Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01 Ran by SYSTEM on MININT-9UUS4CJ on 29-11-2014 08:32:59 Running from G:\ Platform: Windows 7 Home Premium (X64) OS Language: English (United States) Internet Explorer Version 11 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-03-05] (IDT, Inc.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2899216 2012-03-26] (Synaptics Incorporated) HKLM\...\Run: [SetDefault] => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe [44880 2011-12-19] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [EmsService] => C:\Windows\system32\EmsServiceHelper.exe [3228032 2013-07-22] (Dell Inc.) HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-04-12] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-06] (AVAST Software) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [HPConnectionManager] => C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe [103992 2011-09-13] (Hewlett-Packard Development Company L.P.) HKLM-x32\...\Run: [Format USB Or Flash Drive Software.exe] => [X] HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation) HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM\...\RunOnce: [NCPluginUpdater] => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe [21720 2014-04-22] (Hewlett-Packard) HKLM\...\RunOnce: [*Restore] => C:\Windows\system32\rstrui.exe [296960 2010-11-20] (Microsoft Corporation) HKU\jmbarry\...\RunOnce: [FlashPlayerUpdate] => C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_14_0_0_179_Plugin.exe [851632 2014-08-12] (Adobe Systems Incorporated) Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll Startup: C:\Users\jmbarry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to qlock.exe.lnk ShortcutTarget: Shortcut to qlock.exe.lnk -> C:\1exe\Qlock\qlock.exe () Startup: C:\Users\jmbarry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to ScreenHunter.exe.lnk ShortcutTarget: Shortcut to ScreenHunter.exe.lnk -> C:\1exe\ScreenHunter-5-Free\ScreenHunter.exe (Wisdom Software Inc. ) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-04-12] (Advanced Micro Devices, Inc.) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-06] (AVAST Software) S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [106488 2014-07-06] (AVAST Software) S2 EMS; C:\Windows\system32\EMSService.exe [1922432 2013-07-22] (Dell Inc.) S2 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641320 2012-10-15] (HP) S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent) S2 HPSLPSVC; C:\Users\jmbarry\AppData\Local\Temp\7zS5C00\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) S3 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401256 2012-07-16] (AuthenTec, Inc.) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [31872 2012-02-02] (Advanced Micro Devices, Inc.) S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-06] () S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2014-07-06] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-06] (AVAST Software) S0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [448400 2014-07-06] (AVAST Software) S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-06] (AVAST Software) S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-06] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-06] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [426848 2014-07-06] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-06] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-06] () S3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [134696 2012-02-01] (Broadcom Corporation.) S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2012-02-01] (Broadcom Corporation.) S0 CmgPCS; C:\Windows\System32\DRIVERS\CmgPCS.sys [150304 2013-07-22] (Dell Inc.) S0 CmgShieldFFE; C:\Windows\System32\DRIVERS\CmgFFE.sys [372000 2013-07-22] (Dell Inc.) S3 SmbDrvAMDASF; C:\Windows\system32\drivers\Smb_driver_AMDASF.sys [26384 2012-03-26] (Synaptics Incorporated) S3 SmbDrvIntel; C:\Windows\system32\drivers\Smb_driver_Intel.sys [27408 2012-03-26] (Synaptics Incorporated) ========================== Drivers MD5 ======================= C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Accelerometer.sys 899B7E724BF19F17978B6A37B864A277 C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit C:\Windows\system32\drivers\afd.sys FA886682CFC5D36718D3E436AACF10B9 C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdhub30.sys 2EF1BA6D5DC79FCE5E9216C8C2D3F193 