Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-08-2013 04
- Ran by Koester (administrator) on 20-08-2013 19:47:03
- Running from C:\Users\Koester\Desktop
- Windows 7 Ultimate Service Pack 1 (X64) OS Language: English(US)
- Internet Explorer Version 10
- Boot Mode: Normal
- ==================== Processes (Whitelisted) =================
- (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
- (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
- (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
- (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
- (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
- (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
- (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
- () C:\Program Files\ATKGFNEX\GFNEXSrv.exe
- (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
- (Adobe Systems Incorporated) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
- (National Instruments Corporation) C:\Windows\SysWOW64\lkads.exe
- (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
- ( ) C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe
- (National Instruments Corporation) C:\Program Files (x86)\National Instruments\MAX\nimxs.exe
- (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe
- (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe
- (Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
- (Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
- () C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
- (Raxco Software, Inc.) C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
- () C:\Windows\SysWOW64\PnkBstrA.exe
- (ATK) C:\Program files\P4G\BatteryLife.exe
- () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
- (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
- (National Instruments, Inc.) C:\Windows\SysWOW64\lkcitdl.exe
- (National Instruments Corporation) C:\Windows\SysWOW64\lktsrv.exe
- (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe
- (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe
- (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
- (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe
- (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
- (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe
- (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe
- (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe
- (National Instruments Corporation) C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe
- (ASUS) C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
- (ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
- (ASUS) C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
- (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
- (Mozilla Corporation) C:\Program Files\Waterfox\waterfox.exe
- ==================== Registry (Whitelisted) ==================
- HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [7350912 2010-02-04] (ASUS)
- HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
- HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
- HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [348624 2012-05-02] (Avira Operations GmbH & Co. KG)
- BootExecute: PDBoot.exeautocheck autochk *
- ==================== Internet (Whitelisted) ====================
- HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
- HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
- StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
- SearchScopes: HKCU - {F7C7A225-4F75-4291-9DA0-09ACC5116F97} URL = http://www.mysearchresults.com/search?c=4005&t=14&q={searchTerms}
- BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
- BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
- BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
- BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
- BHO-x32: HistoryTriggerBHO Class - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
- BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
- BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
- BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
- BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
- Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File
- Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
- Winsock: Catalog5 01 %SystemRoot%\System32\mswsock.dll [232448] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
- Winsock: Catalog5 10 C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [24320] (National Instruments Corporation)
- Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [326144] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
- Winsock: Catalog5-x64 10 C:\Program Files\National Instruments\Shared\mDNS Responder\nimdnsNSP.dll [26368] (National Instruments Corporation)
- Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
- FireFox:
- ========
- FF ProfilePath: C:\Users\Koester\AppData\Roaming\Mozilla\Firefox\Profiles\0uwboc2e.default
- FF Homepage: www.heise.de
- FF NetworkProxy: "type", 0
- FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll ()
- FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
- FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
- FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
- FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
- FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll ()
- FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
- FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
- FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
- FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
- FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
- FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll No File
- FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
- FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
- FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
- FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
- FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
- FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
- FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
- FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
- FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
- FF Plugin-x32: @veetle.com/veetleCorePlugin,version=0.9.19 - C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
- FF Plugin-x32: @veetle.com/veetlePlayerPlugin,version=0.9.18 - C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
- FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
- FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\The Settlers 7 - Paths to a Kingdom\Data\Base\_Dbg\Bin\Release\orbit\npuplaypc.dll (Ubisoft)
- FF Extension: Adblock Plus Pop-up Addon - C:\Users\Koester\AppData\Roaming\Mozilla\Firefox\Profiles\0uwboc2e.default\Extensions\adblockpopups@jessehakanen.net
- FF Extension: No Name - C:\Users\Koester\AppData\Roaming\Mozilla\Firefox\Profiles\0uwboc2e.default\Extensions\staged
- FF Extension: adblockpopups - C:\Users\Koester\AppData\Roaming\Mozilla\Firefox\Profiles\0uwboc2e.default\Extensions\adblockpopups@jessehakanen.net.xpi
- FF Extension: elemhidehelper - C:\Users\Koester\AppData\Roaming\Mozilla\Firefox\Profiles\0uwboc2e.default\Extensions\elemhidehelper@adblockplus.org.xpi
- FF Extension: fhdp - C:\Users\Koester\AppData\Roaming\Mozilla\Firefox\Profiles\0uwboc2e.default\Extensions\fhdp@fhdp.tv.xpi
- FF Extension: printedit - C:\Users\Koester\AppData\Roaming\Mozilla\Firefox\Profiles\0uwboc2e.default\Extensions\printedit@DW-dev.xpi
- FF Extension: No Name - C:\Users\Koester\AppData\Roaming\Mozilla\Firefox\Profiles\0uwboc2e.default\Extensions\{09408840-3f84-11dd-ae16-0800200c9a66}.xpi
- FF Extension: No Name - C:\Users\Koester\AppData\Roaming\Mozilla\Firefox\Profiles\0uwboc2e.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
- FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
- FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
- Chrome:
- =======
- Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
- CHR Extension: (DealPly Shopping) - C:\Users\Koester\AppData\Local\Google\Chrome\User Data\Default\Extensions\mphpbdjcljebbcnfopfngmfdackbbdgf\3.5.0.0_0
- CHR HKLM-x32\...\Chrome\Extension: [bkomkajifikmkfnjgphkjcfeepbnojok] - C:\Program Files (x86)\PriceGong\2.6.11\pricegong.crx
- CHR HKLM-x32\...\Chrome\Extension: [dednnpigldgdbpgcdpfppmlcnnbjciel] - C:\Users\Koester\AppData\Roaming\Media Finder\Extensions\gencrawler_gc.crx
- CHR HKLM-x32\...\Chrome\Extension: [kkfggacklibaabdomphfdpcodjgihgon] - C:\Program Files (x86)\FirstRowSportApp.com\stv10.crx
- CHR HKLM-x32\...\Chrome\Extension: [lpmkgpnbiojfaoklbkpfneikocaobfai] - C:\Users\Koester\AppData\Roaming\Media Finder\Extensions\mf_plugin_gc.crx
- CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx
- ==================== Services (Whitelisted) =================
- R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [86224 2012-05-02] (Avira Operations GmbH & Co. KG)
- R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [110032 2012-05-02] (Avira Operations GmbH & Co. KG)
- R2 ATKGFNEXSrv; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [94208 2007-08-08] ()
- R2 LkCitadelServer; C:\Windows\SysWOW64\lkcitdl.exe [695136 2011-05-06] (National Instruments, Inc.)
