasAppDataLocaliMesh
2013-08-01 01:31 - 2009-07-13 20:51 - 00066752 _____ C:Windowssetupact.log
2013-07-30 00:02 - 2013-07-30 00:02 - 00000000 ____D C:ProgramData2430A
2013-07-30 00:02 - 2012-12-28 05:32 - 00000000 ____D C:UsersAtgiarasAppDataLocalCrashDumps
2013-07-30 00:02 - 2012-09-03 07:56 - 00000000 ____D C:ProgramDataNVIDIA
2013-07-30 00:02 - 2009-07-13 21:08 - 00032594 _____ C:WindowsTasksSCHEDLGU.TXT
2013-07-30 00:02 - 2009-07-13 21:08 - 00000006 ____H C:WindowsTasksSA.DAT
2013-07-28 03:27 - 2010-11-20 19:47 - 00099990 _____ C:WindowsPFRO.log
2013-07-28 03:02 - 2013-01-16 04:49 - 00000000 ____D C:Program Files (x86)LSHunter.TV
2013-07-28 02:57 - 2009-07-13 20:45 - 00022064 ____H C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-07-28 02:57 - 2009-07-13 20:45 - 00022064 ____H C:WindowsSystem327B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-07-28 02:52 - 2013-04-09 17:09 - 00849992 _____ (Realtek ) C:WindowsSystem32DriversRt64win7.sys
2013-07-28 02:52 - 2013-04-09 17:09 - 00073800 _____ (Realtek Semiconductor Corporation) C:WindowsSystem32RtNicProp64.dll
2013-07-28 02:52 - 2012-09-03 08:02 - 00108104 _____ (Realtek Semiconductor Corporation) C:WindowsSystem32RTNUninst64.dll
2013-07-28 02:50 - 2013-07-28 02:52 - 00869654 _____ C:UsersAtgiarasDesktopDriver_Win7_7072_05222013.zip
2013-07-28 02:49 - 2012-09-03 07:50 - 01935326 _____ C:WindowsWindowsUpdate.log
2013-07-28 02:47 - 2012-11-12 22:54 - 00000000 ____D C:Program FilesGoogle
2013-07-28 02:47 - 2012-11-12 22:53 - 00000000 ____D C:Program Files (x86)Google
2013-07-28 02:47 - 2012-09-03 08:02 - 00000000 ___HD C:Program Files (x86)InstallShield Installation Information
2013-07-28 02:44 - 2013-04-11 00:40 - 00000000 ____D C:Program Files (x86)Graboid
2013-07-28 02:41 - 2012-11-12 22:53 - 00000000 ____D C:UsersAtgiarasAppDataLocalGoogle
2013-07-28 01:35 - 2013-07-28 01:25 - 00000000 ____D C:Program Files (x86)Sierra Wireless Inc
2013-07-28 01:32 - 2013-07-28 01:32 - 00000000 ____D C:UsersAtgiarasAppDataRoamingMalwarebytes
2013-07-28 01:32 - 2013-07-28 01:32 - 00000000 ____D C:ProgramDataMalwarebytes
2013-07-28 01:26 - 2013-07-28 01:25 - 00000000 ____D C:UsersAtgiarasAppDataRoamingSierra Wireless
2013-07-28 01:26 - 2013-05-10 01:57 - 00000000 ____D C:UsersAtgiarasDocumentsOutlook Files
2013-07-28 01:25 - 2013-07-28 01:25 - 00000000 ____D C:ProgramDataSierra Wireless
2013-07-28 01:12 - 2013-06-27 21:53 - 00000000 ____D C:Program Files (x86)DealPlyLive
2013-07-28 01:10 - 2013-06-27 21:52 - 00000000 ____D C:UsersAtgiarasAppDataRoamingPerformerSoft
2013-07-28 01:07 - 2009-07-13 19:20 - 00000000 ____D C:WindowsSystem32NDF
2013-07-27 22:34 - 2013-06-30 22:03 - 00000000 ____D C:UsersAtgiarasDesktopNoah
2013-07-27 03:42 - 2012-09-29 00:38 - 00000000 ____D C:usersAtgiaras
2013-07-27 03:41 - 2013-07-27 03:41 - 00032352 _____ C:{10BA3DCA-25ED-42E3-BE67-509F328F9E32}
2013-07-27 03:41 - 2013-07-27 03:41 - 00002200 _____ C:{8CD708F7-C529-4205-A006-199E81E9658B}
2013-07-27 03:41 - 2012-11-12 22:53 - 00000898 _____ C:WindowsTasksGoogleUpdateTaskMachineCore.job
2013-07-26 22:05 - 2012-10-14 02:16 - 00000830 _____ C:WindowsTasksAdobe Flash Player Updater.job
2013-07-26 21:53 - 2013-06-27 21:53 - 00000302 _____ C:WindowsTasksDealply.job
2013-07-26 21:19 - 2012-11-12 22:53 - 00000902 _____ C:WindowsTasksGoogleUpdateTaskMachineUA.job
2013-07-26 17:28 - 2012-09-29 03:31 - 00000000 ____D C:ProgramDataNorton
2013-07-26 16:38 - 2009-07-13 21:32 - 00000000 ____D C:WindowsSystem32FxsTmp
2013-07-26 16:37 - 2013-06-27 21:52 - 00003118 _____ C:WindowsSystem32TasksPC Performer
2013-07-25 23:32 - 2012-11-27 01:44 - 00003934 _____ C:WindowsSystem32TasksUser_Feed_Synchronization-{ED1C96F8-31EA-4905-8FF0-2846FE7EF07A}
2013-07-16 00:14 - 2012-11-12 22:53 - 00003898 _____ C:WindowsSystem32TasksGoogleUpdateTaskMachineUA
2013-07-16 00:14 - 2012-11-12 22:53 - 00003646 _____ C:WindowsSystem32TasksGoogleUpdateTaskMachineCore
2013-07-13 23:04 - 2012-09-29 02:48 - 00000000 ____D C:UsersAtgiarasDesktopPaul
2013-07-13 19:44 - 2013-07-05 19:11 - 00000000 ____D C:UsersAtgiarasDocumentsBOOK SHELF
2013-07-12 15:10 - 2009-07-13 20:45 - 00416688 _____ C:WindowsSystem32FNTCACHE.DAT
2013-07-12 15:09 - 2010-11-20 23:17 - 00000000 ____D C:Program FilesWindows Journal