C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit C:\Windows\system32\drivers\amdiox64.sys 6A2EEB0C4133B20773BB3DD0B7B377B4 C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\atikmdag.sys 79A33632C9925A23223A89C381C8DA32 C:\Windows\System32\DRIVERS\atikmpag.sys A402186B616B8FD0C1AA494477911625 C:\Windows\System32\drivers\amdkmpfd.sys 554FB0F28C411FB1EAFD4EA46A8CAAA4 C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit C:\Windows\System32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49 C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048 C:\Windows\system32\drivers\amdxhc.sys 541A6C49C792ED71FB3EFF8C815CFE60 C:\Windows\System32\drivers\amd_sata.sys A1434F35B7B171CB697D74D33F7D029F C:\Windows\System32\drivers\amd_xata.sys E9B5A82FA268BB2D1B012030D5F4E096 C:\Windows\system32\drivers\appid.sys ==> MD5 is legit C:\Windows\system32\drivers\arc.sys ==> MD5 is legit C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit C:\Windows\system32\drivers\aswHwid.sys D95E64416A4A3ED6986E0F474DA934BD C:\Windows\system32\drivers\aswKbd.sys D421F374BE2213E910CD133708DDE60E C:\Windows\system32\drivers\aswMonFlt.sys FF1E537A3632CBB9A0BF72B9FD0878D5 C:\Windows\System32\DRIVERS\aswNdisFlt.sys 79826FB8C979740D135C3E77A26C63BB C:\Windows\system32\drivers\aswRdr2.sys A5757DE5F9C83AB40667A53D5126EA40 C:\Windows\System32\Drivers\aswRvrt.sys 645D97385F3F284FB5604F9B970F4D24 C:\Windows\system32\drivers\aswSnx.sys B8FDEDE963B82CFD23B3A53A3084666D C:\Windows\system32\drivers\aswSP.sys 998B6692C48CEC0F078C9A26744DC899 C:\Windows\system32\drivers\aswStm.sys 48DED912CDE54FC0923B9858512366E1 C:\Windows\System32\Drivers\aswVmm.sys 471A311745848B80339436688A8286E6 C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit C:\Windows\System32\drivers\AtihdW76.sys 24464B908E143D2561E9E452FEE97309 C:\Windows\system32\drivers\bxvbda.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit C:\Windows\System32\drivers\bcbtums.sys BC9E4469FE2CE605902D4C8BB09E8236 C:\Windows\System32\DRIVERS\bcmwl664.sys D41E6CCB9752F551049D2E0C437DD03D C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit C:\Windows\system32\drivers\blbdrive.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315 C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4 C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37 C:\Windows\system32\drivers\btwampfl.sys 93F0E54C65EF7FCB56287FA685E4C4B7 C:\Windows\System32\drivers\btwaudio.sys D1F3C58892C621935947C0261BAEF3C0 C:\Windows\system32\drivers\btwavdt.sys 9C7A3858D87F3A2574C1D326CA6C1461 C:\Windows\System32\DRIVERS\btwdpan.sys AC602E3B6940B48E454D90545D85E8C3 C:\Windows\System32\DRIVERS\btwl2cap.sys B1ACFD00CDD13B48D86F46BFEC153BF9 C:\Windows\system32\drivers\btwrchid.sys BB892C59D453E127797F8C5B203678DC C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit C:\Windows\system32\drivers\cdrom.sys ==> MD5 is legit C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit C:\Windows\System32\CLFS.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\clwvd.sys 50F92C943F18B070F166D019DFAB3D9A C:\Windows\system32\drivers\CmBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\CmgPCS.sys BB753ECB670D13EF7607F36FB95D4192 C:\Windows\System32\DRIVERS\CmgFFE.sys 63C151ABD4FE4FD81D03DCECBB60E91A C:\Windows\System32\Drivers\cng.sys EBF28856F69CF094A902F884CF989706 C:\Windows\System32\drivers\compbatt.sys ==> MD5 is legit C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit C:\Windows\System32\drivers\discache.sys ==> MD5 is legit C:\Windows\System32\drivers\disk.sys ==> MD5 is legit C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit C:\Windows\System32\drivers\dxgkrnl.sys F59E2FE2687A5C30598F9099F318EB73 C:\Windows\system32\drivers\evbda.sys ==> MD5 is legit C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legit C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0 C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit C:\Windows\System32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit C:\Windows\System32\drivers\hpdskflt.sys D104FF402FC3DDB686E6DEF00334DB26 C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366 C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit C:\Windows\system32\drivers\intelppm.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit C:\Windows\system32\drivers\msiscsi.sys 96BB922A0981BC7432C8CF52B5410FE6 C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit C:\Windows\System32\Drivers\ksecdd.sys 353009DEDF918B2A51414F330CF72DEC C:\Windows\System32\Drivers\ksecpkg.sys 1C2D8E18AA8FD50CD04C15CC27F7F5AB C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit C:\Windows\System32\drivers\modem.