- R2 lkClassAds; C:\Windows\SysWOW64\lkads.exe [50328 2012-06-05] (National Instruments Corporation)
- R2 lkTimeSync; C:\Windows\SysWOW64\lktsrv.exe [60568 2012-06-05] (National Instruments Corporation)
- R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
- S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
- R2 mitsijm2013; C:\Program Files\Autodesk\Inventor 2013\Moldflow\bin\mitsijm.exe [339776 2012-01-31] ( )
- R2 mxssvr; C:\Program Files (x86)\National Instruments\MAX\nimxs.exe [51360 2012-05-22] (National Instruments Corporation)
- R2 NIApplicationWebServer; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [53960 2012-05-22] (National Instruments Corporation)
- S4 NIApplicationWebServer64; C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe [76488 2012-05-22] (National Instruments Corporation)
- R2 NIDomainService; C:\Program Files (x86)\National Instruments\Shared\Security\nidmsrv.exe [370328 2012-06-05] (National Instruments Corporation)
- S3 NILM License Manager; C:\Program Files (x86)\National Instruments\Shared\License Manager\Bin\lmgrd.exe [1427688 2010-08-02] (Macrovision Corporation)
- R2 nimDNSResponder; C:\Program Files (x86)\National Instruments\Shared\mDNS Responder\nimdnsResponder.exe [258776 2012-05-31] (National Instruments Corporation)
- R2 NINetworkDiscovery; C:\Program Files (x86)\National Instruments\Shared\NI Network Discovery\niDiscSvc.exe [169192 2012-06-05] (National Instruments Corporation)
- R2 niSvcLoc; C:\Program Files (x86)\National Instruments\Shared\NI WebServer\SystemWebServer.exe [53952 2012-05-22] (National Instruments Corporation)
- R2 NITaggerService; C:\Program Files (x86)\National Instruments\Shared\Tagger\tagsrv.exe [680624 2012-06-07] (National Instruments Corporation)
- R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-11-29] (Nitro PDF Software)
- S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [36352 2010-11-08] ()
- R2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [80896 2011-03-31] ()
- R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [75064 2011-10-19] ()
- ==================== Drivers (Whitelisted) ====================
- S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus64.sys [19456 2010-12-23] (LG Electronics Inc.)
- S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag64.sys [27648 2010-12-23] (LG Electronics Inc.)
- S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps64.sys [27136 2010-12-23] (LG Electronics Inc.)
- S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem64.sys [34304 2010-12-23] (LG Electronics Inc.)
- S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2011-09-06] (Google Inc)
- R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
- R2 ASMMAP64; C:\Program Files\ATKGFNEX\ASMMAP64.sys [14904 2007-07-24] ()
- R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [98848 2012-04-25] (Avira GmbH)
- R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132832 2012-04-27] (Avira GmbH)
- R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [27760 2012-05-02] (Avira GmbH)
- S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2010-07-15] ()
- S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2010-07-15] ()
- S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2010-07-15] ()
- S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2010-07-15] ()
- R3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
- R3 ITECIRfilter; C:\Windows\System32\DRIVERS\ITECIRfilter.sys [28264 2011-03-22] (ITE Tech. Inc. )
- R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
- R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
- R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
- R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
- R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
- R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
- S3 NIEthernetDeviceEnumerator; C:\Windows\System32\DRIVERS\niede.sys [38064 2010-06-15] (National Instruments Corporation)
- S3 NMgamingmsFltr; C:\Windows\System32\drivers\NMgamingms.sys [11264 2009-07-24] (Primax Ltd)
- R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-04-11] ()
- S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2011-04-27] (LG Electronics Inc.)
- S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2011-04-27] (LG Electronics Inc.)
- S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2011-04-27] (LG Electronics Inc.)
