Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014 Ran by SYSTEM on MININT-QOF04DB on 05-06-2014 19:32:32 Running from H:\ Platform: Windows 7 Ultimate (X64) OS Language: English(US) Internet Explorer Version 8 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.[/b] The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== HKLM\...\Run: [SynTPEnh] => C:\Program Files\synaptics\syntp\syntpenh.exe [2916112 2012-04-08] (Synaptics Incorporated) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-30] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [3493720 2011-07-04] (AVAST Software) HKLM-x32\...\Run: [BtTray] => C:\Program Files (x86)\IVT Corporation\BlueSoleil\BtTray.exe [368726 2012-05-28] (IVT Corporation) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [ASUS Ai Charger] => C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe [547984 2012-08-12] (ASUSTek Computer Inc.) HKLM-x32\...\Run: [ContinueAfterReboot] => C:\Program Files (x86)\Lenovo\System Update\Tvsu.exe [1459256 2014-02-21] () Winlogon\Notify\igfxcui: C:\Windows\SYSTEM32\igfxdev.dll (Intel Corporation) Winlogon\Notify\psfus: C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll (Authentec Inc.) HKU\Default\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun HKU\Default User\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun Lsa: [Notification Packages] scecli C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - No File ==================== Services (Whitelisted) ================= S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [42184 2011-07-04] (AVAST Software) S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [121000 2011-07-04] (AVAST Software) S2 BlueSoleilCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1082368 2012-05-31] (IVT Corporation) S3 BsHelpCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsHelpCS.exe [199680 2012-05-21] (IVT Corporation) S2 BsMobileCS; C:\Program Files (x86)\IVT Corporation\BlueSoleil\BsMobileCS.exe [147563 2012-05-21] (IVT Corporation) S3 DfSdkS; C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2013\DfsdkS64.exe [544768 2009-08-24] (mst software GmbH, Germany) S2 fsproflt; C:\Windows\SysWOW64\fsproflt.exe [46912 2012-04-16] (FSPro Labs) S2 Lenovo.VIRTSCRLSVC; C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe [133992 2011-07-12] (Lenovo Group Limited) S2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [223088 2011-04-26] () S2 MSSQL$SQLEXPRESS; C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-09] (Microsoft Corporation) S4 msvsmon90; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [4466688 2007-11-06] (Microsoft Corporation) S2 SmartPower; C:\Program Files (x86)\Ignatu Software\SmartPower\SmartPower.exe [28672 2012-07-01] () S2 SROSVC; C:\Program Files (x86)\Lenovo\Screen Reading Optimizer\SROSVC.exe [446800 2012-03-04] (Lenovo Group Limited) S3 SUService; C:\Program Files (x86)\Lenovo\System Update\SUService.exe [24120 2014-02-21] () S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2027840 2011-07-19] (TuneUp Software) S4 Virtual Router; C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [12288 2013-02-10] (Chris Pietschmann (http://pietschsoft.com)) ==================== Drivers (Whitelisted) ==================== S3 AiCharger; C:\Windows\SysWow64\drivers\AiCharger.sys [14848 2012-03-22] (ASUSTek Computer Inc.) S3 AirDisplay; C:\Windows\System32\DRIVERS\AVVideoCard.sys [16248 2013-04-15] (Windows (R) Win 7 DDK provider) S3 AirDisplayMirror; C:\Windows\System32\DRIVERS\AVVideoCardMirror.sys [16248 2013-04-15] (Windows (R) Win 7 DDK provider) S3 AirDisplayWDDM; C:\Windows\System32\DRIVERS\AVWDDMMiniPort.sys [45432 2013-04-15] (Windows (R) Win 7 DDK provider) S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [22360 2011-07-04] (AVAST Software) S1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [129368 2011-07-04] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [64856 2011-07-04] (AVAST