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\mrxdav.sys 1A4F75E63C9FB84B85DFFC6B63FD5404 C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163 C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88 C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit C:\Windows\System32\Drivers\Ntfs.sys 1A29A59A4C5BA6F8C85062A613B7E2B2 C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\nvm62x64.sys A85B4F2EF3A7304A5399EF0526423040 C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit C:\Windows\system32\drivers\parport.sys ==> MD5 is legit C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C C:\Windows\System32\drivers\pci.sys ==> MD5 is legit C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit C:\Windows\system32\drivers\processr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34 C:\Windows\System32\Drivers\RDPWD.sys FE571E088C2D83619D2D48D4E961BF41 C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932 C:\Windows\System32\DRIVERS\RtsBaStor.sys C855010A28099C6916123B28CA51351F C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Rt64win7.sys C5CD940EFFADE1F6246730BCA14E9FE6 C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0 C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit C:\Windows\system32\drivers\serial.sys ==> MD5 is legit C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\Sftfslh.sys 2046AA7491DE7EFA4D70E615D9BC9D09 C:\Windows\System32\DRIVERS\Sftplaylh.sys 0E0446BC4D51BE4263ACB7E33491191C C:\Windows\System32\DRIVERS\Sftredirlh.sys C5FB982CD266E604ED3142102C26D62C C:\Windows\System32\DRIVERS\Sftvollh.sys 2575511AF67AA1FA068CCC4918E2C2A3 C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit C:\Windows\system32\drivers\Smb_driver_AMDASF.sys 8B03527A651EBBC12EAF10D875A7C1B4 C:\Windows\system32\drivers\Smb_driver_Intel.sys B9EECC2BDA778921C2B49F828B88CDD4 C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28 C:\Windows\System32\DRIVERS\VSTAZL6.SYS 0C4540311E11664B245A263E1154CEF8 C:\Windows\System32\DRIVERS\VSTDPV6.SYS 02071D207A9858FBE3A48CBFD59C4A04 C:\Windows\System32\DRIVERS\VSTCNXT6.SYS 18E40C245DBFAF36FD0134A7EF2DF396 C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3 C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\stwrt64.sys 9F21BBDA0227A08C86175C2AB5F17F70 C:\Windows\System32\DRIVERS\serscan.sys DECACB6921DED1A38642642685D77DAC C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit C:\Windows\system32\drivers\SynTP.sys 50647FA8EFACB6C80FD29669FE9C1666 C:\Windows\System32\drivers\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\DRIVERS\tcpip.sys 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8 C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\tssecsrv.sys E232A3B43A894BB327FC161529BD9ED1 C:\Windows\System32\drivers\tsusbflt.sys E9981ECE8D894CEF7038FD1D040EB426 C:\Windows\system32\drivers\TsUsbGD.sys AD64450A4ABE076F5CB34CC08EEACB07 C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbccgp.sys DCA68B0943D6FA415F0C56C92158A83A C:\Windows\system32\drivers\usbcir.sys 80B0F7D5CCF86CEB5D402EAAF61FEC31 C:\Windows\System32\DRIVERS\usbehci.sys 18A85013A3E0F7E1755365D287443965 C:\Windows\System32\DRIVERS\usbfilter.sys 33A58C5630200E17B51C8D73DD64181B C:\Windows\System32\DRIVERS\usbhub.sys 8D1196CFBB223621F2C67D45710F25BA C:\Windows\System32\DRIVERS\usbohci.sys 765A92D428A8DB88B960DA5A8D6089DC C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\usbscan.sys 9661DA76B4531B2DA272ECCE25A8AF24 C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6 C:\Windows\system32\drivers\usbuhci.sys 35944CFF264134FFD2E7EED0F8B81A56 C:\Windows\System32\Drivers\usbvideo.sys 1F775DA4CF1A3A1834207E975A72E9D7 C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit C:\Windows\System32\drivers\vga.sys ==> MD5 is legit C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit C:\Windows\System32\drivers\volsnap.sys DF8126BD41180351A093A3AD2FC8903B C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit C:\Windows\System32\drivers\wd.sys ==> MD5 is legit C:\Windows\System32\drivers\Wdf01000.sys E2C933EDBC389386EBE6D2BA953F43D8 C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit C:\Windows\SysWOW64\drivers\wimmount.sys ==> MD5 is legit C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659 ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-29 07:56 - 2014-11-29 07:56 - 00000000 ____D () C:\Windows\System32\config\mybackup 2014-11-29 07:44 - 2014-11-29 08:32 - 00000000 ____D () C:\FRST 2014-11-23 17:15 - 2014-11-23 19:30 - 00000000 ____D () C:\__FILEME 2014-11-23 17:15 - 2014-11-23 17:15 - 00000000 ____D () C:\__0 2014-11-23 16:48 - 2014-11-23 16:48 - 00000000 ____D () C:\Users\jmbarry\AppData\Roaming\Google 2014-11-23 16:45 - 2014-11-23 16:45 - 00000000 __SHD () C:\Users\jmbarry\AppData\Local\EmieBrowserModeList 2014-11-22 13:47 - 2014-11-23 19:32 - 00000000 ____D () C:\__TOM ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-11-29 07:25 - 2014-10-23 17:18 - 00000000 ____D () C:\users\tebarry 2014-11-29 07:25 - 2014-04-03 11:22 - 00000000 ____D () C:\users\jmbarry 2014-11-29 07:25 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-11-29 07:24 - 2009-07-13 21:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD 2014-11-29 07:24 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF 2014-11-29 07:22 - 2014-10-23 17:19 - 00000000 ____D () C:\Users\tebarry\AppData\Local\Hewlett-Packard 2014-11-29 07:22 - 2014-04-03 11:24 - 00000000 ____D () C:\Users\jmbarry\AppData\Local\Hewlett-Packard 2014-11-29 07:22 - 2012-06-29 21:12 - 00000000 ___RD () C:\Users\Public\Recorded TV 2014-11-29 07:22 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Public\Libraries 2014-11-29 07:22 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat 2014-11-29 07:21 - 2014-09-25 06:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-11-29 07:21 - 2014-06-26 20:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware 2014-11-29 07:21 - 2014-04-09 19:23 - 00000000 ____D () C:\_JPGs 2014-11-29 07:21 - 2014-04-08 08:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-11-29 07:21 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared 2014-11-29 07:20 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration 2014-11-29 07:15 - 2014-10-24 17:17 - 00000000 ____D () C:\Users\tebarry\AppData\Roaming\Mozilla 2014-11-29 07:15 - 2014-10-24 17:17 - 00000000 ____D () C:\Users\tebarry\AppData\Local\Mozilla 2014-11-29 07:15 - 2014-10-23 17:19 - 00000000 ____D () C:\Users\tebarry\AppData\Local\Google 2014-11-29 07:14 - 2014-04-09 19:39 - 00000000 ____D () C:\Users\jmbarry\AppData\Local\Google 2014-11-29 07:12 - 2014-08-23 17:50 - 00000000 ____D () C:\_00Now 2014-11-29 07:12 - 2014-04-09 18:09 - 00000000 ____D () C:\Program Files (x86)\eBay 2014-11-29 07:12 - 2014-04-08 09:03 - 00000000 ____D () C:\_0-JB-Data 2014-11-23 19:24 - 2014-08-02 06:41 - 00000000 ____D () C:\_JPGsDupe 2014-11-23 19:15 - 2014-08-24 13:57 - 00000000 ____D () C:\__0DO 2014-11-23 16:44 - 2014-04-09 18:46 - 00000000 ____D () C:\Users\jmbarry\AppData\Local\CrashDumps 2014-11-23 16:43 - 2014-04-09 18:57 - 00012096 _____ () C:\MyUpdateLogs.log 2014-11-21 23:08 - 2014-04-14 22:39 - 00000000 ____D () C:\Windows\System32\MRT 2014-11-11 06:28 - 2014-04-14 21:48 - 00000000 ____D () C:\temp 2014-11-09 12:49 - 2014-04-03 11:17 - 01743287 _____ () C:\Windows\WindowsUpdate.log 2014-11-09 12:46 - 2014-04-09 19:39 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-11-09 12:22 - 2014-04-09 19:40 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2014-11-09 11:17 - 2014-04-09 19:39 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-11-09 11:16 - 2014-10-24 17:28 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleFortebarry.job 2014-11-08 19:00 - 2014-09-30 19:52 - 00003198 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForjmbarry 2014-11-08 19:00 - 2014-09-30 19:52 - 00000340 _____ () C:\Windows\Tasks\HPCeeScheduleForjmbarry.job 2014-11-08 19:00 - 2014-04-25 18:36 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2014-11-08 19:00 - 2014-04-11 20:44 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2014-11-08 17:35 - 2009-07-13 20:45 - 00031472 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-11-08 17:35 - 2009-07-13 20:45 - 00031472 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-11-08 17:22 - 2014-04-03 11:29 - 00003942 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{55D69019-4D6A-4645-AFA6-382F6AA8222B} 2014-11-02 13:44 - 2009-07-13 21:13 - 00783424 _____ () C:\Windows\System32\PerfStringBackup.INI 2014-11-02 13:37 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-11-02 13:37 - 2009-07-13 20:51 - 00055987 _____ () C:\Windows\setupact.log Some content of TEMP: ==================== C:\Users\jmbarry\AppData\Local\Temp\Extract.exe C:\Users\jmbarry\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe C:\Users\jmbarry\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe C:\Users\jmbarry\AppData\Local\Temp\SP57965.exe C:\Users\jmbarry\AppData\Local\Temp\SP59202.exe C:\Users\jmbarry\AppData\Local\Temp\SP59664.exe C:\Users\jmbarry\AppData\Local\Temp\SP60051.exe C:\Users\jmbarry\AppData\Local\Temp\SP61037.exe C:\Users\jmbarry\AppData\Local\Temp\sp64126.exe C:\Users\jmbarry\AppData\Local\Temp\UninstallHPSA.