Hello,
I had a friend ask me to take a look at her laptop, as she said it was really slow. She said she had lent it out to someone for about a year or so, and had just recently got it back. When we turned it on, I noticed she was right, everything (boot, loading the desktop, etc.) did seem to take a long time. I also noticed that it was using Microsoft Security Essentials for AV, and that it was turned off. Opening up a browser window redirects to "Search Conduit", and that variously, there are pop out windows that start running videos for Motorycle news, redirects to different sites, and offers to scan or update your PC.
So far the things I have tried are;
1. ran Bitdefender Rescue CD on it, and set it to delete infected files.
2. went into msconfig and tried to uncheck unnecessary programs from running on startup. There is one, Win8Security_scanner.exe that lets you uncheck it, but just checks itself back once you hit apply.
3. Attempted to unistall programs that were unnecessary. This is is where I discovered that it looks like a lot of the programs (iTunes, Chrome, IE, CCleaner, MalwareBytes) are old and out of date.
It was at this point that I decided it would probably be better to get someone who knows what they are doing invovled. It's a Dell Inspiron 1545, running Windows 7 Home Premium, 64bit. She did say that she would like to have the popups and stuff taken care of, but she didn't have a backup copy of any of her files or information. I would appreciate any assistance someone can give me.
Below are the results of the FRST scan.
FRST.txt
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Katrina (administrator) on KATRINA-PC (13-03-2016 13:17:46)
Running from C:\Users\Katrina\Desktop
Loaded Profiles: Katrina (Available Profiles: Katrina)
Platform: Windows 7 Home Premium (X64) Language: English (United States)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\stacsv64.exe
() C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\BCMWLTRY.EXE
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [305664 2009-01-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [444416 2009-06-28] (IDT, Inc.)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.exe [4968960 2009-07-16] (Dell Inc.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4240760 2010-11-10] (Microsoft Corporation)
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\...\Run: [Win8Security_scanner.exe] => C:\Users\Katrina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5EGZ40IG\Win8Security_scanner.exe
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2009-07-13] (Microsoft Corporation)
IFEO: [Debugger] svchost.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-04-08]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk [2010-04-08]
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (No File)
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: [S-1-5-21-1913726647-2047149097-3475585360-1001] => http=127.0.0.1:59274
Tcpip\Parameters: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{474AFFBE-88EA-4F40-8277-5BD712E33E37}: [DhcpNameServer] 192.168.254.254
Tcpip\..\Interfaces\{8432D0EB-FA70-4B19-AF29-15B2F52E3964}: [DhcpNameServer] 192.168.2.1
Internet Explorer:
==================
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/?gws_rd=ssl
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/USCON/1
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {2A00D426-143C-4C27-A5CF-14EBAA32497D} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {6744EFFA-7F76-41E6-898C-C54661DA8E15} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2A59} URL = hxxp://search.imesh.com/web?src=ieb&systemid=1&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> URL hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-19 -> URL hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-20 -> URL hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001 -> DefaultScope {0B02FF70-C1E4-4270-8730-3A384B9119EE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001 -> {0B02FF70-C1E4-4270-8730-3A384B9119EE} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: FlaShCouuppono -> {3C508DAE-4C38-8C71-3B17-5D1CFFC60A4C} -> C:\ProgramData\FlaShCouuppono\I_KqTQF.x64.dll [2014-07-27] ()
BHO: TidyNetwork -> {6935DCC0-259B-3C41-D6B4-C791FAF27D11} -> C:\Program Files (x86)\TidyNetwork\petn64.dll => No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: LuckyCoupon -> {914732CD-5506-9D9A-6478-27E79918DBFF} -> C:\ProgramData\LuckyCoupon\2dUFuPFVh.x64.dll => No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> No File
BHO-x32: FlaShCouuppono -> {3C508DAE-4C38-8C71-3B17-5D1CFFC60A4C} -> C:\ProgramData\FlaShCouuppono\I_KqTQF.dll [2014-07-27] ()
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: LuckyCoupon -> {914732CD-5506-9D9A-6478-27E79918DBFF} -> C:\ProgramData\LuckyCoupon\2dUFuPFVh.dll => No File
BHO-x32: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2010-12-21] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll => No File
Toolbar: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-1913726647-2047149097-3475585360-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {32C3FEAE-0877-4767-8C20-62A5829A0945} hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2013-02-28] (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08] (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2010-04-06] (Skype Technologies)
FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll [No File]
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2012-03-06] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll [2012-03-29] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2013-02-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2010-11-10] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll [2014-05-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-1913726647-2047149097-3475585360-1001: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Katrina\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll [No File]
