Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014 Ran by SYSTEM on MININT-N78361P on 14-09-2014 15:41:16 Running from F:\ Platform: Windows 7 Professional (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] The only official download link for FRST: Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SA3\SACpl.exe [1628288 2011-09-08] (Conexant Systems, Inc.) HKLM\...\Run: [BLEServicesCtrl] => C:\Program Files (x86)\Intel\Bluetooth\BleServicesCtrl.exe [178960 2012-03-15] (Intel Corporation) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation) HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-16] (Intel Corporation) HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd) HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40312 2014-05-08] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1596224 2014-04-17] (IObit) HKLM-x32\...\Run: [SBAMTray] => C:\Program Files (x86)\VIPRE\SBAMTray.exe [3216272 2013-09-05] (ThreatTrack Security, Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767200 2014-04-17] (Advanced Micro Devices, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\Administrator\...\Run: [Spotify] => C:\Users\Chris\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-21] (Spotify Ltd) HKU\Administrator\...\Run: [FreeApp] => "C:\Users\Chris\Downloads\freeapps.exe" /autorun HKU\Administrator\...\Run: [Steam] => C:\Games\Steam\Steam.exe [1939136 2014-08-28] (Valve Corporation) HKU\Administrator\...\Run: [Spotify Web Helper] => C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-21] (Spotify Ltd) HKU\Chris\...\Run: [Spotify] => C:\Users\Chris\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-21] (Spotify Ltd) HKU\Chris\...\Run: [Steam] => C:\Games\Steam\Steam.exe [1939136 2014-08-28] (Valve Corporation) HKU\Chris\...\Run: [Spotify Web Helper] => C:\Users\Chris\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-21] (Spotify Ltd) HKU\Chris\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [55568 2014-08-19] (Raptr, Inc) Lsa: [Notification Packages] DPPassFilter scecli Startup: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation) Startup: C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk ShortcutTarget: Intel(R) Turbo Boost Technology Monitor 2.0.lnk -> C:\Program Files\Intel\TurboBoost\SignalIslandUi.exe (Intel® Corporation) BootExecute: autocheck autochk * SmartDefragBootTime.exe ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 BRSptSvc; C:\ProgramData\BitRaider\BRSptSvc.exe [484592 2013-10-26] (BitRaider, LLC) S2 CxUtilSvc; C:\Program Files\Conexant\SA3\CxUtilSvc.exe [109184 2011-10-11] (Conexant Systems, Inc.) S2 gfi_lanss11_attservice; C:\Program Files (x86)\GFI\LanGuard 11 Agent\lnssatt.exe [133496 2012-11-23] (GFI Software Development Ltd.) S2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [342336 2014-01-24] (IObit) S2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [192856 2012-02-25] (Intel Corporation) S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2151200 2013-10-25] (IObit) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-03-29] () S2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-05-12] () S2 SBAMSvc; C:\Program Files (x86)\VIPRE\SBAMSvc.exe [3937472 2013-09-05] (ThreatTrack Security, Inc.) S2 SBPIMSvc; C:\Program Files (x86)\VIPRE\SBPIMSvc.exe [176016 2013-09-05] (ThreatTrack Security, Inc.) S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia) S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-03-29] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.) S3 BRDriver64; C:\ProgramData\BitRaider\BRDriver64.sys [75048 2013-10-26] (BitRaider) S4 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit) S3 gfiark; C:\Windows\System32\drivers\gfiark.sys [41032 2013-05-23] (ThreatTrack Security) S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security) S3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2012-02-22] (Intel Corporation) S3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia) S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com) S2 sbapifs; C:\Windows\System32\DRIVERS\sbapifs.sys [88928 2013-06-18] (ThreatTrack Security, Inc.) S4 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [68608 2005-08-10] (Protection Technology) S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [15872 2005-08-10] (Protection Technology) S0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [17720 2013-05-22] () S3 ST_ACCEL; C:\Windows\System32\DRIVERS\ST_ACCEL.sys [67184 2012-01-03] (STMicroelectronics) S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com) S4 catchme; \??