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= Restore point made on: 2014-10-08 19:18:44 Restore point made on: 2014-10-18 19:07:18 Restore point made on: 2014-10-28 19:41:07 Restore point made on: 2014-11-09 12:49:55 Restore point made on: 2014-11-21 23:01:05 Restore point made on: 2014-11-23 16:52:32 Restore point made on: 2014-11-23 16:57:15 Restore point made on: 2014-11-23 17:17:22 ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=Y: description Windows Boot Manager locale en-US inherit {globalsettings} extendedinput Yes default {default} resumeobject {d77c9aa9-9e5a-11e3-9c7e-ee910963e7cb} displayorder {default} toolsdisplayorder {memdiag} timeout 30 customactions 0x1000085000001 0x5400000f custom:5400000f {current} Windows Boot Loader ------------------- identifier {current} device ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{480788a2-bb65-11e3-8c3e-c01885cc91b9} path \windows\system32\winload.exe description Windows Recovery Environment inherit {bootloadersettings} osdevice ramdisk=[E:]\Recovery\WindowsRE\Winre.wim,{480788a2-bb65-11e3-8c3e-c01885cc91b9} systemroot \windows nx OptIn winpe Yes Windows Boot Loader ------------------- identifier {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 locale en-US inherit {bootloadersettings} recoverysequence {current} recoveryenabled Yes osdevice partition=C: systemroot \Windows resumeobject {d77c9aa9-9e5a-11e3-9c7e-ee910963e7cb} nx OptIn bootlog No Resume from Hibernate --------------------- identifier {d77c9aa9-9e5a-11e3-9c7e-ee910963e7cb} device partition=C: path \Windows\system32\winresume.exe description Windows Resume Application locale en-US inherit {resumeloadersettings} filedevice partition=C: filepath \hiberfil.sys debugoptionenabled No Windows Memory Tester --------------------- identifier {memdiag} device partition=Y: path \boot\memtest.exe description Windows Memory Diagnostic locale en-US inherit {globalsettings} badmemoryaccess Yes EMS Settings ------------ identifier {emssettings} bootems Yes Debugger Settings ----------------- identifier {dbgsettings} debugtype Serial debugport 1 baudrate 115200 RAM Defects ----------- identifier {badmemory} Global Settings --------------- identifier {globalsettings} inherit {dbgsettings} {emssettings} {badmemory} Boot Loader Settings -------------------- identifier {bootloadersettings} inherit {globalsettings} {hypervisorsettings} Hypervisor Settings ------------------- identifier {hypervisorsettings} hypervisordebugtype Serial hypervisordebugport 1 hypervisorbaudrate 115200 Resume Loader Settings ---------------------- identifier {resumeloadersettings} inherit {globalsettings} Device options -------------- identifier {480788a2-bb65-11e3-8c3e-c01885cc91b9} description Ramdisk Options ramdisksdidevice partition=E: ramdisksdipath \Recovery\WindowsRE\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 14% Total physical RAM: 5600.36 MB Available physical RAM: 4771.91 MB Total Pagefile: 5598.51 MB Available Pagefile: 4767.38 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:446.87 GB) (Free:370.63 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (Recovery) (Fixed) (Total:18.59 GB) (Free:2.02 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive f: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32 Drive g: () (Removable) (Total:15.05 GB) (Free:15.04 GB) FAT32 Drive x: (Boot) (Fixed) (Total:0.25 GB) (Free:0.25 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.13 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5A31C1F9) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=446.9 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=18.6 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (Size: 15.1 GB) (Disk ID: 00000000) Partition: GPT Partition Type. LastRegBack: 2014-10-18 18:05 ==================== End Of Log ============================