FF Plugin HKU\S-1-5-21-1913726647-2047149097-3475585360-1001: @nsroblox.roblox.com/launcher -> C:\Users\Katrina\AppData\Local\Roblox\Versions\version-9ae7cc04e47a4b12\\NPRobloxProxy.dll [2013-02-13] ( ROBLOX Corporation)
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Simple Select Search) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aagminaekdpcfimcbhknlgjmpnnnmooo [2014-09-07] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Simple Select Search) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-07-24] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (YouTube) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-17]
CHR Extension: (Google Search) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-17]
CHR Extension: (BugDigger) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ecpchhjbdicfkjpdccjcclfpgbobgedd [2014-08-18] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Instant Dictionary) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcjmbgoamdpbndikpbaoeoidaabejfmd [2014-10-13] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Bootstrap Twitter Offline Docs) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\gihkgljdimgfffabkemicpaeljmoobil [2014-10-13] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Yula) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibcpghbggehfodnapmcddffmnamgijhe [2014-10-13] [UpdateUrl: hxxp://wwwyulaseecom-a.akamaihd.net/update/chrome] <==== ATTENTION
CHR Extension: (Page Rank) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\lndiecnlfaibiffoeijpjnblnmdlcpog [2014-07-27] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Google Wallet) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-01] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Do Share) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\oglhhmnmdocfhmhlekfdecokagmbchnf [2014-07-25] [UpdateUrl: hxxps://epicunitscan.info/00service/update2/crx] <==== ATTENTION
CHR Extension: (Gmail) - C:\Users\Katrina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-17]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
"d8a9369b330a0d5b" => service could not be unlocked. <===== ATTENTION
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1854056 2012-12-07] (Microsoft Corporation)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_afc3018f8cfedd20\STacSV64.exe [240128 2009-06-28] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2009-07-13] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwltry.exe [3417088 2009-07-16] (Dell Inc.) [File not signed]
S2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [X]
S2 Update Yula; "C:\Program Files (x86)\Yula\updateYulasee.exe" [X]
S2 Util Yula; "C:\Program Files (x86)\Yula\bin\utilYulasee.exe" [X]
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 b06bdrv; C:\Windows\system32\DRIVERS\bxvbda.sys [468480 2009-06-10] () [File not signed]
S3 b57nd60a; C:\Windows\System32\DRIVERS\b57nd60a.sys [270848 2009-06-10] () [File not signed]
U5 BattC; C:\Windows\System32\Drivers\BattC.sys [28240 2009-07-13] () [File not signed]
R3 BCM42RLY; C:\Windows\System32\drivers\BCM42RLY.sys [22520 2009-07-16] () [File not signed]
R3 BCM43XX; C:\Windows\System32\DRIVERS\bcmwl664.sys [2769400 2009-07-16] () [File not signed]
R1 Beep; C:\Windows\System32\Drivers\Beep.sys [6656 2009-07-13] ()
R1 blbdrive; C:\Windows\System32\DRIVERS\blbdrive.sys [45056 2009-07-13] () [File not signed]
R3 bowser; C:\Windows\System32\DRIVERS\bowser.sys [90624 2011-02-22] () [File not signed]
S3 BrFiltLo; C:\Windows\system32\DRIVERS\BrFiltLo.sys [18432 2009-06-10] () [File not signed]
S3 BrFiltUp; C:\Windows\system32\DRIVERS\BrFiltUp.sys [8704 2009-06-10] () [File not signed]
S3 Brserid; C:\Windows\System32\Drivers\Brserid.sys [286720 2009-07-13] () [File not signed]
S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] () [File not signed]
S3 BrUsbMdm; C:\Windows\System32\Drivers\BrUsbMdm.sys [14976 2009-06-10] () [File not signed]
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] () [File not signed]
S3 BTHMODEM; C:\Windows\system32\DRIVERS\bthmodem.sys [72192 2009-07-13] () [File not signed]
S4 cdfs; C:\Windows\System32\DRIVERS\cdfs.sys [92160 2009-07-13] () [File not signed]
R1 cdrom; C:\Windows\System32\DRIVERS\cdrom.sys [147456 2009-07-13] () [File not signed]
S3 circlass; C:\Windows\system32\DRIVERS\circlass.sys [45568 2009-07-13] () [File not signed]
R0 CLFS; C:\Windows\System32\CLFS.sys [367696 2009-07-13] () [File not signed]
R3 CmBatt; C:\Windows\System32\DRIVERS\CmBatt.sys [17664 2009-07-13] () [File not signed]
S3 cmdide; C:\Windows\system32\DRIVERS\cmdide.sys [17488 2009-07-13] () [File not signed]
R0 CNG; C:\Windows\System32\Drivers\cng.sys [459216 2012-06-01] () [File not signed]
R0 Compbatt; C:\Windows\System32\DRIVERS\compbatt.sys [21584 2009-07-13] () [File not signed]
R3 CompositeBus; C:\Windows\System32\DRIVERS\CompositeBus.sys [38912 2009-07-13] () [File not signed]
S4 crcdisk; C:\Windows\system32\DRIVERS\crcdisk.sys [24144 2009-07-13] () [File not signed]
R3 CtClsFlt; C:\Windows\System32\DRIVERS\CtClsFlt.sys [172704 2009-06-15] () [File not signed]
U5 d8a9369b330a0d5b; C:\Windows\System32\Drivers\d8a9369b330a0d5b.sys [90560 2012-08-28] () <===== ATTENTION Necurs Rootkit?
R1 DfsC; C:\Windows\System32\Drivers\dfsc.sys [102400 2011-04-26] () [File not signed]
R1 discache; C:\Windows\System32\drivers\discache.sys [40448 2009-07-13] () [File not signed]
R0 Disk; C:\Windows\System32\DRIVERS\disk.sys [73280 2009-07-13] () [File not signed]
S3 drmkaud; C:\Windows\System32\drivers\drmkaud.sys [5632 2009-07-13] () [File not signed]
R3 DXGKrnl; C:\Windows\System32\drivers\dxgkrnl.sys [982912 2011-01-26] () [File not signed]
S3 ebdrv; C:\Windows\system32\DRIVERS\evbda.sys [3286016 2009-06-10] () [File not signed]
S3 elxstor; C:\Windows\system32\DRIVERS\elxstor.sys [530496 2009-07-13] () [File not signed]
S3 ErrDev; C:\Windows\system32\DRIVERS\errdev.sys [9728 2009-07-13] () [File not signed]