\C:\ComboFix\catchme.sys [X] S3 getbus; \??\C:\Users\Chris\AppData\Local\Temp\getbus.sys [X] S3 PCDSRVC{1E208CE0-FB7451FF-06020101}_0; \??\c:\program files\dell support center\pcdsrvc_x64.pkms [X] ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys 116176D9B55DDA2C5494DF5611E246A7 C:\Windows\System32\DRIVERS\atikmpag.sys 29A5ACBF46308BD283A5F0D93C4686B5 C:\Windows\System32\DRIVERS\amdkmpfd.sys EF4680F07516F6D61F6E0BA1D34B3A3A C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\System32\DRIVERS\AMPPAL.sys 157B1C973637919DCD0D0464167C86BA C:\Windows\System32\DRIVERS\amppal.sys 157B1C973637919DCD0D0464167C86BA C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\system32\drivers\atapi.sys ==> MD5 is legit C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\ProgramData\BitRaider\BRDriver64.sys D4F84730BE7FEB435D119792F84EA934 C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315 C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4 C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37 C:\Windows\System32\DRIVERS\btmaux.sys 3676BEAA7D842047D30E95D59B241F22 C:\Windows\System32\DRIVERS\btmhsf.sys FA0E7B5AFB8FD335234916764A2D6CF9 C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\System32\drivers\CHDRT64.sys 97238AC8006C14EAF80E374D3B81C2B3 C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\drivers\csc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CtClsFlt.sys BC3D4F90978CD7C8EABD1BAF3BF7873A C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\dmvsc.sys 5DB085A8A6600BE6401F2B24EECB5415 C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys 87CE5C8965E101CCCED1F4675557E868 C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ETD.sys 3B1F66A4E400D7ACF90D233D47DE6C7E C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys D409D4A4517865131999FAC96D366CBF C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\System32\drivers\gfiark.sys 4EA5458FCA8518344686C543749365B1 C:\Windows\System32\drivers\gfiutil.sys 16A23FF8621929ADC5B18DCCD5E206EE C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit C:\Windows\System32\drivers\iaStor.sys D1753C06EE17E29352B065EACF3F10D0 C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\System32\DRIVERS\iBtFltCoex.sys 653A38B868A5F20BB506AB57AC41B936 C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\System32\drivers\intelaud.sys CADDF0927DAC63EDAE48F5C35A61D87D C:\Windows\System32\DRIVERS\IntcDAud.sys 6C9FFFECA9FED31347D211C5D1FFBD2D C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\igdpmd64.sys 371D7F91C0D2314EB984A4A6CBEABC92 C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\irstrtdv.sys 6DC22BDAA595BE00F19696E72F2F3312 C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6 C:\Windows\System32\drivers\iusb3hcs.sys 6BCEF45131C8B8E1C558BE540B190B3C C:\Windows\System32\DRIVERS\iusb3hub.sys F080EADA8715F811B58BD35BB774F2F9 C:\Windows\System32\DRIVERS\iusb3xhc.sys 0F1756D9396740F053221FA6260FCE66 C:\Windows\System32\DRIVERS\iwdbus.sys 716F66336F10885D935B08174DC54242 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\HECIx64.sys 772A1DEEDFDBC244183B5C805D1B7D85 C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netvsc60.sys 73CE12B8BDD747B0063CB0A7EF44CEA7 C:\Windows\System32\DRIVERS\Netwsw00.sys 262225F08B891FD7F16B3B93A3177C1F C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\psi_mf_amd64.sys DD3FD48D69F5FBBB21D46D1514C1C2DB C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys 5623E2CC4F1F6DE24BE9DB3319E42D23 C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932 C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\Drivers\RTSUVSTOR.sys 40817D2DA49866C55781DB7601ABCEC1 C:\Windows\System32\DRIVERS\Rt64win7.sys 7F4F11527AF5A7E4526CB6A146B3E40C C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sbapifs.sys 7B7505F8674AC9C8418B55F807A06F1D C:\Windows\System32\drivers\SbFw.sys 1B1AE5F447175D4B0B32B959B1ADB287 C:\Windows\System32\DRIVERS\sbfwim.sys 9AEF0F267553FD9C900E9449B61586B7 C:\Windows\System32\DRIVERS\SBFWIM.sys 9AEF0F267553FD9C900E9449B61586B7 C:\Windows\System32\drivers\sbhips.sys 4A5F19B271F147D93A596A920DB267D2 C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sbwtis.sys 97ECCE37DBAA0A871B4504CEF53EE76B C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\System32\drivers\sfdrv01.sys A48B9F81D3C2BA989AE2D566747B4623 C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\System32\drivers\sfhlp02.sys 9E0ECDA6C72C5D0D8CF3F0FBA076422B C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\System32\drivers\sfsync02.sys 756F032AFE2362F4F1B6E74EDF3BB2D5 C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09 C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3 C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\Drivers\SmartDefragDriver.sys DD0443BC6CC78A19FD399817F8C51401 C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\System32\DRIVERS\stdcfltn.sys E4EA2412FB1B8AEE33667A9CC6D456A4 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ST_ACCEL.sys 10D69C83513B50F34032F7F96E40019D C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\VMBusVideoM.sys 4CDD7DF58730D23BA9CB5829A6E2ECEA C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09 C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426 C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\TurboB.sys FD24F98D2898BE093FE926604BE7DB99 C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys 893A6B67C8AA502648AD946CF50DDFD1 C:\Windows\System32\DRIVERS\usbccgp.sys 91D3C92A44FC682DD791147604E79152 C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\system32\drivers\usbehci.sys F7FFDF2A1D19A76A87759126B244C816 C:\Windows\System32\DRIVERS\usbhub.sys 245FE7FC634D6A993E682E0A9EBA4ABB C:\Windows\system32\drivers\usbohci.sys C1A8966E0D09BFB501045105B30D86F2 C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys 2E682DCE4319A90E02A327F8A427544A C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vpchbus.sys B4A73CA4EF9A02B9738CEA9AD5FE5917 C:\Windows\System32\DRIVERS\vpcnfltr.sys E675FB2B48C54F09895482E2253B289C C:\Windows\System32\DRIVERS\vpcusb.sys 5FB42082B0D19A0268705F1DD343DF20 C:\Windows\System32\drivers\vpcvmm.sys 30D4243726A15A14F5C5E45898D14394 C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\system32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wimfltr.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUSB.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\System32\DRIVERS\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 C:\Windows\System32\DRIVERS\xusb21.sys 2EE48CFCE7CA8E0DB4C44C7476C0943B ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-14 15:40 - 2014-09-14 15:41 - 00000000 ____D () C:\FRST 2014-09-13 16:06 - 2010-11-20 19:23 - 00383786 __RSH () C:\bootmgr 2014-08-31 20:59 - 2014-09-13 16:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\IObit 2014-08-31 20:59 - 2014-08-31 21:04 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Spotify 2014-08-31 20:59 - 2014-08-31 20:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList 2014-08-31 20:59 - 2014-08-31 20:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList 2014-08-31 20:59 - 2014-08-31 20:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\deb27c1a-00e6-4263-94b2-8b78ea4d32ae 2014-08-31 20:59 - 2014-08-31 20:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Spotify 2014-08-31 20:06 - 2014-08-31 20:06 - 00000630 _____ () C:\Users\Chris\Desktop\Play X3 Reunion.lnk 2014-08-31 20:06 - 2014-08-31 20:06 - 00000630 _____ () C:\Users\Administrator\Desktop\Play