2013-07-12 15:09 - 2009-07-13 21:32 - 00000000 ____D C:Program FilesWindows Defender
2013-07-12 15:09 - 2009-07-13 21:32 - 00000000 ____D C:Program Files (x86)Windows Defender
2013-07-12 04:20 - 2012-09-29 02:44 - 00000000 ____D C:ProgramDataMicrosoft Help
2013-07-12 04:17 - 2012-12-30 18:45 - 78185248 _____ (Microsoft Corporation) C:WindowsSystem32MRT.exe
2013-07-04 02:30 - 2013-07-04 02:30 - 00000557 _____ C:UsersAtgiarasDownloadsusb000i5tm.kml
2013-07-03 23:27 - 2013-05-10 01:50 - 00000000 ____D C:UsersAtgiarasAppDataLocalLogMeIn Rescue Applet
2013-07-03 22:04 - 2013-07-03 22:04 - 00013006 _____ C:UsersAtgiarasDownloadsSuppliers breakdown.xlsx
2013-07-02 05:31 - 2009-07-13 21:32 - 00000000 ____D C:WindowsSystem32restore
Known DLLs (Whitelisted)
Bamital & volsnap Check
C:WindowsSystem32winlogon.exe => MD5 is legit
C:WindowsSystem32wininit.exe => MD5 is legit
C:WindowsSysWOW64wininit.exe => MD5 is legit
C:Windowsexplorer.exe => MD5 is legit
C:WindowsSysWOW64explorer.exe => MD5 is legit
C:WindowsSystem32svchost.exe => MD5 is legit
C:WindowsSysWOW64svchost.exe => MD5 is legit
C:WindowsSystem32services.exe => MD5 is legit
C:WindowsSystem32User32.dll => MD5 is legit
C:WindowsSysWOW64User32.dll => MD5 is legit
C:WindowsSystem32userinit.exe => MD5 is legit
C:WindowsSysWOW64userinit.exe => MD5 is legit
C:WindowsSystem32Driversvolsnap.sys => MD5 is legit
EXE ASSOCIATION
HKLM....exe: exefile => OK
HKLM...exefileDefaultIcon: %1 => OK
HKLM...exefileopencommand: '%1' %* => OK
Restore Points
BCD
Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=Y:
description Windows Boot Manager
locale en-US
inherit {globalsettings}
default {default}
resumeobject {7aa81b0d-040b-11e2-b0f7-8c89a5d9bf45}
displayorder {default}
toolsdisplayorder {memdiag}
timeout 3
Windows Boot Loader
-------------------
identifier {default}
device partition=C:
path Windowssystem32winload.exe
description Windows 7
locale en-US
inherit {bootloadersettings}
recoverysequence {current}
recoveryenabled Yes
osdevice partition=C:
systemroot Windows
resumeobject {7aa81b0d-040b-11e2-b0f7-8c89a5d9bf45}
nx OptIn
detecthal Yes
Windows Boot Loader
-------------------
identifier {current}
device ramdisk=[C:]Recovery7aa81b0f-040b-11e2-b0f7-8c89a5d9bf45Winre.wim,{7aa81b10-040b-11e2-b0f7-8c89a5d9bf45}
path windowssystem32winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]Recovery7aa81b0f-040b-11e2-b0f7-8c89a5d9bf45Winre.wim,{7aa81b10-040b-11e2-b0f7-8c89a5d9bf45}
systemroot windows
nx OptIn
winpe Yes
Resume from Hibernate
---------------------
identifier {7aa81b0d-040b-11e2-b0f7-8c89a5d9bf45}
device partition=C:
path Windowssystem32winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
filedevice partition=C:
filepath hiberfil.sys
debugoptionenabled No
Windows Memory Tester
---------------------
identifier {memdiag}
device partition=Y:
path bootmemtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes
EMS Settings
------------
identifier {emssettings}
bootems Yes
Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200
RAM Defects
-----------
identifier {badmemory}
Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}
Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}
Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}
Device options
--------------
identifier {7aa81b10-040b-11e2-b0f7-8c89a5d9bf45}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath Recovery7aa81b0f-040b-11e2-b0f7-8c89a5d9bf45boot.sdi
Memory info
Percentage of memory in use: 9%
Total physical RAM: 8155.7 MB
Available physical RAM: 7353.91 MB
Total Pagefile: 8153.9 MB
Available Pagefile: 7351.06 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
Drives
Drive c: () (Fixed) (Total:931.41 GB) (Free:884.15 GB) NTFS (Disk=0 Partition=2)
Drive f: (USB 1) (Removable) (Total:7.44 GB) (Free:7.37 GB) FAT32 (Disk=1 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) >[System with boot components (obtained from reading drive)]
MBR & Partition Table
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: EB5B3C22)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
Disk: 1 (Size: 7 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=7 GB) - (Type=0B)
LastRegBack: 2013-07-26 18:16
End Of Log