S3 exfat; C:\Windows\System32\Drivers\exfat.sys [195072 2009-07-13] () [File not signed]
R3 fastfat; C:\Windows\System32\Drivers\fastfat.sys [204800 2009-07-13] () [File not signed]
S3 fdc; C:\Windows\system32\DRIVERS\fdc.sys [29696 2009-07-13] () [File not signed]
R0 FileInfo; C:\Windows\System32\drivers\fileinfo.sys [70224 2009-07-13] () [File not signed]
S3 Filetrace; C:\Windows\System32\drivers\filetrace.sys [34304 2009-07-13] () [File not signed]
S3 flpydisk; C:\Windows\system32\DRIVERS\flpydisk.sys [24576 2009-07-13] () [File not signed]
R0 FltMgr; C:\Windows\System32\drivers\fltmgr.sys [290368 2009-07-13] () [File not signed]
S3 FsDepends; C:\Windows\System32\drivers\FsDepends.sys [55376 2009-07-13] () [File not signed]
U0 Fs_Rec; C:\Windows\System32\Drivers\Fs_Rec.sys [22896 2012-03-01] ()
R0 fvevol; C:\Windows\System32\DRIVERS\fvevol.sys [223448 2009-09-26] () [File not signed]
S3 gagp30kx; C:\Windows\system32\DRIVERS\gagp30kx.sys [65088 2009-07-13] () [File not signed]
R3 GEARAspiWDM; C:\Windows\System32\DRIVERS\GEARAspiWDM.sys [34152 2009-05-18] () [File not signed]
S3 hcw85cir; C:\Windows\system32\drivers\hcw85cir.sys [31232 2009-06-10] () [File not signed]
R3 HDAudBus; C:\Windows\System32\DRIVERS\HDAudBus.sys [122368 2009-07-13] () [File not signed]
S3 HidBatt; C:\Windows\system32\DRIVERS\HidBatt.sys [26624 2009-07-13] () [File not signed]
S3 HidBth; C:\Windows\system32\DRIVERS\hidbth.sys [100864 2009-07-13] () [File not signed]
S3 HidIr; C:\Windows\system32\DRIVERS\hidir.sys [46592 2009-07-13] () [File not signed]
R3 HidUsb; C:\Windows\System32\DRIVERS\hidusb.sys [30208 2009-07-13] () [File not signed]
S3 HpSAMD; C:\Windows\system32\DRIVERS\HpSAMD.sys [77888 2009-07-13] () [File not signed]
R3 HTTP; C:\Windows\System32\drivers\HTTP.sys [751616 2009-07-13] () [File not signed]
R0 hwpolicy; C:\Windows\System32\drivers\hwpolicy.sys [14416 2009-07-13] () [File not signed]
R3 i8042prt; C:\Windows\System32\DRIVERS\i8042prt.sys [105472 2009-07-13] () [File not signed]
R0 iaStor; C:\Windows\System32\DRIVERS\iaStor.sys [408600 2009-06-04] () [File not signed]
S3 iaStorV; C:\Windows\system32\drivers\iaStorV.sys [410496 2011-03-11] () [File not signed]
R3 igfx; C:\Windows\System32\DRIVERS\igdkmd64.sys [7333472 2009-06-02] () [File not signed]
S3 iirsp; C:\Windows\system32\DRIVERS\iirsp.sys [44112 2009-07-13] () [File not signed]
S3 intelide; C:\Windows\system32\DRIVERS\intelide.sys [16960 2009-07-13] () [File not signed]
R3 intelppm; C:\Windows\System32\DRIVERS\intelppm.sys [62464 2009-07-13] () [File not signed]
S3 IpFilterDriver; C:\Windows\System32\DRIVERS\ipfltdrv.sys [82944 2009-07-13] () [File not signed]
S3 IPMIDRV; C:\Windows\system32\DRIVERS\IPMIDrv.sys [78848 2009-07-13] () [File not signed]
S3 IPNAT; C:\Windows\System32\drivers\ipnat.sys [116224 2009-07-13] () [File not signed]
S3 IRENUM; C:\Windows\System32\drivers\irenum.sys [17920 2009-07-13] () [File not signed]
S3 isapnp; C:\Windows\system32\DRIVERS\isapnp.sys [20544 2009-07-13] () [File not signed]
S3 iScsiPrt; C:\Windows\system32\DRIVERS\msiscsi.sys [224832 2009-07-13] () [File not signed]
R3 kbdclass; C:\Windows\System32\DRIVERS\kbdclass.sys [50768 2009-07-13] () [File not signed]
S3 kbdhid; C:\Windows\system32\DRIVERS\kbdhid.sys [33280 2009-07-13] () [File not signed]
R0 KSecDD; C:\Windows\System32\Drivers\ksecdd.sys [95088 2012-06-01] () [File not signed]
R0 KSecPkg; C:\Windows\System32\Drivers\ksecpkg.sys [152432 2012-06-01] () [File not signed]
R3 ksthunk; C:\Windows\system32\drivers\ksthunk.sys [20992 2009-07-13] () [File not signed]
R2 lltdio; C:\Windows\System32\DRIVERS\lltdio.sys [60928 2009-07-13] () [File not signed]
S3 LSI_FC; C:\Windows\system32\DRIVERS\lsi_fc.sys [114752 2009-07-13] () [File not signed]
S3 LSI_SAS; C:\Windows\system32\DRIVERS\lsi_sas.sys [106560 2009-07-13] () [File not signed]
S3 LSI_SAS2; C:\Windows\system32\DRIVERS\lsi_sas2.sys [65600 2009-07-13] () [File not signed]
S3 LSI_SCSI; C:\Windows\system32\DRIVERS\lsi_scsi.sys [115776 2009-07-13] () [File not signed]
R2 luafv; C:\Windows\system32\drivers\luafv.sys [113152 2009-07-13] () [File not signed]
S3 megasas; C:\Windows\system32\DRIVERS\megasas.sys [35392 2009-07-13] () [File not signed]
S3 MegaSR; C:\Windows\system32\DRIVERS\MegaSR.sys [284736 2009-07-13] () [File not signed]
R3 Modem; C:\Windows\System32\drivers\modem.sys [40448 2009-07-13] () [File not signed]
R3 monitor; C:\Windows\System32\DRIVERS\monitor.sys [30208 2009-07-13] () [File not signed]
R3 mouclass; C:\Windows\System32\DRIVERS\mouclass.sys [49216 2009-07-13] () [File not signed]
R3 mouhid; C:\Windows\System32\DRIVERS\mouhid.sys [31232 2009-07-13] () [File not signed]
R0 mountmgr; C:\Windows\System32\drivers\mountmgr.sys [94784 2009-07-13] () [File not signed]
S3 mpio; C:\Windows\system32\DRIVERS\mpio.sys [155216 2009-07-13] () [File not signed]
R3 mpsdrv; C:\Windows\System32\drivers\mpsdrv.sys [77312 2009-07-13] () [File not signed]
S3 MRxDAV; C:\Windows\system32\drivers\mrxdav.sys [140800 2009-07-13] () [File not signed]
R3 mrxsmb; C:\Windows\System32\DRIVERS\mrxsmb.sys [157696 2011-05-03] () [File not signed]
R3 mrxsmb10; C:\Windows\System32\DRIVERS\mrxsmb10.sys [287744 2011-07-08] () [File not signed]
R3 mrxsmb20; C:\Windows\System32\DRIVERS\mrxsmb20.sys [126464 2011-05-03] () [File not signed]
S3 msahci; C:\Windows\system32\DRIVERS\msahci.sys [30296 2010-04-08] () [File not signed]
S3 msdsm; C:\Windows\system32\DRIVERS\msdsm.sys [140352 2009-07-13] () [File not signed]
R1 Msfs; C:\Windows\System32\Drivers\Msfs.sys [26112 2009-07-13] ()
S3 mshidkmdf; C:\Windows\System32\drivers\mshidkmdf.sys [8192 2009-07-13] () [File not signed]
R0 msisadrv; C:\Windows\System32\DRIVERS\msisadrv.sys [15424 2009-07-13] () [File not signed]
S3 MSKSSRV; C:\Windows\System32\drivers\MSKSSRV.sys [11136 2009-07-13] () [File not signed]
S3 MSPCLOCK; C:\Windows\System32\drivers\MSPCLOCK.sys [7168 2009-07-13] () [File not signed]
S3 MSPQM; C:\Windows\System32\drivers\MSPQM.sys [6784 2009-07-13] () [File not signed]