- S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2013-01-08] (Wondershare)
- U3 ahr9spj4; C:\Windows\System32\Drivers\ahr9spj4.sys [0 ] (Microsoft Corporation)
- S3 catchme; \??\C:\ComboFix\catchme.sys [x]
- S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [x]
- S1 StarOpen; No ImagePath
- S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
- S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
- S3 VGPU; System32\drivers\rdvgkmd.sys [x]
- S3 VMnetAdapter; system32\DRIVERS\vmnetadapter.sys [x]
- ========================== Drivers MD5 =======================
- C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
- C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
- C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
- C:\Windows\system32\drivers\afd.sys 1C7857B62DE5994A75B054A9FD4C3825
- C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
- C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
- C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
- C:\Windows\system32\drivers\amdsata.sys D4121AE6D0C0E7E13AA221AA57EF2D49
- C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
- C:\Windows\System32\drivers\amdxata.sys 540DAF1CEA6094886D72126FD7C33048
- C:\Windows\System32\DRIVERS\lgandbus64.sys 48CD7E6520D47D62EAB0E6CE3EC30C65
- C:\Windows\System32\DRIVERS\lganddiag64.sys 08CBACC00D15DCDBBAAE1A7C8F231C61
- C:\Windows\System32\DRIVERS\lgandgps64.sys CEA9A4CD6B3A83428CE8501240833668
- C:\Windows\System32\DRIVERS\lgandmodem64.sys E2B5663E547FA5E756B253EFA8EC8286
- C:\Windows\System32\Drivers\lgandnetadb.sys FCD37C63B42352BFABC17D593745B460
- C:\Windows\System32\Drivers\ssadadb.sys 3CF7A4350C9646D92F147D620EC0D363
- C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
- C:\Program Files\ATKGFNEX\ASMMAP64.sys 2DB34EDD17D3A8DA7105A19C95A3DD68
- C:\Program Files\ATKGFNEX\ASMMAP64.sys 2DB34EDD17D3A8DA7105A19C95A3DD68
- C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
- C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\athrx.sys A5E770426D18F8EF332A593F3289DA91
- C:\Windows\System32\DRIVERS\avgntflt.sys 26E38B5A58C6C55FAFBC563EEDDB0867
- C:\Windows\System32\DRIVERS\avipbb.sys 9D1F00BEFF84CBBF46D7F052BC7E0565
- C:\Windows\System32\DRIVERS\avkmgr.sys 248DB59FC86DE44D2779F4C7FB1A567D
- C:\Windows\system32\DRIVERS\bxvbda.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\b57nd60a.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\bridge.sys 5C2F352A4E961D72518261257AAE204B
- C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
- C:\Windows\system32\drivers\BthEnum.sys CF98190A94F62E405C8CB255018B2315
- C:\Windows\System32\DRIVERS\bthmodem.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\bthpan.sys 02DD601B708DD0667E1331FA8518E9FF
- C:\Windows\System32\Drivers\BTHport.sys 738D0E9272F59EB7A1449C3EC118E6C4
- C:\Windows\System32\Drivers\BTHUSB.sys F188B7394D81010767B6DF3178519A37
- C:\Windows\System32\drivers\btusbflt.sys 2641A3FE3D7B0646308F33B67F3B5300
- C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\circlass.sys ==> MD5 is legit
- C:\Windows\System32\CLFS.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
- C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\cng.sys AAFCB52FE0037207FB6FBEA070D25EFE
- C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
- C:\Windows\system32\drivers\CompositeBus.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
- C:\Windows\System32\drivers\csc.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\DefragFS.sys CEC7F24E28B40829C0FD2D523E72B5D3
- C:\Windows\System32\Drivers\dfsc.sys ==> MD5 is legit
- C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
- C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
- C:\Windows\System32\drivers\dxgkrnl.sys AF2E16242AA723F68F461B6EAE2EAD3D
- C:\Windows\System32\DRIVERS\E1G6032E.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\evbda.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\ElbyCDIO.sys A05FC7ECA0966EBB70E4D17B855A853B
- C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
- C:\Windows\system32\epmntdrv.sys 9EAFB3B3B60B8AD958985152A9309ACA
- C:\Windows\system32\epmntdrv.sys 9EAFB3B3B60B8AD958985152A9309ACA
- C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
- C:\Windows\system32\EuGdiDrv.sys FB949ED2C93C878A189039F3D7730942
- C:\Windows\system32\EuGdiDrv.sys FB949ED2C93C878A189039F3D7730942
- C:\Windows\system32\DRIVERS\fdc.sys ==> MD5 is legit
- C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
- C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\flpydisk.sys ==> MD5 is legit
- C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
- C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\Fs_Rec.sys 6BD9295CC032DD3077C671FCCF579A7B
- C:\Windows\System32\DRIVERS\fvevol.sys 8F6322049018354F45F05A2FD2D4E5E0
- C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\ggflt.sys A4198F2BD8AA592CB90476277A81B5E1
- C:\Windows\System32\DRIVERS\ggsemc.sys D266350BDAAB9EB6C1AEC370EEAAFF3A
- C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
- C:\Windows\system32\drivers\HdAudio.sys 975761C778E33CD22498059B91E7373A
- C:\Windows\system32\drivers\HDAudBus.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\hidir.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
- C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\ANDROIDUSB.sys F47CEC45FB85791D4AB237563AD0FA8F
- C:\Windows\System32\DRIVERS\htcnprot.sys B8B1B284362E1D8135112573395D5DA5
- C:\Windows\System32\drivers\HTTP.sys ==> MD5 is legit
- C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
- C:\Windows\system32\drivers\i8042prt.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\iaStor.sys BBB3B6DF1ABB0FE35802EDE85CC1C011
- C:\Windows\system32\drivers\iaStorV.sys AAAF44DB3BD0B9D1FB6969B23ECC8366
- C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys CAA8BC6737DFA3BF1A50175CFB226788
- C:\Windows\System32\drivers\RTKVHD64.sys F26B0F42FA499677D8938B94C2CCE7DD
- C:\Windows\system32\drivers\intelide.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
- C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
- C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