Software) S0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2011-07-04] (ALWIL Software) S0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [257368 2011-07-04] (AVAST Software) S1 aswRdr; C:\Windows\System32\Drivers\aswRdr.sys [31064 2011-07-04] (AVAST Software) S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [600920 2011-07-04] (AVAST Software) S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [288088 2011-07-04] (AVAST Software) S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [45400 2011-07-04] (AVAST Software) S5 BlueletAudio; C:\Windows\System32\Drivers\BlueletAudio.sys [36360 2009-06-17] (IVT Corporation.) S3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [22240 2011-12-21] (IVT Corporation.) S3 BTCOM; C:\Windows\System32\DRIVERS\btcomport.sys [29576 2011-07-26] (IVT Corporation.) S3 BTCOMBUS; C:\Windows\System32\Drivers\btcombus.sys [25568 2013-04-26] (IVT Corporation.) S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [43616 2011-12-26] (IVT Corporation.) S3 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [24032 2013-10-08] (IVT Corporation.) S3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.) S3 cbfs3; C:\Windows\System32\DRIVERS\cbfs3.sys [352144 2012-04-09] (EldoS Corporation) S2 CdaC15BA; C:\Windows\SysWOW64\drivers\CdaC15BA.SYS [12464 2013-05-28] (Macrovision Europe Ltd) S1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-12-27] (DT Soft Ltd) S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () S0 FSProFilter; C:\Windows\System32\Drivers\FSPFltd.sys [54848 2010-07-22] (FSPro Labs) S5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.) S3 hid8103; C:\Windows\SysWOW64\drivers\hid8103.sys [31128 2006-10-25] (Compuware Corporation) S0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-09-20] (Intel Corporation) S3 IvtAudioBusSrv; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.) S3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [27256 2012-12-24] (IVT Corporation.) S3 IvtComBusSrv; C:\Windows\System32\Drivers\btcombus.sys [25568 2013-04-26] (IVT Corporation.) S3 IvtPanBusSrv; C:\Windows\System32\Drivers\btnetBus.sys [31480 2012-12-24] (IVT Corporation.) S3 kvnet; C:\Windows\System32\DRIVERS\kvnet.sys [30208 2013-03-05] (Kerio Technologies Inc.) S3 nmwcdcx64; C:\Windows\System32\drivers\ccdcmbox64.sys [25088 2010-02-26] (Nokia) S3 nmwcdx64; C:\Windows\System32\drivers\ccdcmbx64.sys [19456 2010-02-26] (Nokia) S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19032 2012-06-18] () S3 pwdspio; C:\Windows\system32\pwdspio.sys [12384 2012-06-18] () S2 smihlp; C:\Program Files\ThinkVantage Fingerprint Software\smihlp.sys [13128 2011-05-30] (Authentec Inc.) S0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-05-28] (Duplex Secure Ltd.) S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2013-04-02] (Anchorfree Inc.) S3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltx64j.sys [9216 2010-02-26] (Nokia) S5 BlueletAudio; C:\Windows\SysWOW64\Drivers\BlueletAudio.sys [36360 2009-06-17] (IVT Corporation.) S3 btwampfl; \??\C:\Windows\system32\drivers\btwampfl.sys [X] S3 btwaudio; system32\drivers\btwaudio.sys [X] S3 btwavdt; system32\DRIVERS\btwavdt.sys [X] S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X] S3 btwrchid; system32\DRIVERS\btwrchid.sys [X] S3 esihdrv; \??\C:\Users\H@MID\AppData\Local\Temp\esihdrv.sys [X] S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X] S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-06-05 19:04 - 2014-06-05 06:13 - 324076440 _____ () C:\Users\H@MID\Desktop\all1.reg 2014-06-05 18:35 - 2014-06-05 19:32 - 00000000 ____D () C:\FRST 2014-06-05 06:13 - 2014-06-05 19:28 - 00097612 _____ () C:\Users\H@MID\Desktop\all.reg 2014-06-05 06:09 - 2014-06-05 06:09 - 00002740 _____ () C:\Windows\PFRO.log 2014-06-05 03:41 - 2014-06-05 03:41 - 01453619 _____ () C:\Users\H@MID\Desktop\KNIGHT-Thu_06_05_2014_160721_09.zip 2014-06-05 03:23 - 2014-06-05 03:24 - 12046514 _____ () C:\Windows\EventSys.txt 2014-06-05 03:23 - 2014-06-05 03:23 - 00000000 ____D () C:\Users\H@MID\Desktop\SF_05-06-2014 2014-06-05 03:12 - 2013-06-01 05:04 - 00310272 _____ () C:\Users\H@MID\Desktop\SF_Diagnostic_Tool.exe 2014-06-05 03:06 - 2014-06-05 03:06 - 00000000 ____D () C:\Users\H@MID\AppData\Roaming\ParetoLogic 2014-06-05 03:06 - 2014-06-05 03:06 - 00000000 ____D () C:\Users\H@MID\AppData\Roaming\DriverCure 2014-06-05 02:46 - 2014-06-05 05:39 - 00000000 ____D () C:\ProgramData\ParetoLogic 2014-06-05 02:46 - 2014-06-05 02:46 - 00000000 ____D () C:\Program Files (x86)\ParetoLogic 2014-06-05 02:29 - 2014-06-05 02:29 - 00003608 ____N () C:\bootsqm.dat 2014-05-19 12:24 - 2014-05-19 12:53 - 00000000 ____D () C:\Program Files (x86)\ISO to USB 2014-05-11 21:31 - 2014-05-11 21:31 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2718334014-3514147011-2979861946-1000Core1cf6da36aaa37a5.job 2014-05-10 21:36 - 2014-05-10 21:37 - 00214922 _____ () C:\Users\H@MID\Downloads\2011-05-03_08.30.26_book_format.rar 2014-05-06 23:02 - 2014-05-06 23:02 - 00000000 ____D () C:\ProgramData\Loaris 2014-05-06 23:02 - 2014-05-06 23:02 - 00000000 ____D () C:\Program Files\Loaris 2014-05-06 10:12 - 2014-05-06 10:12 - 00000000 ____D () C:\Users\H@MID\AppData\Local\P30World.com ==================== One Month Modified Files and Folders ======= 2014-06-05 19:32 - 2014-06-05 18:35 - 00000000 ____D () C:\FRST 2014-06-05 19:28 - 2014-06-05 06:13 - 00097612 _____ () C:\Users\H@MID\Desktop\all.reg 2014-06-05 06:13 - 2014-06-05 19:04 - 324076440 _____ () C:\Users\H@MID\Desktop\all1.reg 2014-06-05 06:10 - 2012-07-03 11:48 - 00000000 ____D () C:\ProgramData\TEMP 2014-06-05 06:10 - 2012-06-25 13:29 - 00000000 ____D () C:\Users\H@MID\AppData\Local\Temp 2014-06-05 06:09 - 2014-06-05 06:09 - 00002740 _____ () C:\Windows\PFRO.log 2014-06-05 05:39 - 2014-06-05 02:46 - 00000000 ____D () C:\ProgramData\ParetoLogic 2014-06-05 05:38 - 2012-11-10 23:44 - 00000000 ____D () C:\Windows\AutoKMS 2014-06-05 04:34 - 2012-11-10 23:53 - 00002982 _____ () C:\Windows\System32\Tasks\AutoKMS 2014-06-05 04:34 - 2012-11-10 23:53 - 00000292 _____ () C:\Windows\Tasks\AutoKMS.job 2014-06-05 04:34 - 2012-11-10 23:51 - 00151552 _____ () C:\Windows\KMSEmulator.exe 2014-06-05 04:33 - 2012-05-31 05:20 - 00001268 _____ () C:\Windows\SysWOW64\bscs.ini 2014-06-05 04:33 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-06-05 04:16 - 2013-10-19 04:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-05 04:03 - 2009-08-03 09:13 - 00768702 _____ () C:\Windows\System32\perfh019.dat 2014-06-05 04:03 - 2009-08-03 09:13 - 00166642 _____ () C:\Windows\System32\perfc019.dat 2014-06-05 04:03 - 2009-07-13 21:13 - 01772060 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-06-05 03:58 - 2009-07-13 20:45 - 00016624 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-06-05 03:58 - 2009-07-13 20:45 - 00016624 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-06-05 03:44 - 2014-02-02 07:12 - 00000000 ____D () C:\Windows\Minidump 2014-06-05 03:41 - 2014-06-05 03:41 - 01453619 _____ () C:\Users\H@MID\Desktop\KNIGHT-Thu_06_05_2014_160721_09.zip 2014-06-05 03:24 - 2014-06-05 03:23 - 12046514 _____ () C:\Windows\EventSys.txt 2014-06-05 03:23 - 2014-06-05 03:23 - 00000000 ____D () C:\Users\H@MID\Desktop\SF_05-06-2014 2014-06-05 03:11 - 2013-12-25 05:27 - 00000000 ____D () C:\Program Files (x86)\Notepad++ 2014-06-05 03:11 - 2013-11-21 06:43 - 00000000 ____D () C:\Program Files (x86)\Hyd 2014-06-05 03:11 - 2013-09-22 08:41 - 00000000 ____D () C:\Program Files (x86)\Tongbu 2014-06-05 03:11 - 2013-08-22 07:13 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak 2014-06-05 03:11 - 2013-08-05 09:57 - 00000000 ____D () C:\Users\H@MID\Documents\Readiris 2014-06-05 03:11 - 2013-07-31 16:16 - 00000000 ____D () C:\Users\H@MID\AppData\Roaming\AIMP3 2014-06-05 03:11 - 2013-06-26 05:02 - 00000000 ____D () C:\Users\H@MID\AppData\Local\CrashDumps 2014-06-05 03:11 - 2013-06-07 05:54 - 00000000 ____D () C:\Program Files (x86)\PlatinumHideIP 2014-06-05 03:11 - 2013-06-07 02:13 - 00000000 ____D () C:\Users\H@MID\AppData\Roaming\IDM 2014-06-05 03:11 - 2013-06-07 02:13 - 00000000 ____D () C:\Users\H@MID\AppData\Roaming\DMCache 2014-06-05 03:11 - 2013-06-07 02:13 - 00000000 ____D () C:\Program Files (x86)\Internet Download Manager 2014-06-05 03:11 - 2013-02-09 12:49 - 00000000 ____D () C:\Program Files (x86)\Integrated Camera Driver 2014-06-05 03:11 - 2012-11-13 07:15 - 00000000 ____D () C:\Users\H@MID\Documents\Deer Drive 2014-06-05 03:11 - 2012-10-15 10:09 - 00000000 ____D () C:\Users\H@MID\AppData\Roaming\Mobile Atlas Creator 2014-06-05 03:11 - 2012-10-14 04:37 - 00000000 ____D () C:\Users\H@MID\AppData\Roaming\BitTorrent 2014-06-05 03:11 - 2012-08-09 17:22 - 00000000 ____D () C:\Users\H@MID\AppData\Roaming\TeraCopy 2014-06-05 03:11 - 2012-07-19 01:45 - 00000000 ____D () C:\Program Files (x86)\K-Lite Codec Pack 2014-06-05 03:11 - 2012-06-28 05:55 - 00000000 ____D () C:\Program Files (x86)\Orbitdownloader 2014-06-05 03:11 - 2009-07-13 19:20 - 00000000 __RHD () C:\users\Default 2014-06-05 03:06 - 2014-06-05 03:06 - 00000000 ____D () C:\Users\H@MID\AppData\Roaming\ParetoLogic 2014-06-05 03:06 - 2014-06-05 03:06 - 00000000 ____D () C:\Users\H@MID\AppData\Roaming\DriverCure 2014-06-05 02:46 - 2014-06-05 02:46 - 00000000 ____D () C:\Program Files (x86)\ParetoLogic 2014-06-05 02:29 - 2014-06-05 02:29 - 00003608 ____N () C:\bootsqm.dat 2014-06-05 01:04 - 2012-06-25 13:29 - 00000000 ____D () C:\users\H@MID 2014-06-04 11:58 - 2012-08-23 17:51 - 00000600 _____ () C:\Users\H@MID\PUTTY.RND 2014-06-04 11:34 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF 2014-06-03 08:20 - 2012-06-28 05:54 - 00000000 ____D () C:\Users\H@MID\AppData\Roaming\Orbit 2014-06-03 07:28 - 2013-08-19 13:45 - 00000000 ____D () C:\Users\H@MID\Downloads\pic 2014-05-19 13:52 - 2013-09-22 11:03 - 00000000 ____D () C:\Users\H@MID\AppData\Roaming\ihelper 2014-05-19 12:53 - 2014-05-19 12:24 - 00000000 ____D () C:\Program Files (x86)\ISO to USB 2014-05-19 12:41 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Registration 2014-05-19 11:12 - 2014-01-17 09:25 - 00000000 ____D () C:\Users\H@MID\AppData\Roaming\ihelper2014 2014-05-19 11:12 - 2013-06-06 23:22 - 00000000 ____D () C:\Users\H@MID\Documents\ihelper 2014-05-19 08:15 - 2012-06-29 20:21 - 00002782 _____ () C:\Users\H@MID\Desktop\Eng.txt 2014-05-13 01:05 - 2012-06-27 19:40 - 00001530 _____ () C:\Users\H@MID\Desktop\ntd.txt 2014-05-11 21:31 - 2014-05-11 21:31 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2718334014-3514147011-2979861946-1000Core1cf6da36aaa37a5.job 2014-05-10 21:37 - 2014-05-10 21:36 - 00214922 _____ () C:\Users\H@MID\Downloads\2011-05-03_08.30.26_book_format.rar 2014-05-06 23:02 - 2014-05-06 23:02 - 00000000 ____D () C:\ProgramData\Loaris 2014-05-06 23:02 - 2014-05-06 23:02 - 00000000 ____D () C:\Program Files\Loaris 2014-05-06 10:12 - 2014-05-06 10:12 - 00000000 ____D () C:\Users\H@MID\AppData\Local\P30World.com Files to move or delete: ==================== C:\ProgramData\sdpsenv.dat Some content of TEMP: ==================== C:\Users\H@MID\AppData\Local\Temp\DataCard_Setup64.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 4007.23 MB Available physical RAM: 3367.56 MB Total Pagefile: 4005.38 MB Available Pagefile: 3345.64 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:79.91 GB) (Free:19.68 GB) NTFS Drive d: () (Fixed) (Total:180 GB) (Free:8.9 GB) NTFS Drive e: () (Fixed) (Total:185.76 GB) (Free:16.74 GB) NTFS Drive h: () (Removable) (Total:7.52 GB) (Free:2.38 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 466 GB) (Disk ID: 999802A8) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=80 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=386 GB) - (Type=OF Extended) ======================================================== Disk: 1 (Size: 8 GB) (Disk ID: 04DD5721) Partition 1: (Active) - (Size=8 GB) - (Type=0B) LastRegBack: 2014-05-28 12:49 ==================== End Of Log ============================