S3 MsRPC; C:\Windows\System32\Drivers\MsRPC.sys [367168 2009-07-13] ()
R1 mssmbios; C:\Windows\System32\DRIVERS\mssmbios.sys [32320 2009-07-13] () [File not signed]
S3 MSTEE; C:\Windows\System32\drivers\MSTEE.sys [8064 2009-07-13] () [File not signed]
S3 MTConfig; C:\Windows\system32\DRIVERS\MTConfig.sys [15360 2009-07-13] () [File not signed]
R0 Mup; C:\Windows\System32\Drivers\mup.sys [60496 2009-07-13] () [File not signed]
R3 NativeWifiP; C:\Windows\System32\DRIVERS\nwifi.sys [318976 2009-07-13] () [File not signed]
R0 NDIS; C:\Windows\System32\drivers\ndis.sys [947776 2009-07-13] () [File not signed]
S3 NdisCap; C:\Windows\System32\DRIVERS\ndiscap.sys [35328 2009-07-13] () [File not signed]
R3 NdisTapi; C:\Windows\System32\DRIVERS\ndistapi.sys [24064 2009-07-13] () [File not signed]
R3 Ndisuio; C:\Windows\System32\DRIVERS\ndisuio.sys [56320 2009-07-13] () [File not signed]
R3 NdisWan; C:\Windows\System32\DRIVERS\ndiswan.sys [164352 2009-07-13] () [File not signed]
R3 NDProxy; C:\Windows\System32\Drivers\NDProxy.sys [57856 2009-07-13] ()
R1 NetBIOS; C:\Windows\System32\DRIVERS\netbios.sys [44544 2009-07-13] () [File not signed]
R1 NetBT; C:\Windows\System32\DRIVERS\netbt.sys [259072 2009-07-13] () [File not signed]
S3 nfrd960; C:\Windows\system32\DRIVERS\nfrd960.sys [51264 2009-07-13] () [File not signed]
R1 Npfs; C:\Windows\System32\Drivers\Npfs.sys [44032 2009-07-13] ()
R1 nsiproxy; C:\Windows\System32\drivers\nsiproxy.sys [24576 2009-07-13] () [File not signed]
R3 Ntfs; C:\Windows\System32\Drivers\Ntfs.sys [1657216 2011-03-11] ()
R1 Null; C:\Windows\System32\Drivers\Null.sys [6144 2009-07-13] () [File not signed]
S3 nvraid; C:\Windows\system32\drivers\nvraid.sys [148352 2011-03-11] () [File not signed]
S3 nvstor; C:\Windows\system32\drivers\nvstor.sys [166272 2011-03-11] () [File not signed]
S3 nv_agp; C:\Windows\system32\DRIVERS\nv_agp.sys [122960 2009-07-13] () [File not signed]
S3 ohci1394; C:\Windows\system32\DRIVERS\ohci1394.sys [72832 2009-07-13] () [File not signed]
S3 Parport; C:\Windows\system32\DRIVERS\parport.sys [97280 2009-07-13] () [File not signed]
R0 partmgr; C:\Windows\System32\drivers\partmgr.sys [75632 2012-03-17] () [File not signed]
R0 pci; C:\Windows\System32\DRIVERS\pci.sys [183872 2009-07-13] () [File not signed]
S3 pciide; C:\Windows\system32\DRIVERS\pciide.sys [12352 2009-07-13] () [File not signed]
S3 pcmcia; C:\Windows\system32\DRIVERS\pcmcia.sys [220752 2009-07-13] () [File not signed]
R0 pcw; C:\Windows\System32\drivers\pcw.sys [50768 2009-07-13] () [File not signed]
R2 PEAUTH; C:\Windows\System32\drivers\peauth.sys [651264 2009-07-13] () [File not signed]
R3 PptpMiniport; C:\Windows\System32\DRIVERS\raspptp.sys [111616 2009-07-13] () [File not signed]
S3 Processor; C:\Windows\system32\DRIVERS\processr.sys [60416 2009-07-13] () [File not signed]
R1 Psched; C:\Windows\System32\DRIVERS\pacer.sys [131584 2009-07-13] () [File not signed]
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [55280 2009-07-09] () [File not signed]
S3 ql2300; C:\Windows\system32\DRIVERS\ql2300.sys [1524816 2009-07-13] () [File not signed]
S3 ql40xx; C:\Windows\system32\DRIVERS\ql40xx.sys [128592 2009-07-13] () [File not signed]
S3 QWAVEdrv; C:\Windows\system32\drivers\qwavedrv.sys [46592 2009-07-13] () [File not signed]
S3 RasAcd; C:\Windows\System32\DRIVERS\rasacd.sys [14848 2009-07-13] () [File not signed]
R3 RasAgileVpn; C:\Windows\System32\DRIVERS\AgileVpn.sys [60416 2009-07-13] () [File not signed]
R3 Rasl2tp; C:\Windows\System32\DRIVERS\rasl2tp.sys [130048 2009-07-13] () [File not signed]
R3 RasPppoe; C:\Windows\System32\DRIVERS\raspppoe.sys [92672 2009-07-13] () [File not signed]
R3 RasSstp; C:\Windows\System32\DRIVERS\rassstp.sys [83968 2009-07-13] () [File not signed]
R1 rdbss; C:\Windows\System32\DRIVERS\rdbss.sys [309248 2009-07-13] () [File not signed]
S3 rdpbus; C:\Windows\system32\DRIVERS\rdpbus.sys [24064 2009-07-13] () [File not signed]
R1 RDPCDD; C:\Windows\System32\DRIVERS\RDPCDD.sys [7680 2009-07-13] () [File not signed]
R1 RDPENCDD; C:\Windows\System32\drivers\rdpencdd.sys [7680 2009-07-13] () [File not signed]
R1 RDPREFMP; C:\Windows\System32\drivers\rdprefmp.sys [8192 2009-07-13] () [File not signed]
S3 RDPWD; C:\Windows\System32\Drivers\RDPWD.sys [204800 2012-04-27] ()
R0 rdyboost; C:\Windows\System32\drivers\rdyboost.sys [214096 2009-07-13] () [File not signed]
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [92160 2010-06-16] () [File not signed]
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] () [File not signed]
R3 ROOTMODEM; C:\Windows\System32\Drivers\RootMdm.sys [11264 2009-07-13] () [File not signed]
R2 rspndr; C:\Windows\System32\DRIVERS\rspndr.sys [76800 2009-07-13] () [File not signed]
R3 RSUSBSTOR; C:\Windows\System32\Drivers\RtsUStor.sys [215552 2009-05-08] () [File not signed]
S3 sbp2port; C:\Windows\system32\DRIVERS\sbp2port.sys [104016 2009-07-13] () [File not signed]
S3 scfilter; C:\Windows\System32\DRIVERS\scfilter.sys [29696 2009-07-13] () [File not signed]
R2 secdrv; C:\Windows\System32\Drivers\secdrv.sys [23040 2009-06-10] () [File not signed]
S3 Serenum; C:\Windows\system32\DRIVERS\serenum.sys [23552 2009-07-13] () [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] () [File not signed]
S3 sermouse; C:\Windows\system32\DRIVERS\sermouse.sys [26624 2009-07-13] () [File not signed]
S3 sffdisk; C:\Windows\system32\DRIVERS\sffdisk.sys [14336 2009-07-13] () [File not signed]
S3 sffp_mmc; C:\Windows\system32\DRIVERS\sffp_mmc.sys [13824 2009-07-13] () [File not signed]
S3 sffp_sd; C:\Windows\system32\DRIVERS\sffp_sd.sys [14336 2009-10-09] () [File not signed]
S3 sfloppy; C:\Windows\system32\DRIVERS\sfloppy.sys [16896 2009-07-13] () [File not signed]
S3 SiSRaid2; C:\Windows\system32\DRIVERS\SiSRaid2.sys [43584 2009-07-13] () [File not signed]
S3 SiSRaid4; C:\Windows\system32\DRIVERS\sisraid4.sys [80464 2009-07-13] () [File not signed]
S3 Smb; C:\Windows\System32\DRIVERS\smb.sys [93184 2009-07-13] () [File not signed]