- C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
- C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
- C:\Windows\system32\drivers\msiscsi.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\itecir.sys 8D990A44B4F2B68E2C56A3724EC3EB84
- C:\Windows\System32\DRIVERS\ITECIRfilter.sys E5AAC07B053D15BA8F67BA7D49C20971
- C:\Windows\System32\DRIVERS\ivusb.sys 2F9F76349BB8C578873A58C840BA0589
- C:\Windows\system32\drivers\kbdclass.sys ==> MD5 is legit
- C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\kbfiltr.sys E63EF8C3271D014F14E2469CE75FECB4
- C:\Windows\System32\Drivers\ksecdd.sys 97A7070AEA4C058B6418519E869A63B4
- C:\Windows\System32\Drivers\ksecpkg.sys 7EFB9333E4ECCE6AE4AE9D777D9E553E
- C:\Windows\system32\drivers\ksthunk.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\lgbtpt64.sys 174803F2EEA3B22165DFE0E5A1F20685
- C:\Windows\System32\DRIVERS\lgbtbs64.sys 565F93BB7C0361E61B3DAEA670C354D6
- C:\Windows\System32\DRIVERS\lgvmdm64.sys ABF477857B7CED873362EC92C6CE10A7
- C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
- C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
- C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
- C:\Windows\system32\drivers\mbam.sys 0BB97D43299910CBFBA59C461B99B910
- C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
- C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
- C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
- C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
- C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
- C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\mrxsmb.sys A5D9106A73DC88564C825D317CAC68AC
- C:\Windows\System32\DRIVERS\mrxsmb10.sys D711B3C1D5F42C0C2415687BE09FC163
- C:\Windows\System32\DRIVERS\mrxsmb20.sys 9423E9D355C8D303E76B8CFBD8A5C30C
- C:\Windows\System32\drivers\msahci.sys ==> MD5 is legit
- C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
- C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
- C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
- C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
- C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
- C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
- C:\Windows\system32\drivers\mssmbios.sys ==> MD5 is legit
- C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\ATK64AMD.sys 032D35C996F21D19A205A7C8F0B76F3C
- C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
- C:\Windows\System32\drivers\ndis.sys 760E38053BF56E501D562B70AD796B88
- C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\ndisuio.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\NDProxy.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\niede.sys 4BF901A678408022003E4DB2445F7CE8
- C:\Windows\System32\drivers\NMgamingms.sys FBCA3FD51604147770EB4FB53D6144A8
- C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
- C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\Ntfs.sys B98F8C6E31CD07B2E6F71F7F648E38C0
- C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
- C:\Windows\System32\drivers\nvhda64v.sys 1F07B814C0BB5AABA703ABFF1F31F2E8
- C:\Windows\System32\DRIVERS\nvlddmkm.sys BA0B4889C40380A01ECDF84C227A89C9
- C:\Windows\system32\drivers\nvraid.sys 0A92CB65770442ED0DC44834632F66AD
- C:\Windows\system32\drivers\nvstor.sys DAB0E87525C10052BF65F06152F37E4A
- C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
- C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
- C:\Windows\System32\drivers\partmgr.sys E9766131EEADE40A27DC27D2D68FBA9C
- C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
- C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\pcouffin.sys AF7CE12C4F3DC8CB2B07685C916BBCFE
- C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
- C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\point64.sys 33328FA8A580885AB0065BE6DB266E9F
- C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
- C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\rdbss.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
- C:\Windows\System32\drivers\rdpdr.sys ==> MD5 is legit
- C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
- C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
- C:\Windows\System32\drivers\rdpvideominiport.sys 313F68E1A3E6345A4F47A36B07062F34
- C:\Windows\System32\Drivers\RDPWD.sys E61608AA35E98999AF9AAEEEA6114B0A
- C:\Windows\System32\drivers\rdyboost.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\rfcomm.sys 3DD798846E2C28102B922C56E71B7932
- C:\Windows\System32\DRIVERS\rimmpx64.sys 6FAF5B04BEDC66D300D9D233B2D222F0
- C:\Windows\System32\DRIVERS\rimspx64.sys 67F50C31713106FD1B0F286F86AA2B2E
- C:\Windows\System32\DRIVERS\rixdpx64.sys 4D7EF3D46346EC4C58784DB964B365DE
- C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\Rt64win7.sys EE082E06A82FF630351D1E0EBBD3D8D0
- C:\Windows\system32\drivers\vms3cap.sys ==> MD5 is legit
- C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
- C:\Windows\system32\drivers\sdbus.sys 111E0EBC0AD79CB0FA014B907B231CF0
- C:\Windows\system32\DRIVERS\serenum.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\serial.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\sffdisk.sys ==> MD5 is legit
- C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\sffp_sd.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\sfloppy.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\sptd.sys D41D8CD98F00B204E9800998ECF8427E
- C:\Windows\System32\DRIVERS\srv.sys 441FBA48BFF01FDB9D5969EBC1838F0B
- C:\Windows\System32\DRIVERS\srv2.sys B4ADEBBF5E3677CCE9651E0F01F7CC28
- C:\Windows\System32\DRIVERS\srvnet.sys 27E461F0BE5BFF5FC737328F749538C3
- C:\Windows\System32\DRIVERS\ssadbus.sys 52D6F40B50ECFC051979FEC68E74F0F8
- C:\Windows\System32\DRIVERS\ssadmdfl.sys D6CFD3B2EABCF9327DE39C62BABFA1E3
- C:\Windows\System32\DRIVERS\ssadmdm.sys 5EB01E6148742C3EC2185AC92F6D16FD
- C:\Windows\System32\DRIVERS\ssadserd.sys FF20F67DD5644BD1D2E7FCD95AF7F03B
- C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
- C:\Windows\System32\drivers\vmstorfl.sys ==> MD5 is legit
- C:\Windows\system32\drivers\storvsc.sys ==> MD5 is legit