X3 Reunion.lnk 2014-08-31 19:12 - 2014-08-31 20:06 - 00030364 _____ () C:\Windows\unins000.dat 2014-08-31 19:12 - 2014-08-31 19:11 - 00674634 _____ () C:\Windows\unins000.exe 2014-08-27 19:20 - 2014-08-27 19:20 - 00000062 _____ () C:\Users\Chris\Desktop\Jack Johnson – Better Together.url 2014-08-27 09:31 - 2014-08-22 18:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll 2014-08-27 09:31 - 2014-08-22 17:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-27 09:31 - 2014-08-22 16:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-08-23 14:44 - 2014-08-23 14:46 - 00982656 _____ () C:\Windows\Minidump\082314-20420-01.dmp 2014-08-17 12:41 - 2014-08-24 13:40 - 00000416 _____ () C:\Windows\SysWOW64\lanss_v111_lnsscomm.csv ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-14 15:41 - 2014-09-14 15:40 - 00000000 ____D () C:\FRST 2014-09-13 16:11 - 2014-08-31 20:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\IObit 2014-09-13 16:11 - 2014-07-29 22:56 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Raptr 2014-09-13 16:11 - 2013-12-21 07:42 - 00000000 ____D () C:\Program Files (x86)\VIPRE 2014-09-13 16:11 - 2013-07-27 10:15 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\IObit 2014-09-13 16:11 - 2013-07-27 09:41 - 00000000 ___RD () C:\Users\Administrator\Virtual Machines 2014-09-13 16:11 - 2013-07-27 09:41 - 00000000 ____D () C:\users\Administrator 2014-09-13 16:11 - 2012-12-06 20:32 - 00000000 ____D () C:\users\Chris 2014-09-13 16:11 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF 2014-09-13 15:36 - 2012-07-06 17:45 - 00000000 ____D () C:\Temp 2014-08-31 21:06 - 2012-07-06 17:24 - 01423598 _____ () C:\Windows\WindowsUpdate.log 2014-08-31 21:04 - 2014-08-31 20:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Spotify 2014-08-31 21:03 - 2012-07-06 17:26 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-31 20:59 - 2014-08-31 20:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList 2014-08-31 20:59 - 2014-08-31 20:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList 2014-08-31 20:59 - 2014-08-31 20:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\deb27c1a-00e6-4263-94b2-8b78ea4d32ae 2014-08-31 20:59 - 2014-08-31 20:59 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Spotify 2014-08-31 20:59 - 2013-12-21 07:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\VIPRE 2014-08-31 20:59 - 2013-12-21 07:42 - 00000000 ____D () C:\ProgramData\VIPRE 2014-08-31 20:59 - 2012-07-06 17:48 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks 2014-08-31 20:59 - 2012-07-06 17:48 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks 2014-08-31 20:59 - 2012-07-06 17:45 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup 2014-08-31 20:58 - 2014-06-12 10:09 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-08-31 20:52 - 2009-07-13 20:45 - 00031312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-31 20:52 - 2009-07-13 20:45 - 00031312 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-31 20:51 - 2013-03-12 07:24 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Spotify 2014-08-31 20:50 - 2013-07-03 09:00 - 00048130 _____ () C:\Windows\setupact.log 2014-08-31 20:44 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-31 20:06 - 2014-08-31 20:06 - 00000630 _____ () C:\Users\Chris\Desktop\Play X3 Reunion.lnk 2014-08-31 20:06 - 2014-08-31 20:06 - 00000630 _____ () C:\Users\Administrator\Desktop\Play X3 Reunion.lnk 2014-08-31 20:06 - 2014-08-31 19:12 - 00030364 _____ () C:\Windows\unins000.dat 2014-08-31 19:25 - 2014-06-12 10:09 - 00000896 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-08-31 19:12 - 2013-10-26 10:38 - 00000000 ____D () C:\Games 2014-08-31 19:11 - 2014-08-31 19:12 - 00674634 _____ () C:\Windows\unins000.exe 2014-08-31 18:53 - 2009-07-13 21:13 - 00798956 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-08-27 19:20 - 2014-08-27 19:20 - 00000062 _____ () C:\Users\Chris\Desktop\Jack Johnson – Better Together.url 2014-08-27 11:53 - 2009-07-13 20:45 - 00267672 _____ () C:\Windows\System32\FNTCACHE.DAT 2014-08-26 13:39 - 2013-03-12 07:24 - 00000000 ____D () C:\Users\Chris\AppData\Local\Spotify 2014-08-24 21:44 - 2013-01-24 21:00 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\SoftGrid Client 2014-08-24 13:40 - 2014-08-17 12:41 - 00000416 _____ () C:\Windows\SysWOW64\lanss_v111_lnsscomm.csv 2014-08-23 23:00 - 2014-01-21 00:02 - 00000000 ____D () C:\Windows\Patches 2014-08-23 23:00 - 2012-07-06 17:26 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-08-23 23:00 - 2012-07-06 17:26 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-08-23 23:00 - 2012-07-06 17:26 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-08-23 14:46 - 2014-08-23 14:44 - 00982656 _____ () C:\Windows\Minidump\082314-20420-01.dmp 2014-08-23 14:44 - 2013-10-26 13:38 - 730697261 _____ () C:\Windows\MEMORY.DMP 2014-08-23 14:44 - 2013-10-26 13:38 - 00000000 ____D () C:\Windows\Minidump 2014-08-22 18:07 - 2014-08-27 09:31 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll 2014-08-22 17:45 - 2014-08-27 09:31 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll 2014-08-22 16:59 - 2014-08-27 09:31 - 03163648 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2014-08-21 20:01 - 2014-07-29 22:56 - 00000000 ____D () C:\Program Files (x86)\Raptr 2014-08-19 16:32 - 2009-07-13 21:08 - 00032652 _____ () C:\Windows\Tasks\SCHEDLGU.TXT Some content of TEMP: ==================== C:\Users\Chris\AppData\Local\Temp\drm_dyndata_7380006.dll C:\Users\Chris\AppData\Local\Temp\raptrpatch.exe C:\Users\Chris\AppData\Local\Temp\raptr_stub.exe C:\Users\Chris\AppData\Local\Temp\_is7203.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2014-08-23 11:51:11 Restore point made on: 2014-08-27 11:36:11 ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=C: path \bootmgr description Windows Boot Manager locale en-US default {default} displayorder {default} timeout 30 Windows Boot Loader ------------------- identifier {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 Professional (recovered) locale en-US recoverysequence {f9bcc696-3ba1-11e4-a62c-be6f81375236} recoveryenabled Yes osdevice partition=C: systemroot \Windows Windows Boot Loader ------------------- identifier {f9bcc696-3ba1-11e4-a62c-be6f81375236} device ramdisk=[D:]\Recovery\windowsre\Winre.wim,{f9bcc697-3ba1-11e4-a62c-be6f81375236} path \windows\system32\winload.exe description Windows Recovery Environment (recovered) locale osdevice ramdisk=[D:]\Recovery\windowsre\Winre.wim,{f9bcc697-3ba1-11e4-a62c-be6f81375236} systemroot \windows winpe Yes Windows Memory Tester --------------------- identifier {memdiag} device partition=C: path \boot\memtest.exe description Windows Memory Diagnostic locale en-US Device options -------------- identifier {f9bcc697-3ba1-11e4-a62c-be6f81375236} ramdisksdidevice partition=D: ramdisksdipath \Recovery\windowsre\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 15% Total physical RAM: 6046.36 MB Available physical RAM: 5121.44 MB Total Pagefile: 6044.5 MB Available Pagefile: 5113.18 MB Total Virtual: 8192 MB Available Virtual: 8191.88 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:450.57 GB) (Free:272.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVERY) (Fixed) (Total:15.15 GB) (Free:7.16 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (WIN_7_PROFESSIONAL) (CDROM) (Total:5.75 GB) (Free:0 GB) UDF Drive f: () (Removable) (Total:0.49 GB) (Free:0.49 GB) FAT Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 1C71C5E5) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Not Active) - (Size=15.2 GB) - (Type=07 NTFS) Partition 3: (Active) - (Size=450.6 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 29.8 GB) (Disk ID: 1C71C5CD) Partition 1: (Not Active) - (Size=8 GB) - (Type=84) ======================================================== Disk: 2 (Size: 500.3 MB) (Disk ID: 565751F0) Partition 1: (Active) - (Size=500 MB) - (Type=06) LastRegBack: 2014-08-27 18:22 ==================== End Of Log ============================