R0 spldr; C:\Windows\System32\Drivers\spldr.sys [19008 2009-07-13] ()
R3 srv; C:\Windows\System32\DRIVERS\srv.sys [461312 2011-04-28] () [File not signed]
R3 srv2; C:\Windows\System32\DRIVERS\srv2.sys [399872 2011-04-28] () [File not signed]
R3 srvnet; C:\Windows\System32\DRIVERS\srvnet.sys [161792 2011-04-28] () [File not signed]
S3 stexstor; C:\Windows\system32\DRIVERS\stexstor.sys [24656 2009-07-13] () [File not signed]
R3 STHDA; C:\Windows\System32\DRIVERS\stwrt64.sys [487424 2009-06-28] () [File not signed]
R3 swenum; C:\Windows\System32\DRIVERS\swenum.sys [12496 2009-07-13] () [File not signed]
R1 Tcpip; C:\Windows\System32\drivers\tcpip.sys [1895280 2012-03-30] () [File not signed]
S3 TCPIP6; C:\Windows\System32\DRIVERS\tcpip.sys [1895280 2012-03-30] () [File not signed]
R2 tcpipreg; C:\Windows\System32\drivers\tcpipreg.sys [44544 2009-07-13] () [File not signed]
S3 TDPIPE; C:\Windows\System32\drivers\tdpipe.sys [15872 2009-07-13] () [File not signed]
S3 TDTCP; C:\Windows\System32\drivers\tdtcp.sys [23552 2012-02-14] () [File not signed]
R1 tdx; C:\Windows\System32\DRIVERS\tdx.sys [99840 2009-07-13] () [File not signed]
R1 TermDD; C:\Windows\System32\DRIVERS\termdd.sys [62544 2009-07-13] () [File not signed]
S3 tssecsrv; C:\Windows\System32\DRIVERS\tssecsrv.sys [38400 2009-07-13] () [File not signed]
S3 tunnel; C:\Windows\System32\DRIVERS\tunnel.sys [125440 2009-07-13] () [File not signed]
S3 uagp35; C:\Windows\system32\DRIVERS\uagp35.sys [64080 2009-07-13] () [File not signed]
S4 udfs; C:\Windows\System32\DRIVERS\udfs.sys [327680 2010-04-08] () [File not signed]
S3 uliagpkx; C:\Windows\system32\DRIVERS\uliagpkx.sys [64592 2009-07-13] () [File not signed]
R3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2009-07-13] () [File not signed]
S3 UmPass; C:\Windows\system32\DRIVERS\umpass.sys [9728 2009-07-13] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] () [File not signed]
R3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99328 2011-03-28] () [File not signed]
S3 usbcir; C:\Windows\system32\DRIVERS\usbcir.sys [100352 2009-07-13] () [File not signed]
R3 usbehci; C:\Windows\System32\DRIVERS\usbehci.sys [52224 2011-03-28] () [File not signed]
R3 usbhub; C:\Windows\System32\DRIVERS\usbhub.sys [343040 2011-03-28] () [File not signed]
S3 usbohci; C:\Windows\system32\drivers\usbohci.sys [25600 2011-03-28] () [File not signed]
S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] () [File not signed]
S3 USBSTOR; C:\Windows\System32\DRIVERS\USBSTOR.SYS [91136 2011-03-10] () [File not signed]
R3 usbuhci; C:\Windows\System32\DRIVERS\usbuhci.sys [30720 2011-03-28] () [File not signed]
R3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [184832 2010-03-03] () [File not signed]
R0 vdrvroot; C:\Windows\System32\DRIVERS\vdrvroot.sys [36432 2009-07-13] () [File not signed]
S3 vga; C:\Windows\System32\DRIVERS\vgapnp.sys [29184 2009-07-13] () [File not signed]
R1 VgaSave; C:\Windows\System32\drivers\vga.sys [29184 2009-07-13] () [File not signed]
S3 vhdmp; C:\Windows\system32\DRIVERS\vhdmp.sys [217680 2009-07-13] () [File not signed]
S3 viaide; C:\Windows\system32\DRIVERS\viaide.sys [17488 2009-07-13] () [File not signed]
R0 volmgr; C:\Windows\System32\DRIVERS\volmgr.sys [71760 2009-07-13] () [File not signed]
R0 volmgrx; C:\Windows\System32\drivers\volmgrx.sys [363584 2009-07-13] () [File not signed]
R0 volsnap; C:\Windows\System32\DRIVERS\volsnap.sys [294992 2009-07-13] () [File not signed]
S3 vsmraid; C:\Windows\system32\DRIVERS\vsmraid.sys [161872 2009-07-13] () [File not signed]
R3 vwifibus; C:\Windows\System32\DRIVERS\vwifibus.sys [24576 2009-07-13] () [File not signed]
R1 vwififlt; C:\Windows\System32\DRIVERS\vwififlt.sys [59904 2009-07-13] () [File not signed]
S3 WacomPen; C:\Windows\system32\DRIVERS\wacompen.sys [27776 2009-07-13] () [File not signed]
S3 WANARP; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-13] () [File not signed]
R1 Wanarpv6; C:\Windows\System32\DRIVERS\wanarp.sys [88576 2009-07-13] () [File not signed]
S3 Wd; C:\Windows\system32\DRIVERS\wd.sys [21056 2009-07-13] () [File not signed]
R0 Wdf01000; C:\Windows\System32\drivers\Wdf01000.sys [654928 2009-07-13] () [File not signed]
R1 WfpLwf; C:\Windows\System32\DRIVERS\wfplwf.sys [12800 2009-07-13] () [File not signed]
S3 WimFltr; C:\Windows\System32\DRIVERS\wimfltr.sys [151656 2006-11-01] () [File not signed]
S3 WIMMount; C:\Windows\System32\drivers\wimmount.sys [22096 2009-07-13] () [File not signed]
S3 WinUsb; C:\Windows\System32\DRIVERS\WinUsb.sys [40448 2009-07-13] () [File not signed]
R3 WmiAcpi; C:\Windows\System32\DRIVERS\wmiacpi.sys [14336 2009-07-13] () [File not signed]
S4 ws2ifsl; C:\Windows\system32\drivers\ws2ifsl.sys [21504 2009-07-13] () [File not signed]
R3 WudfPf; C:\Windows\System32\drivers\WudfPf.sys [112128 2009-07-13] () [File not signed]
S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [172544 2009-07-13] () [File not signed]
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] () [File not signed]
U5 d8a9369b330a0d5b; <===== ATTENTION: Locked Service
S1 {4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64; system32\drivers\{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64.sys [X]
S1 {4df60d2c-927b-478c-83f0-b7dc923bae60}w64; system32\drivers\{4df60d2c-927b-478c-83f0-b7dc923bae60}w64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-13 13:17 - 2016-03-13 13:18 - 00037124 _____ C:\Users\Katrina\Desktop\FRST.txt
2016-03-13 13:17 - 2016-03-13 13:17 - 02374144 _____ (Farbar) C:\Users\Katrina\Desktop\FRST64.exe
2016-03-13 13:17 - 2016-03-13 13:17 - 00000000 ____D C:\FRST
2016-03-13 13:14 - 2016-03-13 13:15 - 00000000 ___HD C:\Windows\AxInstSV
2016-03-13 13:03 - 2016-03-13 13:03 - 00000383 _____ C:\siw_debug.txt
2016-03-13 13:02 - 2016-03-13 13:04 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\siw_tmp
2016-03-13 13:02 - 2016-03-13 13:02 - 00000000 ____D C:\Users\Katrina\AppData\Local\CrashRpt