- C:\Windows\system32\drivers\swenum.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\tap0901.sys 3B73C849B41FB20D77B0E553214061A5
- C:\Windows\System32\drivers\tcpip.sys DB74544B75566C974815E79A62433F29
- C:\Windows\System32\DRIVERS\tcpip.sys DB74544B75566C974815E79A62433F29
- C:\Windows\System32\drivers\tcpipreg.sys 1B16D0BD9841794A6E0CDE0CEF744ABC
- C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
- C:\Windows\System32\drivers\tdtcp.sys 51C5ECEB1CDEE2468A1748BE550CFBC8
- C:\Windows\System32\DRIVERS\tdx.sys ==> MD5 is legit
- C:\Windows\system32\drivers\termdd.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\tssecsrv.sys 4CE278FC9671BA81A138D70823FCAA09
- C:\Windows\System32\drivers\tsusbflt.sys 17C6B51CBCCDED95B3CC14E22791F85E
- C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
- C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
- C:\Windows\system32\drivers\umbus.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
- C:\Windows\System32\Drivers\usbaapl64.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\lgx64bus.sys C85B8247FADD432FA54FE11667C8D97D
- C:\Windows\System32\DRIVERS\usbccgp.sys 6F1A3157A1C89435352CEB543CDB359C
- C:\Windows\system32\drivers\usbcir.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\lgx64diag.sys D8CDC12F5429878F23DDB3785A0FDF95
- C:\Windows\System32\DRIVERS\usbehci.sys C025055FE7B87701EB042095DF1A2D7B
- C:\Windows\System32\DRIVERS\usbhub.sys 287C6C9410B111B68B52CA298F7B8C24
- C:\Windows\System32\DRIVERS\lgx64modem.sys 79FA7A22B0F6F0082F640CBC82A00FCE
- C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
- C:\Windows\System32\drivers\usbser.sys 0F0C72A657C622286013788B886968AD
- C:\Windows\System32\DRIVERS\USBSTOR.SYS FED648B01349A3C8395A5169DB5FB7D6
- C:\Windows\System32\DRIVERS\usbuhci.sys 62069A34518BCF9C1FD9E74B3F6DB7CD
- C:\Windows\System32\Drivers\usbvideo.sys 454800C2BC7F3927CE030141EE4F4C50
- C:\Windows\system32\drivers\usb8023x.sys 7B28E2FBE75115660FAB31079C0A9F29
- C:\Windows\System32\DRIVERS\VClone.sys FD911873C0BB6945FA38C16E9A2B58F9
- C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
- C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
- C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
- C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
- C:\Windows\System32\drivers\vmbus.sys ==> MD5 is legit
- C:\Windows\system32\drivers\VMBusHID.sys ==> MD5 is legit
- C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
- C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
- C:\Windows\System32\drivers\volsnap.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\vwififlt.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\vwifimp.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
- C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
- C:\Windows\System32\drivers\Wdf01000.sys 442783E2CB0DA19873B7A63833FF4CB4
- C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
- C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
- C:\Windows\SysWow64\drivers\wimmount.sys ==> MD5 is legit
- C:\Windows\System32\DRIVERS\WinUsb.sys FE88B288356E7B47B74B13372ADD906D
- C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
- C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
- C:\Windows\System32\drivers\VirtualAudio.sys ADD2FE1A9F4EE41A6D724819550D4E1F
- C:\Windows\System32\drivers\WudfPf.sys AB886378EEB55C6C75B4F2D14B6C869F
- C:\Windows\System32\DRIVERS\WUDFRd.sys DDA4CAF29D8C0A297F886BFE561E6659
- C:\Windows\System32\Drivers\ahr9spj4.sys
- ==================== NetSvcs (Whitelisted) ===================
- ==================== One Month Created Files and Folders ========
- 2013-08-20 19:45 - 2013-08-20 19:45 - 00358507 _____ (Farbar) C:\Users\Koester\Desktop\FSS.exe
- 2013-08-20 19:44 - 2013-08-20 19:44 - 01576208 _____ (Farbar) C:\Users\Koester\Desktop\FRST64.exe
- 2013-08-20 19:28 - 2013-08-20 19:28 - 00026395 _____ C:\ComboFix.txt
- 2013-08-20 19:12 - 2013-08-20 19:12 - 00000552 _____ C:\Windows\PFRO.log
- 2013-08-20 18:02 - 2013-08-20 19:29 - 00000000 ____D C:\Qoobox
- 2013-08-20 18:02 - 2013-08-20 18:29 - 00000000 ____D C:\Windows\erdnt
- 2013-08-20 18:02 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
- 2013-08-20 18:02 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
- 2013-08-20 18:02 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
- 2013-08-20 18:02 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
- 2013-08-20 18:02 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
- 2013-08-20 18:02 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
- 2013-08-20 18:02 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
- 2013-08-20 18:02 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
- 2013-08-20 18:01 - 2013-08-20 17:58 - 05106564 ____R (Swearware) C:\Users\Koester\Desktop\ComboFix.exe
- 2013-08-20 16:42 - 2013-08-20 16:52 - 00176538 _____ C:\Users\Koester\Desktop\OTL.Txt
- 2013-08-20 13:09 - 2013-08-20 13:18 - 00000000 ____D C:\AdwCleaner
- 2013-08-20 13:08 - 2013-08-20 13:09 - 00800594 _____ C:\Users\Koester\Downloads\adwcleaner.exe
- 2013-08-20 13:06 - 2013-08-20 13:06 - 00584600 _____ C:\Users\Koester\Desktop\cbsidlm-tr1_14-AdwCleaner-ORG-75851221.exe
- 2013-08-20 13:02 - 2013-08-20 13:02 - 04745728 _____ (AVAST Software) C:\Users\Koester\Desktop\aswMBR-1.exe
- 2013-08-20 13:02 - 2013-08-20 13:02 - 00666633 _____ C:\Users\Koester\Desktop\2-adwcleaner.bin
- 2013-08-20 12:05 - 2013-08-20 17:40 - 00001064 _____ C:\Users\Koester\Desktop\Crashreport.txt
- 2013-08-20 10:55 - 2013-08-20 10:55 - 00085040 _____ C:\Users\Koester\Desktop\Extras.Txt
- 2013-08-20 10:32 - 2013-08-20 10:29 - 00602112 _____ (OldTimer Tools) C:\Users\Koester\Desktop\OTL.exe
- 2013-08-20 09:53 - 2013-08-20 09:53 - 00000000 ____D C:\Users\Koester\AppData\Roaming\Avira
- 2013-08-20 09:48 - 2013-08-20 09:48 - 00002036 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
- 2013-08-20 09:48 - 2013-08-20 09:48 - 00000000 ____D C:\ProgramData\Avira
- 2013-08-20 09:48 - 2013-08-20 09:48 - 00000000 ____D C:\Program Files (x86)\Avira
- 2013-08-20 09:48 - 2012-05-02 15:24 - 00027760 _____ (Avira GmbH) C:\Windows\system32\Drivers\avkmgr.sys