2016-03-13 12:40 - 2016-03-13 12:40 - 00000000 ____D C:\Users\Katrina\AppData\Local\{F2958949-F7E5-4F84-AE40-6EDF184BAD05}
2016-03-04 07:28 - 2016-03-04 07:28 - 00000000 ____D C:\Program Files (x86)\LuckkyuCCoupon
2016-03-04 07:26 - 2016-03-04 07:26 - 00000000 ____D C:\Users\Katrina\AppData\Local\{4C20FEC3-1437-43F0-826B-72F93CA59986}
2016-03-02 07:28 - 2016-03-02 07:28 - 00000000 ____D C:\Users\Katrina\AppData\Local\{03C2AFB4-C36D-4CAF-8FBE-3006CBDD7A16}
2016-03-02 07:27 - 2016-03-02 07:27 - 00000258 __RSH C:\ProgramData\ntuser.pol
2016-03-02 07:23 - 2016-03-02 07:23 - 00000000 ____D C:\ProgramData\374311380
2016-03-02 07:06 - 2016-03-02 07:06 - 00000000 ____D C:\Program Files (x86)\FliashCoupon
2016-03-02 01:25 - 2016-03-02 04:55 - 00000000 ____D C:\RescueCD Logs
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-03-13 13:17 - 2009-07-13 23:13 - 00726444 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-13 13:17 - 2009-07-13 21:20 - 00000000 ____D C:\Windows\inf
2016-03-13 13:14 - 2010-04-13 21:12 - 00000900 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-13 13:13 - 2010-04-13 21:12 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-13 13:13 - 2010-04-13 19:43 - 00000000 ____D C:\Users\Katrina\Tracing
2016-03-13 13:12 - 2009-07-13 23:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-13 13:08 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-13 13:08 - 2009-07-13 22:45 - 00014240 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-13 12:39 - 2009-07-13 23:08 - 00032572 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2016-03-13 12:38 - 2011-01-07 16:47 - 00000000 ____D C:\Windows\pss
2016-03-13 12:38 - 2010-04-13 21:11 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\Skype
2016-03-13 12:32 - 2013-02-21 17:28 - 00000047 _____ C:\Users\Katrina\AppData\LocalLow\rbxcsettings.rbx
2016-03-13 12:30 - 2012-05-10 20:35 - 00000936 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001UA.job
2016-03-13 12:30 - 2012-05-10 20:35 - 00000914 _____ C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001Core.job
2016-03-13 12:30 - 2010-04-13 21:19 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\skypePM
2016-03-04 09:01 - 2014-09-07 22:35 - 00000000 ____D C:\ProgramData\LuckkyuCCoupon
2016-03-04 09:01 - 2010-04-13 21:12 - 00000000 ____D C:\Program Files\Google
2016-03-04 09:01 - 2010-04-13 21:11 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-04 07:55 - 2011-12-16 09:36 - 00000000 __SHD C:\Windows\SysWOW64\AI_RecycleBin
2016-03-04 07:50 - 2011-01-11 12:56 - 00000000 ____D C:\Users\Katrina\AppData\Roaming\FrostWire
2016-03-04 07:49 - 2010-04-29 21:53 - 00000000 ____D C:\Users\Katrina\AppData\Local\Adobe
2016-03-04 07:49 - 2010-04-13 21:12 - 00000000 ____D C:\Users\Katrina\AppData\Local\Google
2016-03-04 07:49 - 2010-04-13 21:11 - 00000000 ____D C:\ProgramData\Google
2016-03-04 07:49 - 2010-04-08 01:41 - 00000000 ____D C:\ProgramData\Adobe
2016-03-04 07:28 - 2014-07-25 22:34 - 00000000 ____D C:\ProgramData\82d7777149726745
2016-03-02 07:31 - 2011-01-25 15:51 - 00001945 _____ C:\Windows\epplauncher.mif
2016-03-02 07:26 - 2014-10-06 22:47 - 00000000 ____D C:\ProgramData\FliashCoupon
2016-03-02 07:17 - 2010-05-01 14:47 - 00000000 ____D C:\Program Files (x86)\Ask.com
2016-03-02 03:01 - 2014-08-24 13:07 - 00000000 ____D C:\ProgramData\LuckyCoupon
2016-03-02 03:01 - 2014-07-27 12:16 - 00000000 ____D C:\ProgramData\FlaShCouuppono
==================== Files in the root of some directories =======
2010-04-28 22:57 - 2010-04-28 22:57 - 0081920 _____ () C:\Users\Katrina\AppData\Roaming\DataSafeDotNet.exe
2011-04-04 22:39 - 2011-06-21 22:00 - 0000872 _____ () C:\Users\Katrina\AppData\Roaming\Rim.Desktop.Exception.log
2011-04-04 22:38 - 2011-04-04 22:38 - 0001153 _____ () C:\Users\Katrina\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2010-08-25 20:27 - 2013-09-23 21:26 - 0005144 _____ () C:\Users\Katrina\AppData\Roaming\wklnhst.dat
2010-11-20 15:27 - 2010-11-20 15:27 - 0003584 _____ () C:\Users\Katrina\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-04-13 21:19 - 2010-04-13 21:19 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some files in TEMP:
====================
C:\Users\Katrina\AppData\Local\Temp\AdobeAIRInstaller.exe
C:\Users\Katrina\AppData\Local\Temp\MSN193C.exe
C:\Users\Katrina\AppData\Local\Temp\OfficeSetup.exe
C:\Users\Katrina\AppData\Local\Temp\setup.exe
C:\Users\Katrina\AppData\Local\Temp\Setup.X86.en-US_HomeStudentRetail_e4fc851f-5ff9-423f-bb2b-a20f68cfa74e_TX_PR_ (1).exe
C:\Users\Katrina\AppData\Local\Temp\Setup.X86.en-US_HomeStudentRetail_e4fc851f-5ff9-423f-bb2b-a20f68cfa74e_TX_PR_.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys
[2009-07-13 17:20] - [2009-07-13 19:45] - 0294992 ____A () D41D8CD98F00B204E9800998ECF8427E
C:\Windows\system32\Drivers\volsnap.sys => no Company Name <===== ATTENTION
testsigning: ==> 'testsigning' is set. Check for possible unsigned driver <===== ATTENTION
LastRegBack: 2013-01-17 16:26
==================== End of FRST.txt ============================
Addition.txt
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Katrina (2016-03-13 13:19:08)
Running from C:\Users\Katrina\Desktop
Windows 7 Home Premium (X64) (2010-04-14 01:20:15)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1913726647-2047149097-3475585360-500 - Administrator - Disabled)
Guest (S-1-5-21-1913726647-2047149097-3475585360-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1913726647-2047149097-3475585360-1002 - Limited - Enabled)
Katrina (S-1-5-21-1913726647-2047149097-3475585360-1001 - Administrator - Enabled) => C:\Users\Katrina
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.7.609 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Apple Application Support (HKLM-x32\...\{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}) (Version: 2.1.7 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B8AD779A-82DA-4365-A7D0-AD3DCFC55CFF}) (Version: 5.1.1.4 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.)