- 2013-08-20 09:48 - 2012-04-27 10:20 - 00132832 _____ (Avira GmbH) C:\Windows\system32\Drivers\avipbb.sys
- 2013-08-20 09:48 - 2012-04-25 00:32 - 00098848 _____ (Avira GmbH) C:\Windows\system32\Drivers\avgntflt.sys
- 2013-08-20 09:45 - 2013-08-20 09:45 - 00011589 _____ C:\Users\Koester\Desktop\hijackthis2.log
- 2013-08-19 17:54 - 2013-08-19 17:54 - 00001079 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
- 2013-08-19 14:04 - 2013-08-19 14:04 - 00000000 ____D C:\Users\Koester\AppData\Roaming\Malwarebytes
- 2013-08-19 14:03 - 2013-08-19 20:24 - 00000000 ____D C:\Users\Koester\Desktop\Malwarebytes.Anti-Malware.v1.50.MULTILINGUAL.WORKING-CRD
- 2013-08-19 12:57 - 2013-08-20 13:08 - 00000000 ____D C:\Users\Koester\AppData\Local\Google
- 2013-08-17 06:44 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
- 2013-08-17 06:44 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
- 2013-08-17 06:44 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
- 2013-08-17 06:44 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
- 2013-08-17 06:44 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
- 2013-08-17 06:44 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
- 2013-08-17 06:44 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
- 2013-08-17 06:44 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
- 2013-08-17 06:44 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
- 2013-08-17 06:44 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
- 2013-08-17 06:44 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
- 2013-08-16 19:44 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
- 2013-08-16 19:44 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
- 2013-08-16 19:44 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
- 2013-08-16 19:44 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
- 2013-08-16 19:44 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
- 2013-08-16 19:44 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
- 2013-08-16 19:44 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
- 2013-08-16 19:44 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
- 2013-08-16 19:44 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
- 2013-08-16 19:44 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
- 2013-08-16 19:44 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
- 2013-08-16 19:44 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
- 2013-08-16 19:44 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
- 2013-08-16 19:44 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
- 2013-08-16 19:44 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
- 2013-08-16 19:44 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
- 2013-08-16 19:44 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
- 2013-08-16 19:44 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
- 2013-08-16 19:44 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
- 2013-08-16 19:44 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
- 2013-08-16 19:44 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
- 2013-08-16 19:44 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
- 2013-08-16 19:44 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
- 2013-08-16 19:44 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
- 2013-08-16 19:44 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
- 2013-08-16 19:44 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
- 2013-08-16 19:44 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
- 2013-08-16 19:44 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
- 2013-08-16 19:44 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
- 2013-08-16 19:44 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
- 2013-08-16 19:44 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
- 2013-08-16 19:30 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
- 2013-08-16 19:30 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
- 2013-08-16 19:30 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
- 2013-08-16 19:30 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
- 2013-08-16 19:30 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
- 2013-08-16 19:30 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
- 2013-08-16 19:30 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
- 2013-08-16 19:30 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
- 2013-08-16 19:30 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
- 2013-08-16 19:30 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
- 2013-08-16 19:30 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
- 2013-08-16 19:30 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
- 2013-08-16 19:29 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
- 2013-08-16 19:29 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
- 2013-08-16 19:29 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
- 2013-08-16 19:28 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
- 2013-08-12 07:58 - 2013-08-12 07:58 - 00000000 ____D C:\Program Files\Common Files\EPSON
- 2013-08-12 07:56 - 2009-10-01 03:01 - 00088064 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_IBCBGCE.DLL
- 2013-08-12 07:56 - 2008-11-12 03:00 - 00118784 _____ (SEIKO EPSON CORPORATION) C:\Windows\system32\E_ILMGCE.DLL
- 2013-08-12 07:56 - 2007-04-10 01:06 - 00010752 _____ (SEIKO EPSON CORP.) C:\Windows\system32\E_GCINST.DLL
- 2013-08-12 07:55 - 2013-08-12 07:58 - 00000000 ____D C:\ProgramData\EPSON
- 2013-08-12 07:55 - 2013-08-12 07:55 - 17026048 _____ C:\Users\Koester\Downloads\epson375000eu.exe
- 2013-08-04 00:04 - 2013-08-03 18:22 - 1992904476 _____ C:\Users\Koester\Desktop\ddlsource.com_Red 2.2013.TS.Xvid-EXTRA.avi
- 2013-07-26 00:29 - 2013-08-20 19:13 - 00004190 _____ C:\Windows\setupact.log
- 2013-07-26 00:29 - 2013-07-26 00:29 - 00000000 _____ C:\Windows\setuperr.log
- ==================== One Month Modified Files and Folders =======
- 2013-08-20 19:46 - 2013-08-20 19:46 - 00000000 ____D C:\FRST
- 2013-08-20 19:45 - 2013-08-20 19:45 - 00358507 _____ (Farbar) C:\Users\Koester\Desktop\FSS.exe