BlackBerry Desktop Software 6.0.1 (HKLM-x32\...\BlackBerry_Desktop) (Version: 6.0.1.18 - Research In Motion Ltd.)
BlackBerry Desktop Software 6.0.1 (x32 Version: 6.0.1.18 - Research In Motion Ltd.) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.02 - Piriform)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.104.115.102 - Alps Electric)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Dell Wireless WLAN Card Utility (HKLM\...\Dell Wireless WLAN Card Utility) (Version: 5.30.21.0 - Dell Inc.)
FrostWire 4.21.3 (HKLM-x32\...\FrostWire) (Version: 4.21.3.0 - FrostWire Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.114 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
iTunes (HKLM\...\{4BDE7544-0A08-4AD9-8A8F-4B7944471C36}) (Version: 10.6.0.40 - Apple Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: - Malwarebytes Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2010 Service Pack 1 (SP1) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}) (Version: - Microsoft)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4454.1511 - Microsoft Corporation)
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (HKLM\...\{EE936C7A-EA40-31D5-9B65-8E3E089C3828}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MobileMe Control Panel (HKLM\...\{3C5E60F1-0821-4B07-97EA-84EB5A927CF6}) (Version: 3.1.6.0 - Apple Inc.)
Office 15 Click-to-Run Licensing Component (Version: 15.0.4454.1511 - Microsoft Corporation) Hidden
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.6029 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
QuickTime (HKLM-x32\...\{C9E14402-3631-4182-B377-6B0DFB1C0339}) (Version: 7.70.80.34 - Apple Inc.)
Roxio Burn (HKLM-x32\...\{B2E47DE7-800B-40BB-BD1F-9F221C3AEE87}) (Version: 1.01 - Roxio)
Skype Toolbars (HKLM-x32\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Skype™ 4.2 (HKLM-x32\...\{D103C4BA-F905-437A-8049-DB24763BBE36}) (Version: 4.2.158 - Skype Technologies S.A.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {14448416-68C6-4363-B885-65A13F53FA7C} - System32\Tasks\{DF0D8AE4-BC86-406B-B018-EBE6905974BF} => C:\Program Files (x86)\Skype\Phone\Skype.exe [2010-04-06] (Skype Technologies S.A.)
Task: {1E755429-1E79-4B13-827E-54297C44E24B} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-13] (Google Inc.)
Task: {3358239F-1772-4A11-8C98-C3A0300E68D6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-13] (Google Inc.)
Task: {47940C08-2B0E-4A1B-9CA1-90DB526F877B} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {56FB3172-472C-4249-876A-A981C2B5BF97} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001Core => C:\Users\Katrina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17] (Facebook Inc.)
Task: {61055D94-A6BB-495F-AF51-FA1D75FA9CBD} - System32\Tasks\{81AA38E6-61C9-4DD3-A99D-F725B2D83F07} => pcalua.exe -a D:\HijackThis.exe -d D:\
Task: {6F40C4A0-80E9-4A59-B7CD-EB7FD66AEF31} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B196F75D-16BB-4C98-A6AA-94BC802917AD} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001UA => C:\Users\Katrina\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-17] (Facebook Inc.)
Task: {B2C1FDE9-918F-46D4-82B3-E4D082817D49} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2012-12-07] (Microsoft Corporation)
Task: {D07540CA-916E-4E2A-8551-5F805A7CE81F} - System32\Tasks\D5SD7BL1\Administrator - Start WLAN Tray Applet => C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRAY.EXE [2009-07-16] (Dell Inc.)
Task: {EEDC901B-B832-4BC1-9104-015677737647} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\iWin Games\iWinGames.exe
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001Core.job => C:\Users\Katrina\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1913726647-2047149097-3475585360-1001UA.job => C:\Users\Katrina\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2011-12-15 21:12 - 2011-10-25 23:19 - 00043520 _____ () C:\Windows\system32\CSRSRV.dll
2009-07-13 17:19 - 2009-07-13 19:41 - 00036864 _____ () C:\Windows\system32\pcwum.dll
2009-07-13 17:19 - 2009-07-13 19:41 - 00036864 _____ () c:\windows\system32\pcwum.DLL
2009-07-13 17:19 - 2009-07-13 19:41 - 00036864 _____ () c:\windows\system32\pcwum.dll
2010-04-08 01:40 - 2009-07-16 19:06 - 00033280 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\WLTRYSVC.EXE
2010-04-08 01:40 - 2009-07-16 19:06 - 00058368 _____ () C:\Program Files\Dell\Dell Wireless WLAN Card\bcmwlrmt.dll
2013-02-28 20:15 - 2012-11-24 18:13 - 00373312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2013-02-28 20:15 - 2012-12-07 08:04 - 00513616 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2013-02-28 20:15 - 2012-12-07 08:05 - 00607312 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 22:56 - 2011-06-24 22:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-07-27 12:16 - 2014-07-27 12:16 - 00449024 _____ () C:\ProgramData\FlaShCouuppono\I_KqTQF.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:4A74A9A7 [128]
AlternateDataStreams: C:\ProgramData\TEMP:DFC5A2B2 [252]
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2011-01-08 15:59 - 2011-01-08 13:44 - 00000824 ___RA C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1913726647-2047149097-3475585360-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Katrina\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 2) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupfolder: C:^Users^Katrina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Katrina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Facebook Messenger.lnk => C:\Windows\pss\Facebook Messenger.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Katrina^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^LimeWire On Startup.lnk => C:\Windows\pss\LimeWire On Startup.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: AppleSyncNotifier => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ares => "C:\Program Files (x86)\Ares\Ares.exe" -h
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: DellSupportCenter => "C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
MSCONFIG\startupreg: Desktop Disc Tool => "c:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
MSCONFIG\startupreg: DW6 => "C:\Program Files (x86)\The Weather Channel FW\Desktop\DesktopWeather.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Katrina\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Gamevance => C:\Program Files (x86)\Gamevance\gamevance32.exe a
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: My Security Shield => "C:\ProgramData\6ffaa86\MS6ffa_302.exe" /s /d
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: PDVDDXSrv => "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
MSCONFIG\startupreg: smmyiyqm => C:\Users\Katrina\AppData\Local\Temp\wxyehrjvd\tqhutfmaffm.exe
MSCONFIG\startupreg: swg => "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{8C4C02A5-5E71-4326-B6A4-61265FEFD981}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PowerDVD.exe
FirewallRules: [{377CED40-80D9-4253-B52D-A4B08E2985FC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
FirewallRules: [{5D01657A-BDAB-42ED-AF15-A06799F74EDB}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{74F96A34-FF03-481E-A66F-E12E7356E956}] => (Allow) svchost.exe
FirewallRules: [{C6C988B0-8E8A-4A27-9F96-6E2FF61FC5B1}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe
FirewallRules: [{E5AE3DE6-7AF2-4F7A-8042-AB3D4996638A}] => (Allow) C:\Program Files (x86)\Common Files\Mcafee\MNA\McNaSvc.exe
FirewallRules: [{C363E2E9-7AF7-4453-955F-39D0AAA57CA8}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{075F6029-ABEC-4CEA-AB30-143EC8135B77}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [{BCF96557-107B-42D9-BC87-DD297C6456E7}] => (Allow) C:\Program Files (x86)\LimeWire\LimeWire.exe
FirewallRules: [{19752848-D692-46DD-8B4D-0906E32E5C2F}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{BBF365C9-7EDC-4817-8571-9AED7E5C9BFB}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [TCP Query User{12AF28F1-AF6E-4923-91A8-7CD2DDF2B815}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{0A193A02-0BED-4122-BFBF-3C9F98C60823}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [{BC6BE23D-D8B9-44E7-AE82-1038E541F9A5}] => (Allow) C:\ProgramData\6ffaa86\MS6ffa_302.exe
FirewallRules: [{05A9A756-F0BA-4460-964D-DE86F16C19ED}] => (Allow) C:\ProgramData\6ffaa86\MS6ffa_302.exe
FirewallRules: [{E6A23121-3206-458C-9F19-B864073A0C40}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{BB9C57E7-908E-4163-B1CB-BA734B4AD362}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{75421F6A-EEFE-404F-ADF0-14084C0949FD}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{190BD70A-C25D-482E-A855-CB06FE48DE6D}] => (Allow) C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{182CD473-BC20-4AE0-A24B-C4696448CBE7}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{8C25C4FA-9FE1-4163-88B0-EEE71CEEE23A}] => (Allow) LPort=2869
FirewallRules: [{A778C053-1447-4CC5-941F-2E62DAD64C21}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{9A2E156E-9D21-4BDA-83A7-AB3EE9E77C88}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{C9FD39F1-8F1A-402A-B735-F514ED902872}C:\program files (x86)\ares\ares.exe] => (Block) C:\program files (x86)\ares\ares.exe
FirewallRules: [{C9C14AD2-EE22-41E9-973D-9466B073A4D9}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F9E0A073-B987-4077-B17A-75E2B8E2A97E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{514F999B-3C6F-4EE5-8F0C-10C99C72FB81}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [{1DB947CF-4ACD-44F1-8B9C-0033B574797A}] => (Allow) C:\Program Files (x86)\FrostWire\FrostWire.exe
FirewallRules: [TCP Query User{3337604A-1593-48A0-8D4E-7A376DFF5565}C:\program files (x86)\frostwire\frostwire.exe] => (Block) C:\program files (x86)\frostwire\frostwire.exe
FirewallRules: [UDP Query User{305A20FB-FD0D-4622-A46D-E42313FB3DB6}C:\program files (x86)\frostwire\frostwire.exe] => (Block) C:\program files (x86)\frostwire\frostwire.exe
FirewallRules: [TCP Query User{6F9AA430-AC77-4659-B45D-4160C47B50D6}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{5F421D04-EF32-4A0E-BFCC-D16E16EBA680}C:\program files (x86)\internet explorer\iexplore.exe] => (Allow) C:\program files (x86)\internet explorer\iexplore.exe
FirewallRules: [{9DD5A539-F173-4F81-A81E-0A1F0FE365C8}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{4E15EFB8-219D-47AA-A9ED-A56B2C967E62}] => (Allow) C:\Program Files (x86)\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
FirewallRules: [{4E2E65BD-5205-4853-95FB-78DF9950E32D}] => (Allow) LPort=4481
FirewallRules: [{241A6D64-0B36-4CFB-9CFC-5FED45AE14A0}] => (Allow) LPort=4481
FirewallRules: [{68E2A4B4-CA9B-4A6F-8AC8-3FEBDB58A43C}] => (Allow) LPort=4482
FirewallRules: [{3D9262DF-6841-423B-BA8F-D0570B11882D}] => (Allow) LPort=4482
FirewallRules: [{7156CEF4-D952-4CBF-A972-C67E3DEAE7F6}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{E0BB488D-AA7B-4909-AD95-A35A61E18108}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{8695175A-0723-44F8-BE9D-1C47FCA25F9B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{F2D217B7-186B-4A63-9296-CE97A67FAE4E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3807B484-6B28-44BA-8F83-DF490CF51248}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{52C6D636-27F7-45A4-80C4-552883F813BE}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
==================== Restore Points =========================
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/13/2016 12:38:35 PM) (Source: EventSystem) (EventID: 4622) (User: )
Description: 80070005{AA44355E-6911-4447-BA5D-6720480579AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}
Error: (03/04/2016 06:09:50 PM) (Source: Google Update) (EventID: 20) (User: Katrina-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (03/04/2016 06:09:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7216232
Error: (03/04/2016 06:09:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 7216232
Error: (03/04/2016 06:09:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/04/2016 04:08:27 PM) (Source: Google Update) (EventID: 20) (User: Katrina-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook...maha/update.php
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http s
Error: (03/04/2016 07:44:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 5133
Error: (03/04/2016 07:44:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 5133
Error: (03/04/2016 07:44:48 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (03/04/2016 07:44:47 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3900
System errors:
=============
Error: (03/13/2016 01:13:07 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64
{4df60d2c-927b-478c-83f0-b7dc923bae60}w64
Error: (03/13/2016 01:13:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Yula service failed to start due to the following error:
%%2
Error: (03/13/2016 01:13:02 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Yula service failed to start due to the following error:
%%2
Error: (03/13/2016 01:12:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2
Error: (03/13/2016 01:02:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The cpuz138 service failed to start due to the following error:
%%31
Error: (03/13/2016 12:39:35 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
{4bbc3b2f-4023-460e-8404-cfddb6e4477d}w64
{4df60d2c-927b-478c-83f0-b7dc923bae60}w64
Error: (03/13/2016 12:39:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Util Yula service failed to start due to the following error:
%%2
Error: (03/13/2016 12:39:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Yula service failed to start due to the following error:
%%2
Error: (03/13/2016 12:39:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Dock Login Service service failed to start due to the following error:
%%2
Error: (03/13/2016 12:38:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
CodeIntegrity:
===================================
Date: 2012-08-28 16:27:47.042
Description: N/A
Date: 2012-08-28 16:27:46.793
Description: N/A
Date: 2011-05-06 22:15:08.268
Description: N/A
Date: 2011-05-06 22:15:08.241
Description: N/A
==================== Memory info ===========================
Processor: Pentium® Dual-Core CPU T4400 @ 2.20GHz
Percentage of memory in use: 42%
Total physical RAM: 3032.36 MB
Available physical RAM: 1731.52 MB
Total Virtual: 6062.87 MB
Available Virtual: 4663.49 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:218.2 GB) (Free:145.3 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 232.9 GB) (Disk ID: 430A03C8)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=218.2 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================
Thanks in Advance,
Rob