- 2013-08-20 19:44 - 2013-08-20 19:44 - 01576208 _____ (Farbar) C:\Users\Koester\Desktop\FRST64.exe
- 2013-08-20 19:29 - 2013-08-20 18:02 - 00000000 ____D C:\Qoobox
- 2013-08-20 19:28 - 2013-08-20 19:28 - 00026395 _____ C:\ComboFix.txt
- 2013-08-20 19:18 - 2009-07-14 06:45 - 00023280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
- 2013-08-20 19:18 - 2009-07-14 06:45 - 00023280 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
- 2013-08-20 19:17 - 2010-09-28 13:19 - 01726779 _____ C:\Windows\WindowsUpdate.log
- 2013-08-20 19:14 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
- 2013-08-20 19:13 - 2013-07-26 00:29 - 00004190 _____ C:\Windows\setupact.log
- 2013-08-20 19:13 - 2010-04-15 19:48 - 00000000 ____D C:\ProgramData\NVIDIA
- 2013-08-20 19:13 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
- 2013-08-20 19:12 - 2013-08-20 19:12 - 00000552 _____ C:\Windows\PFRO.log
- 2013-08-20 18:56 - 2013-03-17 22:36 - 00000000 ____D C:\Users\Koester\AppData\Roaming\vlc
- 2013-08-20 18:32 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
- 2013-08-20 18:29 - 2013-08-20 18:02 - 00000000 ____D C:\Windows\erdnt
- 2013-08-20 18:02 - 2009-07-14 07:08 - 00032620 _____ C:\Windows\Tasks\SCHEDLGU.TXT
- 2013-08-20 18:00 - 2012-02-17 13:43 - 00000000 ____D C:\Users\Koester\AppData\Roaming\Dropbox
- 2013-08-20 17:58 - 2013-08-20 18:01 - 05106564 ____R (Swearware) C:\Users\Koester\Desktop\ComboFix.exe
- 2013-08-20 17:40 - 2013-08-20 12:05 - 00001064 _____ C:\Users\Koester\Desktop\Crashreport.txt
- 2013-08-20 16:52 - 2013-08-20 16:42 - 00176538 _____ C:\Users\Koester\Desktop\OTL.Txt
- 2013-08-20 13:18 - 2013-08-20 13:09 - 00000000 ____D C:\AdwCleaner
- 2013-08-20 13:09 - 2013-08-20 13:08 - 00800594 _____ C:\Users\Koester\Downloads\adwcleaner.exe
- 2013-08-20 13:09 - 2010-04-11 19:03 - 00000000 ___RD C:\Users\Koester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
- 2013-08-20 13:08 - 2013-08-19 12:57 - 00000000 ____D C:\Users\Koester\AppData\Local\Google
- 2013-08-20 13:07 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Resources
- 2013-08-20 13:06 - 2013-08-20 13:06 - 00584600 _____ C:\Users\Koester\Desktop\cbsidlm-tr1_14-AdwCleaner-ORG-75851221.exe
- 2013-08-20 13:02 - 2013-08-20 13:02 - 04745728 _____ (AVAST Software) C:\Users\Koester\Desktop\aswMBR-1.exe
- 2013-08-20 13:02 - 2013-08-20 13:02 - 00666633 _____ C:\Users\Koester\Desktop\2-adwcleaner.bin
- 2013-08-20 10:55 - 2013-08-20 10:55 - 00085040 _____ C:\Users\Koester\Desktop\Extras.Txt
- 2013-08-20 10:29 - 2013-08-20 10:32 - 00602112 _____ (OldTimer Tools) C:\Users\Koester\Desktop\OTL.exe
- 2013-08-20 09:53 - 2013-08-20 09:53 - 00000000 ____D C:\Users\Koester\AppData\Roaming\Avira
- 2013-08-20 09:48 - 2013-08-20 09:48 - 00002036 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
- 2013-08-20 09:48 - 2013-08-20 09:48 - 00000000 ____D C:\ProgramData\Avira
- 2013-08-20 09:48 - 2013-08-20 09:48 - 00000000 ____D C:\Program Files (x86)\Avira
- 2013-08-20 09:45 - 2013-08-20 09:45 - 00011589 _____ C:\Users\Koester\Desktop\hijackthis2.log
- 2013-08-20 09:44 - 2011-11-19 12:59 - 00000000 ____D C:\Users\Koester\Desktop\Tools
- 2013-08-19 20:24 - 2013-08-19 14:03 - 00000000 ____D C:\Users\Koester\Desktop\Malwarebytes.Anti-Malware.v1.50.MULTILINGUAL.WORKING-CRD
- 2013-08-19 20:24 - 2013-03-23 11:30 - 00000000 ____D C:\Program Files (x86)\Orcs Must Die!
- 2013-08-19 17:55 - 2010-12-12 17:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
- 2013-08-19 17:54 - 2013-08-19 17:54 - 00001079 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
- 2013-08-19 14:04 - 2013-08-19 14:04 - 00000000 ____D C:\Users\Koester\AppData\Roaming\Malwarebytes
- 2013-08-19 13:32 - 2013-02-18 08:51 - 00011924 _____ C:\Users\Koester\Desktop\hijackthis.log
- 2013-08-19 13:02 - 2012-03-29 13:09 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
- 2013-08-19 13:02 - 2011-05-27 18:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
- 2013-08-19 12:57 - 2010-05-07 01:24 - 00000000 ____D C:\Program Files (x86)\Google
- 2013-08-17 08:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
- 2013-08-16 19:38 - 2010-04-12 01:58 - 00697842 _____ C:\Windows\system32\perfh007.dat
- 2013-08-16 19:38 - 2010-04-12 01:58 - 00148874 _____ C:\Windows\system32\perfc007.dat
- 2013-08-16 19:38 - 2009-07-14 07:13 - 01640804 _____ C:\Windows\system32\PerfStringBackup.INI
- 2013-08-16 19:33 - 2013-07-12 08:00 - 00000000 ____D C:\Windows\system32\MRT
- 2013-08-16 19:31 - 2010-02-10 08:16 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
- 2013-08-12 07:58 - 2013-08-12 07:58 - 00000000 ____D C:\Program Files\Common Files\EPSON
- 2013-08-12 07:58 - 2013-08-12 07:55 - 00000000 ____D C:\ProgramData\EPSON
- 2013-08-12 07:55 - 2013-08-12 07:55 - 17026048 _____ C:\Users\Koester\Downloads\epson375000eu.exe
- 2013-08-03 18:22 - 2013-08-04 00:04 - 1992904476 _____ C:\Users\Koester\Desktop\ddlsource.com_Red 2.2013.TS.Xvid-EXTRA.avi
- 2013-07-31 20:33 - 2013-06-02 18:20 - 00000000 ____D C:\Users\Koester\AppData\Roaming\Winamp
- 2013-07-29 08:24 - 2010-04-11 19:30 - 00000000 ____D C:\Users\Koester\Desktop\JDownloader 0.8.9
- 2013-07-26 07:13 - 2013-08-16 19:44 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
- 2013-07-26 07:13 - 2013-08-16 19:44 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
- 2013-07-26 07:13 - 2013-08-16 19:44 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
- 2013-07-26 07:12 - 2013-08-16 19:44 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
- 2013-07-26 07:12 - 2013-08-16 19:44 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
- 2013-07-26 07:12 - 2013-08-16 19:44 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
- 2013-07-26 07:12 - 2013-08-16 19:44 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
- 2013-07-26 07:12 - 2013-08-16 19:44 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
- 2013-07-26 07:12 - 2013-08-16 19:44 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
- 2013-07-26 07:12 - 2013-08-16 19:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
- 2013-07-26 07:12 - 2013-08-16 19:44 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
- 2013-07-26 07:12 - 2013-08-16 19:44 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
- 2013-07-26 07:12 - 2013-08-16 19:44 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
- 2013-07-26 07:12 - 2013-08-16 19:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
- 2013-07-26 05:35 - 2013-08-16 19:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
- 2013-07-26 05:13 - 2013-08-16 19:44 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
- 2013-07-26 05:13 - 2013-08-16 19:44 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
- 2013-07-26 05:12 - 2013-08-16 19:44 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
- 2013-07-26 05:12 - 2013-08-16 19:44 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
- 2013-07-26 05:12 - 2013-08-16 19:44 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
- 2013-07-26 05:12 - 2013-08-16 19:44 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
- 2013-07-26 05:12 - 2013-08-16 19:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
- 2013-07-26 05:12 - 2013-08-16 19:44 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
- 2013-07-26 05:12 - 2013-08-16 19:44 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
- 2013-07-26 05:12 - 2013-08-16 19:44 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
- 2013-07-26 05:12 - 2013-08-16 19:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
- 2013-07-26 05:11 - 2013-08-16 19:44 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
- 2013-07-26 05:11 - 2013-08-16 19:44 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
- 2013-07-26 04:49 - 2013-08-16 19:44 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
- 2013-07-26 04:39 - 2013-08-16 19:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
- 2013-07-26 03:59 - 2013-08-16 19:44 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
- 2013-07-26 00:29 - 2013-07-26 00:29 - 00000000 _____ C:\Windows\setuperr.log
- 2013-07-25 11:25 - 2013-08-16 19:30 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
- 2013-07-25 10:57 - 2013-08-16 19:30 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
- 2013-07-22 23:08 - 2010-04-18 03:32 - 00000000 ____D C:\Windows\Minidump
- 2013-07-21 21:26 - 2013-06-02 18:32 - 00000000 ____D C:\Users\Koester\AppData\Roaming\MediaMonkey
- ==================== Bamital & volsnap Check =================
- C:\Windows\System32\winlogon.exe => MD5 is legit
- C:\Windows\System32\wininit.exe => MD5 is legit
- C:\Windows\SysWOW64\wininit.exe => MD5 is legit
- C:\Windows\explorer.exe => MD5 is legit
- C:\Windows\SysWOW64\explorer.exe => MD5 is legit
- C:\Windows\System32\svchost.exe => MD5 is legit
- C:\Windows\SysWOW64\svchost.exe => MD5 is legit
- C:\Windows\System32\services.exe => MD5 is legit
- C:\Windows\System32\User32.dll => MD5 is legit
- C:\Windows\SysWOW64\User32.dll => MD5 is legit
- C:\Windows\System32\userinit.exe => MD5 is legit
- C:\Windows\SysWOW64\userinit.exe => MD5 is legit
- C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
- ==================== BCD ================================
- Windows-Start-Manager
- ---------------------
- Bezeichner {bootmgr}
- device partition=C:
- description Windows Boot Manager
- locale en-US
- inherit {globalsettings}
- default {current}
- resumeobject {853fb1a6-45de-11df-97e1-cf38b467fcf9}
- displayorder {current}
- toolsdisplayorder {memdiag}
- timeout 30
- Windows-Startladeprogramm
- -------------------------
- Bezeichner {current}
- device partition=C:
- path \Windows\system32\winload.exe
- description Windows 7
- locale en-US
- inherit {bootloadersettings}
- recoverysequence {853fb1a8-45de-11df-97e1-cf38b467fcf9}
- recoveryenabled Yes
- osdevice partition=C:
- systemroot \Windows
- resumeobject {853fb1a6-45de-11df-97e1-cf38b467fcf9}
- nx OptIn
- Windows-Startladeprogramm
- -------------------------
- Bezeichner {853fb1a8-45de-11df-97e1-cf38b467fcf9}
- device ramdisk=[C:]\Recovery\853fb1a8-45de-11df-97e1-cf38b467fcf9\Winre.wim,{853fb1a9-45de-11df-97e1-cf38b467fcf9}
- path \windows\system32\winload.exe
- description Windows Recovery Environment
- inherit {bootloadersettings}
- osdevice ramdisk=[C:]\Recovery\853fb1a8-45de-11df-97e1-cf38b467fcf9\Winre.wim,{853fb1a9-45de-11df-97e1-cf38b467fcf9}
- systemroot \windows
- nx OptIn
- winpe Yes
- Wiederaufnahme aus dem Ruhezustand
- ----------------------------------
- Bezeichner {853fb1a6-45de-11df-97e1-cf38b467fcf9}
- device partition=C:
- path \Windows\system32\winresume.exe
- description Windows Resume Application
- locale en-US
- inherit {resumeloadersettings}
- filedevice partition=C:
- filepath \hiberfil.sys
- debugoptionenabled No
- Windows-Speichertestprogramm
- ----------------------------
- Bezeichner {memdiag}
- device partition=C:
- path \boot\memtest.exe
- description Windows Memory Diagnostic
- locale en-US
- inherit {globalsettings}
- badmemoryaccess Yes
- EMS-Einstellungen
- -----------------
- Bezeichner {emssettings}
- bootems Yes
- Debuggereinstellungen
- ---------------------
- Bezeichner {dbgsettings}
- debugtype Serial
- debugport 1
- baudrate 115200
- RAM-Defekte
- -----------
- Bezeichner {badmemory}
- Globale Einstellungen
- ---------------------
- Bezeichner {globalsettings}
- inherit {dbgsettings}
- {emssettings}
- {badmemory}
- Startladeprogramm-Einstellungen
- -------------------------------
- Bezeichner {bootloadersettings}
- inherit {globalsettings}
- {hypervisorsettings}
- Hypervisoreinstellungen
- -------------------
- Bezeichner {hypervisorsettings}
- hypervisordebugtype Serial
- hypervisordebugport 1
- hypervisorbaudrate 115200
- Einstellungen zur Ladeprogrammfortsetzung
- -----------------------------------------
- Bezeichner {resumeloadersettings}
- inherit {globalsettings}
- Ger„teoptionen
- --------------
- Bezeichner {853fb1a9-45de-11df-97e1-cf38b467fcf9}
- description Ramdisk Options
- ramdisksdidevice partition=C:
- ramdisksdipath \Recovery\853fb1a8-45de-11df-97e1-cf38b467fcf9\boot.sdi
- LastRegBack: 2013-08-12 02:55
- ==================== End Of Log ============================
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement